Cabinet Office is hit with £500k fine for honours list data blunder that saw stars’ addresses leaked
- Cabinet Office was fined for sharing addresses of New Year Honours recipients
- Error was caused by staff incorrectly setting up an IT system for the nominations
- Addresses were accessed 3,872 times while online for over two hours in 2019
- Over 1,000 individuals were affected, including Sir Elton John and Gabby Logan
The Cabinet Office was fined half a million pounds yesterday for accidentally sharing the addresses of New Year Honours recipients.
Sir Elton John, presenter Gabby Logan and TV cook Nadiya Hussain were among more than 1,000 individuals affected by the data breach.
The Information Commissioner’s Office (ICO) said ‘complacency’ within the department – which handles the honours – had jeopardised the safety of those ennobled last year.
Its probe found the error was caused by staff incorrectly setting up an IT system for processing the nominations, causing a file with all the recipients’ full addresses to be published on the Government’s website.
The Cabinet Office was fined half a million pounds for accidentally sharing the addresses of New Year Honours recipients, including Sir Elton John (pictured), and TV cook Nadiya Hussain
It was accessed 3,872 times and was left online for over two hours in December 2019.
Others affected included cricketer Ben Stokes as well as former MI5 officers.
The ICO ruled yesterday that the department had breached data protection law by failing to put in place measures to prevent the unauthorised disclosure of personal information and fined it £500,000.
A spokesman for the Cabinet Office, which has already apologised, said it has ‘implemented a number of measures to ensure this does not happen again’.
At the time of the breach, the former Tory party leader Iain Duncan Smith – who was on the 2020 list and whose address was published – branded the breach a ‘complete disaster’.
On December 27 2019, the department published a CSV file – commonly used on spreadsheets – showing the unredacted postal addresses of 1,097 people receiving New Year honours for 2020.
The error was caused when an IT system was incorrectly set up and led to a file with recipients’ addresses to be published online. Others affected included cricketer Ben Stokes (pictured)
The weblink was removed after officials became aware of the breach – but it was still cached and available online to people typing in the exact web address
Overall it was available for two hours and 21 minutes, during which time it was accessed 3,872 times.
The government has apologised for the data breach and said it had put measures in place to avoid a repeat of it.
Steve Eckersley, ICO director of investigations, said: ‘When data breaches happen, they have real life consequences. In this case, more than 1,000 people were affected.
‘At a time when they should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed.
‘The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.
‘The fine issued today sends a message to other organisations that looking after people’s information safely, as well as regularly checking that appropriate measures are in place, must be at the top of their agenda.’
Source: Read Full Article