SlideShare a Scribd company logo

Ministry of justice fined over data ssecurity calamity

Download as PPT, PDF
John Davis
John Davis

There can be few worse things that can happen to a company's secret data than for it to be leaked into the public domain, but just such a potential catastrophe has afflicted the Ministry of Justice. http://www.storetec.net/news-blog/ministry-of-justice-fined-over-data-security-calamity

TechnologyBusiness
1 of 8
@StoretecHull www.storetec.net Facebook.com/storetec Storetec Services Limited Ministry of Justice Fined Over Data Ssecurity Calamity There can be few worse things that can happen to a company's secret data than for it to be leaked into the public domain, but just such a potential catastrophe has afflicted the Ministry of Justice. The ministry has been fined £140,000 by the Information Commissioner's Office (ICO) for a major breach in August 2011, in which an email concerning upcoming visits was sent to three families of inmates at Cardiff Prison had a file attached containing details about the 1,182 people who are currently incarcerated there.
Among these were details such as names, ethnicities, home addresses, the nature of the offences committed and release dates. Only when the third of the families to receive the email raised the alarm about the attached file was the mistake spotted. After this, a member of prison staff and a police officer visited the homes of the recipients to check the email and files had been deleted. However, while such an action was possible because there had been only three recipients, the situation could have been far worse. Had all the families been contacted, for instance, it would have meant trying to chase up over 1,000 households and it would only have required one to have taken the leak further for such information to have gone viral.
This was noted by ICO deputy commissioner and director of data protection, David Smith, who said: "The potential damage and distress that could have been caused by this serious data breach is obvious. Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses. "Fortunately it appears that the fall-out from this breach was contained, but we cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff. Furthermore the prison service failed to have procedures in place to spot the original mistakes.
"It is only due to the honesty of a member of the public that the disclosures were uncovered as early as they were and that it was still possible to contain the breach." The ICO investigation uncovered a number of major flaws in the way data was handled by Cardiff prison. One of these was an absence of audit trails, which it found would have meant the data breach going unnoticed had a member of the public not alerted them. Furthermore, there were multiple failings in the way the records of prisoners were kept and information transferred between the two separate networks used by the prison. This was frequently done using unencrypted floppy discs that held large volumes of data.
It is not completely unusual for government departments to fall short on their data security. Three have been many tales down the years of how storage devices, laptops and other appliances have been stolen or lost. However, in most cases these have been protected with various layers of extra security, including passwords and encryption. The absence of these in the Cardiff case means there could have been some particularly grave consequences. For example, if information about an offender was received by anyone wishing to visit reprisals on one of the prisoners after their release, they would know where the individual lived. If the error had not been reported back to the prison, this situation could have arisen without the released prisoners being aware they could be in danger.
The Ministry of Justice commented that such breaches are "extremely rare", but added that the prison had immediately changed its procedures, with "further changes" being put in place right across the prison estate.
Such moves may help stop repeats of the Cardiff incident, but for other organisations and companies, such lax handling of data could have disastrous consequences. For example, It could mean a company leaking details of its employees pay and remuneration, which might end up in the hands of fellow staff. Vital company data could end up being seized by rivals and in the case of government departments, highly secure information that is lost could have untold consequences – a point made by those trying to curb the potential damage done by the likes of Wikileaks. The consequences of failure at Cardiff could have been far worse.
Storetec News/Blogs. " http://www.storetec.net/news-blog/ministry-of-justice-fined-over-data-se /". Ministry of Justice Fined Over Data Ssecurity Calamity. October 22,2013. Storetec.

Recommended

Presentación Reforma Hacendaria aprobada
Presentación Reforma Hacendaria aprobadaPresentación Reforma Hacendaria aprobada
Presentación Reforma Hacendaria aprobadaTemo Galindo
 
Yttrium Suspended
Yttrium Suspended Yttrium Suspended
Yttrium Suspended David Newman Craige
 
DSAPCommentLetter_Merge_Appendices
DSAPCommentLetter_Merge_AppendicesDSAPCommentLetter_Merge_Appendices
DSAPCommentLetter_Merge_AppendicesKenneth Rosales
 
Concurso De Computación
Concurso De ComputaciónConcurso De Computación
Concurso De ComputaciónPaloma Andrea De La Torre Roncal
 
Creacion de formulario
Creacion de formularioCreacion de formulario
Creacion de formularioa00512
 
