informationcommissionersoffice
Latest
Cambridge Analytica parent company fined for violating UK data law
SCL Elections, the parent company of Cambridge Analytica, pleaded guilty in UK court to violating the Data Protection Act after it failed to comply with a request for information submitted by a citizen and backed by the Information Commissioner's Office (ICO). The company was fined a paltry £15,000 for the violation, according to a report from The Guardian.
Uber fined £385,000 in the UK for 2016 cyber-attack
Uber has been fined £385,000 ($491,000) by the UK's privacy watchdog for "failing to protect" the personal info of around 2.7 million UK users during a cyber attack in 2016. The figure isn't far off from the maximum penalty of £500,000 ($638,000) handed down to Facebook by the Information Commissioner's Office (ICO) over its Cambridge Analytica-related failures.
Facebook referred to EU regulator over ad targeting methods
Facebook is about to face more scrutiny over its ad targeting methods. Just days after fining Facebook over the Cambridge Analytica scandal, the UK's Information Commissioner's Office has referred the social network to the Irish Data Protection Commission, the European Union's main body for investigating Facebook under GDPR rules. The ICO has "ongoing concerns" about Facebook's systems for ad targeting, such as how it tracks "browsing habits, interactions and behavior" across the internet.
App flaw let anyone access UK Conservative politicians' data
The UK Conservative party is learning a hard lesson about the importance of basic security measures in mobile apps. Users have discovered that you could log into the party's conference app using only an attendee's email address, providing access to all kinds of sensitive data. And when many of the conference participants are politicians who registered with their email addresses at Parliament... you can guess what happened next.
Equifax faces £500,000 fine in the UK over massive data breach
UK officials have slapped Equifax with a £500,000 (US$660,000) fine for failing to protect up to 15 million citizens' personal data. The Information Commissioner's Office (ICO) has announced its verdict after almost a year-long investigation with the Financial Conduct Authority. Together, they looked into the massive Equifax breach that affected 146 million people around the world. Cybercriminals infiltrated the consumer credit reporting agency's systems by using an exploit on its website to gain access to people's names, addresses, birthdates, SSNs, as well as tax and driver's license information.
UK privacy watchdog slaps Yahoo with another fine over 2014 hack
Yahoo still isn't done facing the consequences for its handling of a massive 2014 data breach. The UK's Information Commissioner's Office has slapped Yahoo UK Services Ltd with a £250,000 (about $334,300) fine under the country's Data Protection Act. The ICO determined that Yahoo didn't take "appropriate" steps to protect the data of 515,121 UK users against hacks, including meeting protection standards and monitoring the credentials of staff with access to the information.
UK orders Cambridge Analytica to provide data on US voter
Cambridge Analytica isn't completely out of the woods just because it's technically shutting down. The UK's Information Commissioner's Office has ordered Cambridge Analytica affiliate SCL Elections to provide the personal data of David Carroll, an American professor who became wary of how the company was profiling American voters. As Cambridge Analytica had processed his data in the UK, he filed a test case to see if he would receive access despite living on the other side of the Atlantic.
Carphone Warehouse fined £400K for serious 2015 data breach
The Information Commissioner's Office (ICO) is back to doing what it does best today, slapping Carphone Warehouse with a £400,000 fine for a 2015 data breach that exposed the personal information of over 3 million customers and 1,000 staff. It's one of the heftiest invoices the ICO has ever written up, though TalkTalk was fined just as much for failing to protect user data from a cyberattack that same year. Carphone Warehouse suffered a comparably serious breach that affected several of the company's brands. Not only were names, addresses, dates of birth and other personal details exposed, but the "historical" card details of 18,000 customers. According to the ICO, though, "there has been no evidence that the data has resulted in identify theft or fraud."
UK data watchdog opens its own investigation into Uber hack
After reports emerged that Uber had suffered a massive data breach, the UK's Information Commissioner's Office (ICO) has said it has "huge concerns" about the company's data protection policies and has confirmed it has launched its own investigation into Uber's decision to cover it up.
Equifax data breach is also being investigated by UK officials
While 143 million US residents were affected by the Equifax breach, they weren't the only ones impacted. Nearly 700,000 UK residents also had their information stolen -- including phone numbers, driver's license numbers, email addresses, user names, passwords and partial credit card details -- and UK authorities are now investigating the company.
TalkTalk fined £100,000 for long-forgotten 2014 data breach
Enough time has passed that TalkTalk has bounced back from its reputation-damaging data debacle of 2015, which saw hackers steal the personal details of over 150,000 of its customers. That earned the company a £400,000 fine from the UK's Information Commissioner's Office (ICO), and today an older data breach in 2014 has cost the company an additional £100,000. The ICO has handed TalkTalk the invoice as a slap on the wrist for failing to adequately protect customer details after third-party support staff were found to have gained "unauthorised and unlawful access to the personal data of up to 21,000 customers."
TalkTalk fined £400K for mistakes that led to 2015 hack
TalkTalk's attempt to shake off its hack-smeared image has been dealt a blow by the UK's Information Commissioner's Office. The regulator has fined the company £400,000 for security failings which allowed hackers to steal the personal data of 156,959 customers. Of that number, 15,656 had their bank account details taken. Information Commissioner Elizabeth Denham said the telecoms company, which offers broadband, TV and phone services, failed to implement "the most basic security measures" and "could have done more to safeguard its customer information."
