Data breaches grow at an alarming rate

No comments

The UK’s information security watchdog has been notified of almost 100 breaches since HMRC

Since the security breach at HM Revenue and Customs in November last year, the government’s information watchdog has been notified of almost 100 data breaches by public, private and third sector organisations.

Of the security breaches that the Information Commissioner’s Office (ICO) has been made aware of by private sector organisations, 50% were reported by financial institutions.

Of those reported by public bodies, almost a third occurred in central government and associated agencies and a fifth in NHS organisations.

Richard Thomas, Information Commissioner, added: ‘It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring. The government, banks and other organisations need to regain the public’s trust by being far more careful with people’s personal information. Once again I urge business and public sector leaders to make data protection a priority in their organisation. The level of understanding about data protection and the need to safeguard people’s personal information have no doubt increased and I am encouraged that more chief executives and permanent secretaries appear to be taking data protection more seriously, but the evidence shows that more must be done to eradicate inexcusable security breaches.’

“It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring.
Richard Thomas, Information Commissioner

Information that has gone missing includes unencrypted laptops and computer discs, memory sticks and paper records. Information has been stolen, gone missing in the

post and whilst in transit with a courier. The material includes a wide range of personal details, including financial and health records.

The ICO said it is investigating the circumstances of the breaches. In 16 cases the ICO has required the organisation to make procedural changes to improve data security, such as encryption. In three instances the lost information has been recovered.

The ICO has recently published new guidance for organisations on how to deal with security breaches.