Staysure.co.uk has been given a fine of £175,000 by the Information Commissioner’s Office (ICO) in light of a data breach that occurred in October last year.
The incident saw a hacker not only compromise 5,000 customer details, but also access over 100,000 credit card records.
The watchdog determined that the web-based firm had failed to adhere to the Data Protection Act set in 1998. It said that it had not kept personal data secure enough, and had no procedures or policy to evaluate and update its cyber security systems.
Further, it had failed twice to update its database programme, which meant that certain flaws were not removed. The ICO said that if the firm had, the incident would have been prevented. However, the hackers managed to exploit flaws found in the program and planted a malicious script that created a back door into the firm’s website. It is thought that the flaw remained active over five years.
The ICO’s enforcement head, Steve Eckersley, commented:
“It’s unbelievable to think that a company holding three million customer records did not have the procedures in place to keep that information secure. Keeping personal information secure is a basic legal requirement.
“The company’s actions were unacceptable and this penalty notice reflects the severity of the situation.”
Company bosses should take this as a warning. Failing to counter flaws in their IT systems can result in doors opening for hackers, leading to customer records being compromised. This only serves to demonstrate how important it is to fill cyber security jobs, so that such holes can be immediately recognised and remedied.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.