Colegio nicolás esguerra
Colegio nicolás esguerraColegio nicolás esguerra
Colegio nicolás esguerraSkateGutierrez
 
SendGrid利用事例のご紹介
SendGrid利用事例のご紹介SendGrid利用事例のご紹介
SendGrid利用事例のご紹介Wakaba Ryosuke
 
Cầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho bé
Cầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho béCầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho bé
Cầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho bébabimart babimartviet
 

Recommended

Presentación Reforma Hacendaria aprobada
Presentación Reforma Hacendaria aprobadaPresentación Reforma Hacendaria aprobada
Presentación Reforma Hacendaria aprobadaTemo Galindo
 
Yttrium Suspended
Yttrium Suspended Yttrium Suspended
Yttrium Suspended David Newman Craige
 
DSAPCommentLetter_Merge_Appendices
DSAPCommentLetter_Merge_AppendicesDSAPCommentLetter_Merge_Appendices
DSAPCommentLetter_Merge_AppendicesKenneth Rosales
 
Concurso De Computación
Concurso De ComputaciónConcurso De Computación
Concurso De ComputaciónPaloma Andrea De La Torre Roncal
 
Creacion de formulario
Creacion de formularioCreacion de formulario
Creacion de formularioa00512
 
Colegio nicolás esguerra
Colegio nicolás esguerraColegio nicolás esguerra
Colegio nicolás esguerraSkateGutierrez
 
SendGrid利用事例のご紹介
SendGrid利用事例のご紹介SendGrid利用事例のご紹介
SendGrid利用事例のご紹介Wakaba Ryosuke
 
Cầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho bé
Cầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho béCầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho bé
Cầu trượt trẻ em, bộ cầu trượt đa năng ,bộ liên hoàn cầu trượt,cầu trượt cho bébabimart babimartviet
 
Contabilidad Perea Francesca 10°B
Contabilidad Perea Francesca 10°BContabilidad Perea Francesca 10°B
Contabilidad Perea Francesca 10°Bfrancescaperea99
 
Curso control de gestion
Curso control de gestionCurso control de gestion
Curso control de gestionCarlos Echeverria Muñoz
 
Lección 12 hdp
Lección 12 hdpLección 12 hdp
Lección 12 hdpWilliams Coronel
 
Informe tecnologia
Informe tecnologiaInforme tecnologia
Informe tecnologiagabrielallona
 
Образ смерті
Образ смертіОбраз смерті
Образ смертіMykola Myalkovskyy
 
Contabilidad Ricardo Rodriguez
Contabilidad Ricardo RodriguezContabilidad Ricardo Rodriguez
Contabilidad Ricardo Rodriguezricardor99
 
Ingles tecnico
Ingles tecnicoIngles tecnico
Ingles tecnicoOctavio Lopez
 
Diapositivas de proyecto
Diapositivas de proyecto Diapositivas de proyecto
Diapositivas de proyecto CADAMUKO
 
plan de emergencia
plan de emergenciaplan de emergencia
plan de emergenciaEdwin Rojas
 
La creación
La creaciónLa creación
La creaciónHenry Ferrer Florian Delgadillo
 
Affect and cognition
Affect and cognitionAffect and cognition
Affect and cognitionAeda Ec
 
Lección 13 hdp
Lección 13 hdpLección 13 hdp
Lección 13 hdpWilliams Coronel
 
Esquema
EsquemaEsquema
EsquemaManuel de Faria
 
Lección 11 hdp
Lección 11 hdpLección 11 hdp
Lección 11 hdpWilliams Coronel
 
Norfolk County Council Announces Cloud-based Storage Network
Norfolk County Council Announces Cloud-based Storage Network Norfolk County Council Announces Cloud-based Storage Network
Norfolk County Council Announces Cloud-based Storage Network John Davis
 
Data protection rules could cost firms £75k a year
Data protection rules could cost firms £75k a yearData protection rules could cost firms £75k a year
Data protection rules could cost firms £75k a yearJohn Davis
 
App Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataApp Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataJohn Davis
 
Uk banks targeted in cyber attacks
Uk banks targeted in cyber attacksUk banks targeted in cyber attacks
Uk banks targeted in cyber attacksJohn Davis
 
Glasgow tragedy shows need for disaster recovery
Glasgow tragedy shows need for disaster recoveryGlasgow tragedy shows need for disaster recovery
Glasgow tragedy shows need for disaster recoveryJohn Davis
 
