Bible Society Fined £100,000 For Risking Supporters’ Personal Data.July 3, 2019 |Data Privacy
The permanence of penalties will not stop until people will learn to comply with new data protection regulations. However, if organisations have decided to stay inconsiderate regarding the regulations, then the flux of penalties will not come under control. The British and Foreign Bible Society, situated in Swindon, fined £100,000 by the ICO. This happened after a cyber-attack on a computer network.
How come any network can be attacked in such a way? There can be many answers to this question, but, noncompliance with the privacy regulations could be the sole reason behind it. The hackers targeted the Society’s Network, to gain access over the personal data of 417,000 of the Society’s supporters. Moreover, a few payment cards and bank accounts details of supporters also put to risk.
Lack of responsibility leads to…
The Society was responsible for translating, distributing and exporting the Bible across the world, including the UK as well. The whole exporting process was dependent on card donations of the UK supporters. There was a service account on Society’s network in 2009, containing supporter’s details. However, the account was not internally secure. The account was configured to provide inappropriate access rights, and most importantly, it was secured with an easy-to-get password.
The attackers demanded ransomware. The data on the network was not wholly affected or damaged rendered inaccessible by the encryption. However, the intruders were able to transfer some files out of the system.
The ICO’s Head of Enforcement, Steve Eckersley, said:
“The Bible Society failed to protect a significant amount of personal data and exposed its supporters to possible financial or identity fraud.
“Our investigation determines that it is likely that the religious belief of the 417,000 supporters can be inferred, and the distress this kind of breach can cause must not go underestimated.
“Cyber-attacks will happen, that’s just a fact, and we fully accept that they are a criminal act. Although, organisations need to have strong security measures in place to make it as difficult as possible for intruders.”
According to the Information Commissioner Officer, the Society was a victim of a cyber-attack. But, what made it possible to perform such an act? A failure in taking appropriate protection steps both technically or organizationally accelerates such activities. It was a critical contravention of the Data Protection Act 1998 of Principle 7. The DPA 1998 states that “appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data”. Right after this data, the Society has started taking remedial actions and Cooperated with the ICO investigation.
Best Compliance Solution
Seers UK is a cyber-security and data protection program. It also aims to conduct vulnerability Audits and connects you with Cybersecurity and Data Privacy Experts. In addition, the anti-data breach program will enable you to gauge the mistakes and hefty fines when data protection regulations are not applied.