UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach
The Information Commissioner’s Office (ICO) has fined the UK government £500,000 for unwittingly exposing the personal data of 1,097 New Year Honours recipients.
The incident occurred on December 27, 2019, when the Cabinet Office published a file containing the names and addresses of over 1,000 people, including prominent public figures and more than a dozen MoD employees and senior counter-terrorism officers.
The data was exposed due to an IT system misconfiguration at the Honours and Appointments Secretariat (HAS) that mistakenly generated a CSV file including the postal addresses of New Years Honours recipients.
“Due to tight timescales to get the New Year Honours list published, the HAS operations team decided to amend the file instead of modifying the IT system. However, each time a new file version was generated, the postal address data was automatically included in the file,” the ICO explained.
The data was published at 10.30 pm on Friday and accessed 3,872 times in just two hours and 21 minutes, according to the ICO investigation.
“When data breaches happen, they have real life consequences. In this case, more than 1,000 people were affected,” said Steve Eckersley, ICO Director of Investigations. “At a time when they should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed. The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.”
The ICO said it received three complaints from affected individuals, while the Cabinet Office was contacted by 27 people who expressed security concerns. Since the incident, the Cabinet Office has improved its security and reviewed its data-handling procedures.
Not sure what to do when your data is involved in a data breach or leak? Use Bitdefender’s Digital Identity Protection service to get alerts for data breaches and privacy threats. You get instant access to a mapping of your digital accounts and publicly available data, allowing you to assess your risk levels using only the information provided in the onboarding process (email address and phone number). You can stop worrying about what to do next. The service gives you easy-to-follow one-click action items that allow you to instantly shut down any weak points in your digital footprint.
Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds
December 21, 2021
Online Shoppers Beware, Mobile Scams Are on the Rise
December 17, 2021
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021