Burglary figures may highlight byod data risk
Burglary figures may highlight byod data riskBurglary figures may highlight byod data risk
Burglary figures may highlight byod data riskJohn Davis
 
Uk risks falling behind others in cloud adoption due to data security concerns
Uk risks falling behind others in cloud adoption due to data security concernsUk risks falling behind others in cloud adoption due to data security concerns
Uk risks falling behind others in cloud adoption due to data security concernsJohn Davis
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problemJohn Davis
 

More Related Content

Viewers also liked

Contabilidad Perea Francesca 10°B
Contabilidad Perea Francesca 10°BContabilidad Perea Francesca 10°B
Contabilidad Perea Francesca 10°Bfrancescaperea99
 
Contabilidad Ricardo Rodriguez
Contabilidad Ricardo RodriguezContabilidad Ricardo Rodriguez
Contabilidad Ricardo Rodriguezricardor99
 
Diapositivas de proyecto
Diapositivas de proyecto Diapositivas de proyecto
Diapositivas de proyecto CADAMUKO
 
plan de emergencia
plan de emergenciaplan de emergencia
plan de emergenciaEdwin Rojas
 
Affect and cognition
Affect and cognitionAffect and cognition
Affect and cognitionAeda Ec
 

Viewers also liked (14)

Contabilidad Perea Francesca 10°B
Contabilidad Perea Francesca 10°BContabilidad Perea Francesca 10°B
Contabilidad Perea Francesca 10°B
 
Curso control de gestion
Curso control de gestionCurso control de gestion
Curso control de gestion
 
Lección 12 hdp
Lección 12 hdpLección 12 hdp
Lección 12 hdp
 
Informe tecnologia
Informe tecnologiaInforme tecnologia
Informe tecnologia
 
Образ смерті
Образ смертіОбраз смерті
Образ смерті
 
Contabilidad Ricardo Rodriguez
Contabilidad Ricardo RodriguezContabilidad Ricardo Rodriguez
Contabilidad Ricardo Rodriguez
 
Ingles tecnico
Ingles tecnicoIngles tecnico
Ingles tecnico
 
Diapositivas de proyecto
Diapositivas de proyecto Diapositivas de proyecto
Diapositivas de proyecto
 
plan de emergencia
plan de emergenciaplan de emergencia
plan de emergencia
 
La creación
La creaciónLa creación
La creación
 
Affect and cognition
Affect and cognitionAffect and cognition
Affect and cognition
 
Lección 13 hdp
Lección 13 hdpLección 13 hdp
Lección 13 hdp
 
Esquema
EsquemaEsquema
Esquema
 
Lección 11 hdp
Lección 11 hdpLección 11 hdp
Lección 11 hdp
 

More from John Davis

Norfolk County Council Announces Cloud-based Storage Network
Norfolk County Council Announces Cloud-based Storage Network Norfolk County Council Announces Cloud-based Storage Network
Norfolk County Council Announces Cloud-based Storage Network John Davis
 
Data protection rules could cost firms £75k a year
Data protection rules could cost firms £75k a yearData protection rules could cost firms £75k a year
Data protection rules could cost firms £75k a yearJohn Davis
 
App Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataApp Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataJohn Davis
 
Uk banks targeted in cyber attacks
Uk banks targeted in cyber attacksUk banks targeted in cyber attacks
Uk banks targeted in cyber attacksJohn Davis
 
Glasgow tragedy shows need for disaster recovery
Glasgow tragedy shows need for disaster recoveryGlasgow tragedy shows need for disaster recovery
Glasgow tragedy shows need for disaster recoveryJohn Davis
 
Burglary figures may highlight byod data risk
Burglary figures may highlight byod data riskBurglary figures may highlight byod data risk
Burglary figures may highlight byod data riskJohn Davis
 
Uk risks falling behind others in cloud adoption due to data security concerns
Uk risks falling behind others in cloud adoption due to data security concernsUk risks falling behind others in cloud adoption due to data security concerns
Uk risks falling behind others in cloud adoption due to data security concernsJohn Davis
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problemJohn Davis
 
Choose Your Own Device ‘To Replace Bring Your Own Device’
Choose Your Own Device ‘To Replace Bring Your Own Device’Choose Your Own Device ‘To Replace Bring Your Own Device’
Choose Your Own Device ‘To Replace Bring Your Own Device’John Davis
 
