ICO

Rogue employee receives 6 month sentence in ICO Computer Misuse Act prosecution

November 22, 2018

A motor trade employee has received a six month prison sentence for accessing customer information and then sharing with claims management  companies. This is the first ICO prosecution which under the Computer Misuse Act 1990 which carries a potential prison sentence rather than the Data Protection Acts of 1998 and 2018. The rogue employee accessed…

Read More

Cyber Security: – shouldn’t be news – servers need regular patching

September 13, 2018

You should patch your server at least every thirty days…not only to achieve your Cyber Essentials Plus requirement once a year The benefits of the Government backed Cyber Essentials scheme as a first step to cyber security for your business are shared by the National Cyber Security Centre, The Information Commissioners Office and Devon and Cornwall…

Read More

Dixons Carphone Breach involving 1.2m customers details and 5.9m payment cards.

June 13, 2018

In January 2018 Carphone Warehouse received a £400,000 fine as a result of a breach in 2015, six months later Dixons Carphone is reporting that it has suffered another incident. Dixons Carphone have issued a statement saying that they are currently investigating breach which indicates that there was an attempt to compromise 5.9 million cards…

Read More

Yahoo! UK fined £250k for data breach involving 500,000 customer details

May 21, 2018

Yahoo! UK Services Limited has been fined £250,000 as a result of serious inadequacies in technical and organisational controls which lead to 515,121 customer details being stolen. The Customer details included user names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted and unencrypted security questions. The personal details were removed from the…

Read More

Learn why a simple penetration test could have avoided a £60k fine

July 17, 2017

The ICO has issued a £60,000 fine to Boomerang Video Ltd after it suffered a cyber attack. By Roz Woodward An investigation by the ICO found the Berkshire-based company failed to take basic steps to stop its website being attacked. The ICO found that the company had failed to carry out regular penetration tests which should have…

Read More

PCI Council warns new EU regulation could see average fines of £13k per small business for cyber security breach

October 20, 2016

The PCI SSC (Payment Card Industry Security Standards Council) warns UK firms of 60-130 fold increase in fines under General Data Protection Regulation Jeremy King, international director at the PCI Security Standards Council (PCI SSC)  said: “The new EU legislation will be an absolute game-changer for both large organisations and SMEs. “The regulator will be…

Read More

Responsibility for cyber security can not be outsourced, the board needs to take control.

September 28, 2016

Directors believe there should be tougher punishments for inadequate cyber security. The majority of decision makers, however, are unaware of the Cyber Essentials scheme. The board needs to take control and ‘own’ their cyber security. An article in the Telegraph recently reported that the majority of directors believe that companies should face more severe punishments…

Read More

The ICO changes reporting on cyber incidents

September 16, 2016

The Information Commissioners Office (ICO) has recently changed the way that it is reporting on cyber incidents to provide a more useful insight in to the different types of issue they are seeing. The ICO is reporting that between the months of April and June 2016 there were 50 cyber incidents, however these are only…

Read More

Should the ICO allow auto-renewal of registration without declaration?

March 16, 2016

The Information Commissioner’s Office ( ICO ) website is a great resource but we wonder if the ICO could reinforce the responsibilities of data controllers more effectively when registration is renewed every year. It is surprising that this process is simply an email informing you that your annual renewal has come round, and that this will automatically be renewed…

Read More

Information Commissioner warns firms that three year olds could hack sites

February 1, 2016

Sky News is reporting that the Information Commissioner has warned that hacking into company websites has become so simple that even a three-year-old can be shown how to do it. The Information Commissioner, Christopher Graham, has told MPs that  “how to do it” guides available online give such simple instructions on how to stage a…

Read More