‘Tis the season for data breaches

9 November 2025

Managing data breaches in the ‘silly season’

Halloween has passed and the countdown to Christmas has begun, with only 6 full working weeks remaining before many people turn off their laptops.

This period before Christmas holidays can be intense. There is pressure to deliver projects and close out work before logging off, including social occasions, children’s concerts and prep for the big day. The frantic pace leads to rushed decision-making, multitasking to the extreme, and increased vulnerability to human error. Both accidental mistakes and deliberate cyber-attacks surge during this high-pressure period.

Human error in the rush

Simple mistakes become more likely when people are multitasking and working at speed. Common examples include:

•  Emails sent to the wrong recipient or with incorrect attachments containing personal data

• A single mis-click when selecting an email address from autocomplete can lead to unauthorised disclosure of personal data

• Hasty file sharing without proper checks can result in sending the wrong version of a document with unredacted personal data

These easy errors can result in data breaches, which may be reportable to data subjects and/or data protection authorities.

The importance of pausing

While we need to move at speed in the workplace, it is important to remind employees that it is not just ok to pause before hitting send – it is essential. Taking an extra few seconds to verify the recipient email address or to double-check attachments before sending can prevent a major breach.

Those extra few seconds could save hours, even days in managing a data breach.

Cybercriminals exploit these busy periods

Attackers know this is prime time to exploit busy employees and human vulnerabilities.

Phishing emails increase dramatically during this period, often disguised as holiday-themed messages e.g. shopping discounts, invites to events, demand for payment before year end.

Cybercriminals use sophisticated social engineering tactics that prey on holiday distraction. The emotional and time pressures of the season make people more susceptible to manipulation. Cybercriminals may impersonate senior executives requesting urgent action including payment transfers before year end.

Employees need to remain vigilant and take that extra moment to scrutinise emails for red flags. Remind staff to be vigilant of:

• Suspicious sender addresses

• Urgent language, which is designed to trigger the employee into immediate action, without critical thinking

• Unexpected requests for information or action

Training employees to recognise these tactics is essential year-round, but a reminder now could prevent a serious incident.

The 72-hour reality

Despite the festive chaos and fun, legal obligations do not pause for Christmas parties or annual leave.

When a breach occurs, data controllers have, where the reporting threshold is reached,  up to 72 hours to report it to the relevant data protection authorities. This timeline does not stop for weekends, holidays, or skeleton staff periods.

Prevention and preparedness

The silly season does not have to mean security lapses. Proactive communication with staff about heightened risks can prevent many breaches. A moment of caution before clicking send could save your organisation from regulatory action, reputational damage, and the stress of managing a breach over the holidays.

Having a clear incident response plan in place is crucial. Designate responsible parties who will be available throughout the holiday period and ensure contact details and escalation procedures are current and accessible.

Remind your employees:

• To pause before sending an email, before clicking a link

• If something looks a bit off, then it probably is

• It is better to check and be sure than to take a chance

• If they do cause a breach, report it in line with your organisation’s procedures

  
  

For any queries on this article or how Rock Consultancy can support your organisation, please contact us at info@rockconsultancy.ie