Improve your security, minister tells major firms
Improve your security, minister tells major firmsImprove your security, minister tells major firms
Improve your security, minister tells major firmsJohn Davis
 
Paperless self assessment ‘a step closer’
Paperless self assessment ‘a step closer’Paperless self assessment ‘a step closer’
Paperless self assessment ‘a step closer’John Davis
 
Bitcoin data loss set to cost over £4 million
Bitcoin data loss set to cost over £4 millionBitcoin data loss set to cost over £4 million
Bitcoin data loss set to cost over £4 millionJohn Davis
 
Tesco data centre consolidation ‘nearing completion’
Tesco data centre consolidation ‘nearing completion’Tesco data centre consolidation ‘nearing completion’
Tesco data centre consolidation ‘nearing completion’John Davis
 
Colonial files ‘burned to keep secrets’
Colonial files ‘burned to keep secrets’Colonial files ‘burned to keep secrets’
Colonial files ‘burned to keep secrets’John Davis
 
Data security breach may embarrass fa
Data security breach may embarrass faData security breach may embarrass fa
Data security breach may embarrass faJohn Davis
 
Companies warned over new nsa malware allegations
Companies warned over new nsa malware allegationsCompanies warned over new nsa malware allegations
Companies warned over new nsa malware allegationsJohn Davis
 
Banks ‘falling s short on data protection’
Banks ‘falling s short on data protection’Banks ‘falling s short on data protection’
Banks ‘falling s short on data protection’John Davis
 
Data centres getting greener, say experts
Data centres getting greener, say expertsData centres getting greener, say experts
Data centres getting greener, say expertsJohn Davis
 
Data protection may be sidelined as eu and us talk trade
Data protection may be sidelined as eu and us talk tradeData protection may be sidelined as eu and us talk trade
Data protection may be sidelined as eu and us talk tradeJohn Davis
 
Microsoft warns of potential attacks
Microsoft warns of potential attacksMicrosoft warns of potential attacks
Microsoft warns of potential attacksJohn Davis
 

More from John Davis (20)

Norfolk County Council Announces Cloud-based Storage Network
Norfolk County Council Announces Cloud-based Storage Network Norfolk County Council Announces Cloud-based Storage Network
Norfolk County Council Announces Cloud-based Storage Network
 
Data protection rules could cost firms £75k a year
Data protection rules could cost firms £75k a yearData protection rules could cost firms £75k a year
Data protection rules could cost firms £75k a year
 
App Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing DataApp Developers Urged to Take Greater Care in Accessing Data
App Developers Urged to Take Greater Care in Accessing Data
 
Uk banks targeted in cyber attacks
Uk banks targeted in cyber attacksUk banks targeted in cyber attacks
Uk banks targeted in cyber attacks
 
Glasgow tragedy shows need for disaster recovery
Glasgow tragedy shows need for disaster recoveryGlasgow tragedy shows need for disaster recovery
Glasgow tragedy shows need for disaster recovery
 
Burglary figures may highlight byod data risk
Burglary figures may highlight byod data riskBurglary figures may highlight byod data risk
Burglary figures may highlight byod data risk
 
Uk risks falling behind others in cloud adoption due to data security concerns
Uk risks falling behind others in cloud adoption due to data security concernsUk risks falling behind others in cloud adoption due to data security concerns
Uk risks falling behind others in cloud adoption due to data security concerns
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
 
Choose Your Own Device ‘To Replace Bring Your Own Device’
Choose Your Own Device ‘To Replace Bring Your Own Device’Choose Your Own Device ‘To Replace Bring Your Own Device’
Choose Your Own Device ‘To Replace Bring Your Own Device’
 
Improve your security, minister tells major firms
Improve your security, minister tells major firmsImprove your security, minister tells major firms
Improve your security, minister tells major firms
 
Paperless self assessment ‘a step closer’
Paperless self assessment ‘a step closer’Paperless self assessment ‘a step closer’
Paperless self assessment ‘a step closer’
 
Bitcoin data loss set to cost over £4 million
Bitcoin data loss set to cost over £4 millionBitcoin data loss set to cost over £4 million
Bitcoin data loss set to cost over £4 million
 
Tesco data centre consolidation ‘nearing completion’
Tesco data centre consolidation ‘nearing completion’Tesco data centre consolidation ‘nearing completion’
Tesco data centre consolidation ‘nearing completion’
 
