U.K. Trust Fined for Breach

Posted Spreadsheet Containing Employee Information
U.K. Trust Fined for Breach

The U.K.'s Information Commissioner's Office has fined Torbay Care Trust £175,000 for mistakenly publishing details on almost 1,400 employees online.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

A spreadsheet containing sensitive information was published on the trust's website in April 2011. The mistake was reported 19 weeks later by a member of the public, according to a news release from the ICO.

The trust is responsible for providing community health services in Torbay and Southern Devon, England.

Information exposed in the breach included names, dates of birth, national insurance numbers and sensitive details, including religion and sexuality.

An ICO investigation revealed that the trust had not provided its staff with guidance explaining what information shouldn't be posted online. The trust also had inadequate checks in place to identify potential security issues, the ICO says.

"The fact that this breach was caused by Torbay Care Trust publishing sensitive information about their staff is extremely troubling and was entirely avoidable," says Stephen Eckersley, head of enforcement at the ICO. "Not only were they giving sensitive information out about their employees but they were also leaving them exposed to the threat of identity fraud," he says.

Since the breach, the trust has developed a web management policy to ensure personal data isn't published on its website, the ICO said.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.