Boris Johnson's Cabinet Office Fined £500k For Leaking Data

Uploaded on 2021-12-10 in FREE TO VIEW, BUSINESS-Services-Law, GOVERNMENT-National

The UK’s Information Commissioner’s Office (ICO) has fined the Cabinet Office £500,000 for a 2020 data leak that exposed the full names and addresses of the New Year Honours recipients on its gov.uk web page. The Cabinet Office a department of the British government directly responsible for supporting Prime Minister Boris Johnson. Over a 1,000 people were affected by the leak, with some complaining that they felt concerned for their personal safety. 

The ICO said the Cabinet Office had broken the Data Protection Act 2018 and was being charged according to the General Data Protection Regulations.

They included the addresses of includiing Sir Elton John, cricketer Ben Stokes, senior Tory Sir Iain Duncan Smith, TV chefs Nadiya Hussain and Ainsley Harriot, broadcaster Gabby Logan, Grease actress Olivia Newton-John and former director of public prosecutions Alison Saunders.

ICO found that the Cabinet Office had failed to put adequate measures in place to avoid such data breaches.
On 27 December 2019 the Cabinet Office published a file on GOV.UK containing the names and unredacted addresses of more than 1,000 people announced in the New Year Honours list. People from a wide range of professions across the UK were affected, including individuals with a high public profile.

After becoming aware of the data breach, the Cabinet Office removed the weblink to the file. However, the file was still cached and accessible online to people who had the exact webpage address. The personal data was available online for a period of two hours and 21 minutes and it was accessed 3,872 times.

The ICO also found that the Cabinet Office failed to implement the appropriate technical and organisational measures in its IT systems to protect the data of those affected.

The team responsible for generating and publishing the list were under tight deadlines, the ICO reported, and instead of fixing the system, it attempted to amend the file instead. However, each time a new file was generated, the .CSV file included full addresses.

Despite removing the file shortly after posted it online, a cached version remained accessible to the public. The ICO reported the file was accessed 3,872 times in the period of two hours and 21 minutes that it was online.

The Cabinet Office confirmed that there were no specific or written processes in place at the time to sign off documents and content containing personal data prior to being sent for publication. The Cabinet Office said it wanted to "reiterate" a previous apology it made over the incident. A Cabinet Office spokesperson said: “The Cabinet Office would like to reiterate our apology for this incident … We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again.”

ICO:     BBC:     ITPro:      Guardian:      Sky:    Daily Mail:      Computing:  

You Might Also Read: 

Over 40% Of UK Organisations Reported To ICO Since GDPR:

 

« Cyber Security In 2022
Britain's New Deals On Digital Trade & Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Cube 5

Cube 5

The Cube 5 incubator, located at the Horst Görtz Institute for IT Security (HGI), supports IT security startups and people interested in starting a business in IT security.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Zyxel Networks

Zyxel Networks

Zyxel Networks is a leading provider of secure, AI-powered networking solutions for small to medium businesses (SMBs) and the enterprise edge.

Deimos

Deimos

Deimos is a technology, cloud, hybrid and multi-cloud focused, professional services company. Our expertise and focus is on cloud native Developer and Security Operations.