The popular techno festival in the Netherlands, DGTL, has leaked the personal information of around 130 thousand visitors including usernames, passwords, email addresses, phone numbers, full names, and birth dates. The data leaked was a consequence of using legacy systems, vulnerable to hacking (NU, 2022). The use of simple encryptions, labeled as outdated and broken in 2008, made it possible for hackers to simply obtain the visitors information in several minutes (rtlnieuws, 2022).
Legacy systems are old outdated systems that are still used by organizations as they remain to perform the tasks they are meant to do. As companies change because of changing economies, new laws, or other effects, normally IT systems would have to innovate equal to these changing conditions. This vision is not very likely to follow as IT systems can last for multiple years and technology is evolving on a higher rate, meaning that companies would have to innovate their systems equally, which is unlikely to do for multiple reasons (Carrero, 2021).
First, companies do not replace their systems as their systems are still fulfilling their task contributing to their missions. Also, the investments in new systems could not have been covered yet which makes reinvesting in new systems financially irresponsible. Next to financial resources, IT skills, staff, and time, are of great importance to substitute legacy systems. Taking these challenges into account, companies may decide to run their business on legacy systems, accepting the potential risk arising of it (Carrero, 2021).
Next to the risk of data leaks as in the case of DGTL, companies could expect the followings risks and issues:
- Maintaining those systems could be very costly as 60 to 80 percent of IT’s budget would go to maintaining to systems and keep them online.
- As companies are using their data more and more for analytics, issues could arise caused by the effects of unstructured data.
- In most cases old systems are less convenient and efficient, meaning employees being less productive and enjoying their work to a lesser extent.
- Using legacy systems could lead to a bad brand reputation causing the loss of customers and being less attractive to potential customers (Rashleigh, 2019).
In short, companies should be aware of their legacy systems in use, and the impact on their business. In the case of DGTL this has caused a widely spread news article about their outdated systems and the leaked data about their visitors causing brand damage.
References:
Carrero, L. (2022, August 24). What is a legacy system? Stackscale. Available at: https://www.stackscale.com/blog/legacy-systems/#Why_are_legacy_systems_still_used
Rashleigh, P. (July 24, 2019). The cost of legacy IT. Available at: https://audacia.co.uk/blog/cost-of-legacy-systems
RTL Nieuws. (September 9, 2022) Festival DGTL lekt wachtwoorden en privégegevens 130.000 bezoekers. Available at: https://www.rtlnieuws.nl/nieuws/nederland/artikel/5332177/dgtl-datalek-wachtwoorden-privegegevens-bezoekers-hacker
NU.nl. (2022, September 9). Gegevens van 130.000 bezoekers festival DGTL op straat door datalek. Available at: https://www.nu.nl/tech/6222999/gegevens-van-130000-bezoekers-festival-dgtl-op-straat-door-datalek.html#nujij