2 min read

UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach

Alina BÎZGĂ

December 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach

The Information Commissioner’s Office (ICO) has fined the UK government £500,000 for unwittingly exposing the personal data of 1,097 New Year Honours recipients.

The incident occurred on December 27, 2019, when the Cabinet Office published a file containing the names and addresses of over 1,000 people, including prominent public figures and more than a dozen MoD employees and senior counter-terrorism officers.

The data was exposed due to an IT system misconfiguration at the Honours and Appointments Secretariat (HAS) that mistakenly generated a CSV file including the postal addresses of New Years Honours recipients.

“Due to tight timescales to get the New Year Honours list published, the HAS operations team decided to amend the file instead of modifying the IT system. However, each time a new file version was generated, the postal address data was automatically included in the file,” the ICO explained.

The data was published at 10.30 pm on Friday and accessed 3,872 times in just two hours and 21 minutes, according to the ICO investigation.

“When data breaches happen, they have real life consequences. In this case, more than 1,000 people were affected,” said Steve Eckersley, ICO Director of Investigations. “At a time when they should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed. The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.”

The ICO said it received three complaints from affected individuals, while the Cabinet Office was contacted by 27 people who expressed security concerns. Since the incident, the Cabinet Office has improved its security and reviewed its data-handling procedures.

Not sure what to do when your data is involved in a data breach or leak? Use Bitdefender’s Digital Identity Protection service to get alerts for data breaches and privacy threats. You get instant access to a mapping of your digital accounts and publicly available data, allowing you to assess your risk levels using only the information provided in the onboarding process (email address and phone number). You can stop worrying about what to do next. The service gives you easy-to-follow one-click action items that allow you to instantly shut down any weak points in your digital footprint.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Bank Indonesia Confirms Conti Ransomware Attack; Stolen Files Leaked Bank Indonesia Confirms Conti Ransomware Attack; Stolen Files Leaked
Vlad CONSTANTINESCU

January 21, 2022

1 min read
Crypto.com Confirms $34 Million Hack Compromised 483 User Accounts Crypto.com Confirms $34 Million Hack Compromised 483 User Accounts
Vlad CONSTANTINESCU

January 21, 2022

1 min read
Moncler Confirms Data Breach After Ransomware Gang Advertises ‘Rich Customer’ Data on Leak Website Moncler Confirms Data Breach After Ransomware Gang Advertises ‘Rich Customer’ Data on Leak Website
Alina BÎZGĂ

January 19, 2022

2 min read