Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Data breaches: Barclays and Santander most investigated lenders in the UK

Margi Murphy | Jan. 2, 2015
Previously unseen list of data breaches across each industry by the ICO reveals the worst offenders.

Government departments were served 37 enforcement notices in total during the year.

The HMRC said that it would not comment on specific cases where it suffered a breach, but said "we take data protection and security issues - including compliance with the requirements of the DPA - very seriously. We are constantly working to improve our performance in this area and work closely with the ICO on any recommendations it makes."

However, local government appears to be the worst offender on the ICO's list - with a total of 297 investigations undertaken during last year. Five local councils were served enforcements, including Aberdeen City council and Glasgow City council when an unencrypted laptop was stolen from a council office.

Some 314 cases amongst local and central government were "resolved informally" and seven further councils were required by court to take action, including Mansfield, Luton Borough Council - on two occasions - and Royal Borough of Windsor and Maidenhead.

There were 12 local government cases were either a court order or enforcement was served. In Central government a court order was served once and 37 enforcements were "informally resolved".

Police departments were tagged as concerns on 33 separate occasions. Potential criminal breaches were discovered on three occasions and enforcement notices served 61 times throughout the year.

Retail and internet firms
Nominet UK suffered a cyber-attack, or "hack" along with Electronic Arts (EA) Games and 11 other companies that were not named. Social network Last.FM and voucher website LivingSocial were also investigated for "unauthorised access" of customer data.

HR Blacklist - a website that detailed employees who were trade union members - was also served an enforcement notice by the watchdog.

Almost 20 internet companies were subject to enforcements or possible criminal investigation following serious breaches.

There were 24 serious breaches in the retail sector, including UK grocery store Asda after it published personal data online and an employee lost a USB with confidential information.

Insurance and utility providers
Almost 40 insurance providers were listed as a concern by the ICO and a further 24 were served enforcements. In five cases this included a potential criminal breach.

Meanwhile, there were seven instances where utility companies were investigated for potential criminal breaches, all of which were informally resolved. One instance included hacking of a database and another included an error in a mail-merge which revealed personal data of its customers.

Data breach files
The files seen by ComputerworldUK include reports of data breaches during 2013 in each industry sector.

While the ICO publishes the names of companies that have been served enforcements on its website, this list, acquired under the FOI Act, reveals the number of anonymised self-reported incidents by sector as well as the number of data breaches that were investigated - information that is not usually in the public domain.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.