Regulator issues fine after data breach
A UK firm, based in Berkshire falls foul of the data protection legislation, after it suffered a cyber-attack having failed to take appropriate technical measures against the unauthorised or unlawful processing of personal data.
The company, who were using WordPress at the time, was issued with a monetary penalty (fine) of £60,000 by the Information Commissioners Office (ICO), who regulates the data protection legislation in the UK.
The full details of the monetary penalty (fine) and the reasoning are on the ICO’s website.
Recommendation: Turn any speakers down, before playing
“Regardless of your size, if you are a business that handles personal information then data protection laws apply to you”.
“If a company is subject to a cyber attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.”
Source : Sally Anne Poole, ICO enforcement manager – Warning to SME’s
Reading the report, it confirms amongst others things;
- The need for penetration testing of websites to ensure no known vulnerabilities exist.
- That strong/complex passwords are needed and to avoid using part of the organisations name within the password(s).
- The importance of securing, updating and maintaining your WordPress site.
We have produced this short video, very briefly explaining the ‘basics’ of the legislation:-
- What is ‘Data’
- What is ‘Personal Data’
- Please remember while watching the video that firstname.lastname@domain emails may be classified as personal data!
Data Breaches in whatever form, be it cyber related or otherwise are devastating to those affected causing possible damage and distress.
The new data protection legislation (GDPR), being enforced from May 2018, introduces a right to compensation for those ‘Data Subjects’ (individuals) affected.