News

Roll call of major data breaches reaches 100 in six months, says ICO

Antony Savvas

The UK's information commissioner, Richard Thomas, is warning chief executives of the vital importance of protecting staff and customers' personal information, following an "alarming number of security breaches" reported to his office in the past six months.

Since the security breach at HM Revenue & Customs in November last year, the Information Commissioner's Office (ICO) has been notified of almost 100 data breaches by public, private and third sector organisations.

Of the security breaches that the ICO has been made aware of by private sector organisations, 50% were reported by financial institutions.

Of those reported by public bodies, almost a third occurred in central government and associated agencies, and a fifth in NHS organisations.

Thomas said, "It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring.

"The government, banks and other organisations need to regain the public's trust by being far more careful with people's personal information. Once again, I urge business and public sector leaders to make data protection a priority in their organisation."

Information that has recently gone missing includes unencrypted laptops and computer discs, memory sticks and paper records. Information has been stolen, gone missing in the post and while in transit with a courier. The material includes a wide range of personal details, including financial and health records.

The ICO is investigating the circumstances of the breaches. In 16 cases, the ICO has required the organisation to make procedural changes to improve data security, such as encryption. In only three instances has the lost information been recovered.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy