Broker fined £175,000 by the ICO
Top 50 broker slammed by Information Commissioner’s Office for ‘unbelievable’ security failures.
The Information Commissioner’s Office (ICO) has hit broker Staysure with a £175,000 fine after its customer records were hacked and used for fraud. More than 5,000 customers had their credit cards used by fraudsters.
Hackers potentially had access to more than 100,000 live credit card details and customer medical records. The ICO was especially critical of the way credit card security numbers were exposed, despite industry rules that they should not be kept at all. The ICO investigation found that Staysure had breached the Data Protection Act by failing to keep the personal information secure.
The ICO investigation found no policy or procedures in place to review or compliant updated IT security systems, and had twice failed to update database software that could have prevented the incident. This left security flaws in the system, some for as long as five years, which hackers ultimately exploited to gain access to customer information.
ICO head of enforcement Steve Eckersley said:
“It’s unbelievable to think that a company holding three million customer records did not have the procedures in place to keep that information secure.Keeping personal information secure is a basic legal requirement. The company’s actions were unacceptable and this penalty notice reflects the severity of the situation. The fine issued by the ICO today should send a clear message to other companies of the importance of proper IT security.”
If you’re a broker looking to improve data protection compliance or security contact JMS Secure Data for a FREE Data Protection Health Check to identify any non-compliant DPA risks in your business.
Book a Data Protection Health Check with our team: Click Here
Speak to one of our Team Now: Call us on 020 3397 9026 (Opt 1)