|ICO ‘on the ball’, but do individual ‘responsible managers’ ever get disciplined?|
The Information Commissioner’s Office (ICO) has served a £180,000 penalty on the Ministry of Justice over serious failings in the way prisons in England & Wales have been handling people’s information. The penalty follows the loss of a back-up hard drive at HMP Erlestoke prison in Wiltshire in May 2013. The device was not encrypted. The incident followed a similar case in October 2011, when the ICO was alerted to the loss of another unencrypted hard drive containing the details of 16,000 prisoners serving time at HMP High Down prison in Surrey.
In a second press release the ICO is warning businesses that they must be prepared for a targeted attack. The warning comes as the Racing Post signs a commitment to improve its IT security practices after 677,335 accounts were compromised during a data breach in October 2013. The attack exploited existing vulnerabilities in its website that allowed a hacker to gain access to the database of registered customers. The information compromised included the customer’s name, address, password, DoB and telephone number.
An investigation by the ICO found that the company had carried out penetration testing on its website in 2007, but failed to apply up-to-date security patches after this time leaving a vulnerability which the attacker exploited. The ICO also found problems with the way the company stored its customers’ information.