July 31, 2024 at 04:36AM The UK’s Electoral Commission faced a formal reprimand for security failings that led to a cyberattack stealing personal data from 40 million voters. The attack went unnoticed for 13 months due to ineffective patching, default passwords, and weak password management. The ICO noted improvements made post-incident but emphasized the need … Read more
July 24, 2024 at 04:39AM The UK’s Information Commissioner’s Office (ICO) reprimanded Chelmer Valley High School for breaking data protection laws by introducing facial recognition technology for canteen payments without proper assessments and permission. The school failed to consult the data protection officer, parents, and students, and relied on assumed consent. ICO provided recommendations for … Read more
March 15, 2024 at 07:43AM MOPAC’s untidy tech practices led to a webform error, exposing personal data of 394 complainants against the Metropolitan Police Service. An employee mistake made the forms public, but no evidence suggests data access. The ICO reprimanded MOPAC for the avoidable breach, urging improved training and governance. Remedial actions and enhanced … Read more