The Office of the Information Commissioner (ICO), the UK’s data protection dog, fined the government £ 500,000 after the addresses of more than 1,000 New Year’s honorary recipients were mistakenly posted online.
The data breach occurred at 10:30 p.m. on Friday, December 27, 2019, when the personal details of more than 1,097 celebrities, government employees, politicians and officials who were honored were posted at their home and work addresses. The official website of the United Kingdom Government.
Among those whose addresses were publicly shared in the spreadsheet were musician Elton John, singer Olivia Newton-John TV chef Nadia Hussein, cartoonists Ben Stokes and Clive Lloyd, MP Ian Duncan Smith and film director Sam Mendes.
The offensive list was removed in the early hours of Saturday, December 28, 2019 after public figures activated an alarm, and was replaced with a version that does not contain the personal information.
At the time were Fears Due to the fact that the police addresses operating in the war on terror, royal defense and covert operations were also exposed.
It was now Announced That the ICO fined the UK Government Cabinet Office £ 500,000 for the breach.
So how did the breach happen?
According to the ICO investigation, a new IT system was introduced in the Cabinet Office in 2019 to process the public nominations in honor of the new year.
However, the IT system was set up incorrectly – which means it created a CSV file that included sensitive mail address data.
Due to “tight schedules for publishing the New Year’s honor roll”, a decision was made to fix the file instead of fixing the IT system. However, each time a new version of the file was created, the mail addresses of those hours were automatically included.
What is the saying? Oh yes. Act hastily, repent in your spare time. A little more time and care could have prevented all this sorry mess.
The ICO’s investigation found that the personal data was available online for a period of two hours and 21 minutes and access was made on 3,872 occasions.
Although the Cabinet Office removed the link to the file after discovering that it shared people’s personal information, the file was still stored and accessible to anyone who knew the exact URL.
Steve Ackersley, Director of ICO Investigations, said:
“When information breaches occur, they have real-life consequences. In this case, more than 1,000 people were injured. At a time when they had to celebrate and enjoy the declaration of their honor, they faced the distress of the personal details revealed.”
“The complacency of the Cabinet Office and the failure to reduce the risk of information breach caused hundreds of people to be potentially exposed to the risk of identity fraud and threats to their personal security.”
A Cabinet spokesman apologized for the breach and said an internal investigation had been completed and a number of steps had been taken to ensure such an incident did not recur.
Did you find this article interesting? Follow Graham Klili on Twitter To read more of the exclusive content we publish.