Information Commissioners Office (ICO)
Data leaks on any level now are taken very seriously by the ICO and heavy fines are being imposed.
In our modern digital world companies have to be so careful in protecting the data they have from being stolen. This is not only for live data but also data that is on machines like old computers and documents for example.
On the 28th February 2014 the British Pregnancy Advice Service (BPAS) was fines by the ICO £200,000 for a serious data breach.
On the 8th March 2012, an attacker used an automated tool to identify website vulnerabilities in an attempt to gain unauthorised access to the BPAS website content Management System (CMS). Such tools are widely available on the internet to target well known vulnerabilities and poor website coding practices. BPAS were alerted to the incident by staff when it was noticed that the BPAS website had been defaced by the attacker.
The BPAS website enabled users to request a call back for advice. To access the call back service, users had to use a web form to submit their contact details to BPAS. The website retained a copy of the call back details of approximately 9,900 individuals unnecessarily and this information was available to the attacker once he gained access to the CMS. The call back details consisted of the user’s name, date of birth, address and telephone number.
The attacker targeted the BPAS website because he disagreed with abortion and wanted to cause trouble for the organisation which is the largest provider of abortion services in the UK. He did not expect to gain access to the call back details but having done so, the attacker publicly expressed his intention to publish the names of the individuals whose details were held on the site. Fortunately the attacker did not publish this information which was recovered by the police following an injunction obtained by the BPAS. However this does highlight the importance of completely eradicating data once it is no longer needed.
|Call us today on 01279 215000 to find out how we can help you dispose of your IT equipment in a socially responsible way.|