The government has been fined the sum of £500,000 by the information commissioner following a data breach relating to the New Year Honours list in 2020.
The penalty comes after an incident which took place on December 27, 2019, in which the Cabinet Office mistakenly shared the addresses and personal details of 1,097 people due to receive honours in a file on the gov.uk website.
The weblink to the file was later removed but it was still cached and accessible to anyone typing in the exact web address.
The BBC reports that the data was available online for two hours and 21 minutes and accessed 3,872 times.
The Information Commissioner’s Office [ICO] received three complaints from people whose data had been released.
ICO director of investigations, Steve Eckersley, said that the Cabinet Office had been complacent in allowing the breach to happen and should have had more stringent preventative measures in place.
He said: “At a time when [the recipients] should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed.
“The Cabinet Office's complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.
“The [£500,000] fine issued sends a message to other organisations that looking after people's information safely, as well as regularly checking that appropriate measures are in place, must be at the top of their agenda.”
The government apologised for the leak and said that following a thorough security review, measures had been put in place to prevent such an incident happening again.
A Cabinet Office spokesperson said: “We took action to mitigate any potential harm by immediately informing the information commissioner and everyone affected by the breach.
“We take the findings of the information commissioner very seriously, and have completed an internal review, as well as implemented a number of measures to ensure this does not happen again.
“This includes a review of the overall security of the system, information management training and improving internal processes for how data is handled by the honours team.”
Photo by Towfiqu barbhuiya on Unsplash
