2 min read

UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach

Alina BÎZGĂ

December 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach

The Information Commissioner’s Office (ICO) has fined the UK government £500,000 for unwittingly exposing the personal data of 1,097 New Year Honours recipients.

The incident occurred on December 27, 2019, when the Cabinet Office published a file containing the names and addresses of over 1,000 people, including prominent public figures and more than a dozen MoD employees and senior counter-terrorism officers.

The data was exposed due to an IT system misconfiguration at the Honours and Appointments Secretariat (HAS) that mistakenly generated a CSV file including the postal addresses of New Years Honours recipients.

“Due to tight timescales to get the New Year Honours list published, the HAS operations team decided to amend the file instead of modifying the IT system. However, each time a new file version was generated, the postal address data was automatically included in the file,” the ICO explained.

The data was published at 10.30 pm on Friday and accessed 3,872 times in just two hours and 21 minutes, according to the ICO investigation.

“When data breaches happen, they have real life consequences. In this case, more than 1,000 people were affected,” said Steve Eckersley, ICO Director of Investigations. “At a time when they should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed. The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.”

The ICO said it received three complaints from affected individuals, while the Cabinet Office was contacted by 27 people who expressed security concerns. Since the incident, the Cabinet Office has improved its security and reviewed its data-handling procedures.

Not sure what to do when your data is involved in a data breach or leak? Use Bitdefender’s Digital Identity Protection service to get alerts for data breaches and privacy threats. You get instant access to a mapping of your digital accounts and publicly available data, allowing you to assess your risk levels using only the information provided in the onboarding process (email address and phone number). You can stop worrying about what to do next. The service gives you easy-to-follow one-click action items that allow you to instantly shut down any weak points in your digital footprint.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Scam Pixelmon NFT Website Hosts Password-stealing Malware Scam Pixelmon NFT Website Hosts Password-stealing Malware
Vlad CONSTANTINESCU
1 min read
Researchers Find Several JavaScript Processing Flaws in Word, Adobe Acrobat, Other Apps Researchers Find Several JavaScript Processing Flaws in Word, Adobe Acrobat, Other Apps
Vlad CONSTANTINESCU
2 min read
Microsoft May Patch Tuesday Causes AD Authentication Failures Microsoft May Patch Tuesday Causes AD Authentication Failures
Vlad CONSTANTINESCU
1 min read