For the Panama papers hack, the use of unencrypted emails and old versions of WordPress on the website and Drupal for the portal used by customers to access sensitive data, have been highlighted as possible causes. The other two hacks appear to have been via websites, which could be the result of incomplete testing or the setup of the hosting environment.
Even without firm evidence of the causes, there are two obvious lessons for all businesses:
- Make sure you are running the latest versions of software - in your office, on your website and any portals for staff or client use
- Seek advice on what technology and processes are appropriate for the information being handled. For example, if you have a website that handles client and/or personal data get assurances from the developer that it has been properly tested - ideally with a 'penetration test' that looks for flaws that can be exploited by criminals - and data is encrypted so if an unauthorised party did get access they could not read it