Cyber-attack victim fined £60,000 for insufficient data protectionPosted in : Immigration and Employment Updates on 31 October 2017
Failure to secure customer and employee information can have serious ramifications for small and medium-sized businesses, as a Berkshire-based video game rental firm learned recently.
The victim of a cyber attack, Boomerang Video Ltd faced a £60,000 fine after an investigation by the Information Commissioner’s Office (ICO) revealed the company had failed to adequately take steps to prevent its website from being compromised.
In 2014, the website of Boomerang Video Ltd. was subject to a cyber attack. In the course of this attack, the details of 26,331 customers could be accessed by the attacker through a common technique known as SQL injection.
An investigation conducted by the ICO found:
Already a subscriber?
Click here to login and access the full article.Log in now to read the full article
Don't miss out, start your free trial today!
Are you fully aware of the benefits of Legal-Island's Employment Law Update Service? We help hundreds of people like you understand how the latest changes in employment law impact on your business.
Help understand the ramifications of each important case from NI, GB and Europe
24/7 access to all the content in the Legal Island Vault for research case law and HR issues
Ensure your organisation’s policies and procedures are fully compliant with NI law
Receive free preliminary advice on workplace issues from the employment team at Worthingtons Solicitors
More on Data Protection & Freedom of Information
- Can an employer refuse a request from an unsuccessful job applicant to delete any of their data in its possession as it may be necessary for the defence of legal claims?
- If employees willingly provide personal email addresses at the start of their employment and their personal email addresses were used to contact them while they worked from home during the Coronavirus Lockdown, is this a breach of data protection?
- Can we ask staff to let us know if they have been vaccinated, and can we keep a record of this?
- Does the chief executive have the right to view sensitive personal data without an employee’s consent?
- Data Protection Implications of Selling From the UK into the EU after Brexit
The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.