Regulator issues fine after data breach
A UK firm, based in Berkshire falls foul of the data protection legislation, after it suffered a cyber-attack having failed to take appropriate technical measures against the unauthorised or unlawful processing of personal data.The company, who were using WordPress at the time, was issued with a monetary penalty (fine) of £60,000 by the Information Commissioners Office (ICO), who regulates the data protection legislation in the UK. The full details of the monetary penalty (fine) and the reasoning are on the ICO’s website.
Recommendation: Turn any speakers down, before playing
“Regardless of your size, if you are a business that handles personal information then data protection laws apply to you”. “If a company is subject to a cyber attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.”Source : Sally Anne Poole, ICO enforcement manager – Warning to SME’s
Reading the report, it confirms amongst others things;
- The need for penetration testing of websites to ensure no known vulnerabilities exist.
- That strong/complex passwords are needed and to avoid using part of the organisations name within the password(s).
- The importance of securing, updating and maintaining your WordPress site.
- What is ‘Data’
- What is ‘Personal Data’
- Please remember while watching the video that firstname.lastname@domain emails may be classified as personal data!