Boris Johnson's Cabinet Office Fined £500k For Leaking Data

The UK’s Information Commissioner’s Office (ICO) has fined the Cabinet Office £500,000 for a 2020 data leak that exposed the full names and addresses of the New Year Honours recipients on its gov.uk web page. The Cabinet Office a department of the British government directly responsible for supporting Prime Minister Boris Johnson. Over a 1,000 people were affected by the leak, with some complaining that they felt concerned for their personal safety. 

The ICO said the Cabinet Office had broken the Data Protection Act 2018 and was being charged according to the General Data Protection Regulations.

They included the addresses of includiing Sir Elton John, cricketer Ben Stokes, senior Tory Sir Iain Duncan Smith, TV chefs Nadiya Hussain and Ainsley Harriot, broadcaster Gabby Logan, Grease actress Olivia Newton-John and former director of public prosecutions Alison Saunders.

ICO found that the Cabinet Office had failed to put adequate measures in place to avoid such data breaches.
On 27 December 2019 the Cabinet Office published a file on GOV.UK containing the names and unredacted addresses of more than 1,000 people announced in the New Year Honours list. People from a wide range of professions across the UK were affected, including individuals with a high public profile.

After becoming aware of the data breach, the Cabinet Office removed the weblink to the file. However, the file was still cached and accessible online to people who had the exact webpage address. The personal data was available online for a period of two hours and 21 minutes and it was accessed 3,872 times.

The ICO also found that the Cabinet Office failed to implement the appropriate technical and organisational measures in its IT systems to protect the data of those affected.

The team responsible for generating and publishing the list were under tight deadlines, the ICO reported, and instead of fixing the system, it attempted to amend the file instead. However, each time a new file was generated, the .CSV file included full addresses.

Despite removing the file shortly after posted it online, a cached version remained accessible to the public. The ICO reported the file was accessed 3,872 times in the period of two hours and 21 minutes that it was online.

The Cabinet Office confirmed that there were no specific or written processes in place at the time to sign off documents and content containing personal data prior to being sent for publication. The Cabinet Office said it wanted to "reiterate" a previous apology it made over the incident. A Cabinet Office spokesperson said: “The Cabinet Office would like to reiterate our apology for this incident … We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again.”

ICO:     BBC:     ITPro:      Guardian:      Sky:    Daily Mail:      Computing:  

You Might Also Read: 

Over 40% Of UK Organisations Reported To ICO Since GDPR:

 

« Cyber Security In 2022
Britain's New Deals On Digital Trade & Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Strategic Cyber Ventures (SCV)

Strategic Cyber Ventures (SCV)

SCV grow cybersecurity companies that disrupt advanced cyber adversaries and revolutionize the cyber product marketplace.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.