Our News

£80,000 Fine For Failing To Keep Data Safe

The ICO tells London Estate Agency: Companies must accept that they have a legal obligation to both protect and keep secure the personal data they are entrusted with. Where this does not happen, we will investigate and take action.

A London based estate agency has been fined £80,000 by the Information Commissioners Office for failing to keep the data of their tenants safe.

For two years, London based estate agency, Life at Parliament View Ltd, failed to prevent a security breach, which left the personal data of 18,620 customers exposed for almost two years. The breach happened when the company transferred personal data from its server to a partner organisation and failed to switch off an Anonymous Authentication function.

What is Anonymous Authentication?

Anonymous Authentication controls how internet information services processes requests from anonymous users. This feature gives users access to the public area of a website without prompting them for a user name or password.

The failure by the estate agency meant access restrictions to all data stored between March 2015 and February 2017, meant access restrictions were not implemented and anyone going online had full access to all personal data. The data exposed included personal information such as bank details, bank statements, salary details, passport information, birth dates and addresses.

Following the breach, the ICO launched an investigation and uncovered a ‘catalogue of security errors’. They found that the agency had failed to take appropriate security measures against the unlawful processing of personal data. The ICO says that the Estate Agency only alerted them to the breach when it was contacted by a hacker. As a result they say the breach was a serious convention of the data protection laws.

Director of Investigations at the ICO Steve Eckersley said: “Customers have the right to expect that the personal information they provide to companies will remain safe and secure. That simply wasn’t the case here. As we uncovered the facts, we found LVPL had failed to adequately train its staff, who misconfigured and used an insecure file transfer system and then failed to monitor it. These shortcomings have left its customers exposed to the potential risk of identity fraud. Companies must accept that they have a legal obligation to both protect and keep secure the personal data they are entrusted with. Where this does not happen, we will investigate and take action.”

What is a data Breach?

A data breach occurs when sensitive and confidential information is accessed by a third party who is not authorised to do so. This data can include things such as passwords, credit card numbers, health records or addresses. The most common way hackers gain access to a system, is by guessing a password or by installing malware. Data breaches can range in size, from a single individual accessing a file, to millions of company records being stolen. How someone is affected by a data breach depends on the information that is accessed and released. The best way to protect your data is to change your password regularly and not store sensitive information on your computer.

Recent Posts

Holiday From Hell

A couple from the South West, say they are stuck in a village in Corfu, which Mirrors a war zone.… Read More

June 1, 2024

Marriott Vacation Club Extend Property Portfolio

Interval International Vacation Services has announced it is adding Marriott Vacation Club Pulse in San Francisco to it’s growing exchange… Read More

June 1, 2024

Timeshare exit firm banned from business

A timeshare exit company has been permanently barred from operating and ordered to pay hundreds of thousands of dollars back… Read More

June 1, 2024

Passengers Will Pay Extra To Fund Airlines That Go Bust

Airline Passengers will pay an extra 50p on each ticket to fund travellers who need to be repatriated when their… Read More

June 1, 2024

Are you thinking about your next holiday?

We are a year into the Pandemic now which saw most of the world come to a complete standstill. Life… Read More

June 1, 2024

New type of courier fraud targeting older victims

Vulnerable and elderly people are being targeted by scammers and coerced into spending thousands of pounds on designer watches and… Read More

June 1, 2024

This website uses cookies.