The latest fine issued by the ICO highlights that “cyber security must be a top priority for businesses regardless of size”.
This fine came as a result of an investigation by the ICO which concluded that an online construction materials business had failed to implement appropriate technical and organisational measures to protect its customer data. In particular, the investigation found that the organisation had failed to identify that its website contained a coding error which left it vulnerable to attack. This vulnerability was subsequently exploited by hackers who gained access to 669 unencrypted cardholder details including names, addresses, account numbers and security codes.
Whilst the investigation highlighted that the retailer had not intended to bypass the law, it also made clear that oversight is not an excuse. As such, organisations must ensure that they do detect vulnerabilities in their security systems and ensure that the security measures they have in place are adequate to protect the personal data entrusted to them.
The ICO’s Head of Enforcement Steve Eckersley commented that “this fine must serve as a warning to other small and medium-sized firms that the security of their customers’ personal information must come first”.