Colonial files ‘burned to keep secrets’
Colonial files ‘burned to keep secrets’Colonial files ‘burned to keep secrets’
Colonial files ‘burned to keep secrets’
 
Data security breach may embarrass fa
Data security breach may embarrass faData security breach may embarrass fa
Data security breach may embarrass fa
 
Companies warned over new nsa malware allegations
Companies warned over new nsa malware allegationsCompanies warned over new nsa malware allegations
Companies warned over new nsa malware allegations
 
Banks ‘falling s short on data protection’
Banks ‘falling s short on data protection’Banks ‘falling s short on data protection’
Banks ‘falling s short on data protection’
 
Data centres getting greener, say experts
Data centres getting greener, say expertsData centres getting greener, say experts
Data centres getting greener, say experts
 
Data protection may be sidelined as eu and us talk trade
Data protection may be sidelined as eu and us talk tradeData protection may be sidelined as eu and us talk trade
Data protection may be sidelined as eu and us talk trade
 
Microsoft warns of potential attacks
Microsoft warns of potential attacksMicrosoft warns of potential attacks
Microsoft warns of potential attacks
 

Recently uploaded

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 

Recently uploaded (20)

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 

Ministry of justice fined over data ssecurity calamity

  • 1. @StoretecHull www.storetec.net Facebook.com/storetec Storetec Services Limited Ministry of Justice Fined Over Data Ssecurity Calamity There can be few worse things that can happen to a company's secret data than for it to be leaked into the public domain, but just such a potential catastrophe has afflicted the Ministry of Justice. The ministry has been fined £140,000 by the Information Commissioner's Office (ICO) for a major breach in August 2011, in which an email concerning upcoming visits was sent to three families of inmates at Cardiff Prison had a file attached containing details about the 1,182 people who are currently incarcerated there.
  • 2. Among these were details such as names, ethnicities, home addresses, the nature of the offences committed and release dates. Only when the third of the families to receive the email raised the alarm about the attached file was the mistake spotted. After this, a member of prison staff and a police officer visited the homes of the recipients to check the email and files had been deleted. However, while such an action was possible because there had been only three recipients, the situation could have been far worse. Had all the families been contacted, for instance, it would have meant trying to chase up over 1,000 households and it would only have required one to have taken the leak further for such information to have gone viral.
  • 3. This was noted by ICO deputy commissioner and director of data protection, David Smith, who said: "The potential damage and distress that could have been caused by this serious data breach is obvious. Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses. "Fortunately it appears that the fall-out from this breach was contained, but we cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff. Furthermore the prison service failed to have procedures in place to spot the original mistakes.
  • 4. "It is only due to the honesty of a member of the public that the disclosures were uncovered as early as they were and that it was still possible to contain the breach." The ICO investigation uncovered a number of major flaws in the way data was handled by Cardiff prison. One of these was an absence of audit trails, which it found would have meant the data breach going unnoticed had a member of the public not alerted them. Furthermore, there were multiple failings in the way the records of prisoners were kept and information transferred between the two separate networks used by the prison. This was frequently done using unencrypted floppy discs that held large volumes of data.
  • 5. It is not completely unusual for government departments to fall short on their data security. Three have been many tales down the years of how storage devices, laptops and other appliances have been stolen or lost. However, in most cases these have been protected with various layers of extra security, including passwords and encryption. The absence of these in the Cardiff case means there could have been some particularly grave consequences. For example, if information about an offender was received by anyone wishing to visit reprisals on one of the prisoners after their release, they would know where the individual lived. If the error had not been reported back to the prison, this situation could have arisen without the released prisoners being aware they could be in danger.
  • 6. The Ministry of Justice commented that such breaches are "extremely rare", but added that the prison had immediately changed its procedures, with "further changes" being put in place right across the prison estate.
  • 7. Such moves may help stop repeats of the Cardiff incident, but for other organisations and companies, such lax handling of data could have disastrous consequences. For example, It could mean a company leaking details of its employees pay and remuneration, which might end up in the hands of fellow staff. Vital company data could end up being seized by rivals and in the case of government departments, highly secure information that is lost could have untold consequences – a point made by those trying to curb the potential damage done by the likes of Wikileaks. The consequences of failure at Cardiff could have been far worse.
  • 8. Storetec News/Blogs. " http://www.storetec.net/news-blog/ministry-of-justice-fined-over-data-se /". Ministry of Justice Fined Over Data Ssecurity Calamity. October 22,2013. Storetec.