The ICO has fined a holiday insurance firm £175,000 after it was revealed that IT security failings allowed hackers to gain access to customer credit card details, which were subsequently used to commit fraud.
Upwards of 5,000 customers of the holiday insurance firm became victims of fraud after hackers gained access to their details in the security breach.
Steve Eckersley, Head of Enforcement at the ICO, said:
It’s unbelievable to think that a company holding three million customer records did not have the procedures in place to keep that information secure. Keeping personal information secure is a basic legal requirement. The company’s actions were unacceptable and this penalty notice reflects the severity of the situation.
Hackers potentially gained access to over 100,000 usable credit card details as well as highly confidential customer medical details. In addition, customer credit card security numbers, which industry rules dictate must not be stored at all, were also accessible in the breach.
The Data Protection Act stipulates that any organisation that processes personal information must ensure that the personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
Redstor’s range of services and solutions help organisations comply with the Data Protection Act. Redstor cloud backup services store customer data in an encrypted format in our UK-only data centres. Our cloud sync and share service, Centrastor, enables organisations to store and share files and sensitive data securely from any device with an internet connection and our Centrastage service enables support providers to guarantee that devices they support are regularly audited, patched and safely up-to-date for effective endpoint management. To find out more about our services and how we can help you comply with data protection laws and prevent data leakage, please contact us either by giving us a call on 01189 515 200 or emailing [email protected].