A case decided by the Information Commissioner has emphasised – if the point needed emphasising – the importance of securing the personal data of customers and resulted in an £80,000 fine for a London estate agency.
The agency, Life at Parliament View, transferred the personal data of over 18,000 clients of the agency from its server to a partner organisation and failed to switch off an “Anonymous Authentication” function which implemented access restrictions. As a result, anyone going online had access to all the personal addresses, dates of birth, bank statements, salary details and copies of passports of both tenants and landlords stored on the system between March 2015 and February 2017.
LPVL only alerted the ICO to the data breach when contacted by a hacker. Following an investigation, the ICO discovered a host of security errors and concluded that LPVL had failed to take appropriate technical and organisational measures to prevent the data breach so exposing customers to a real risk of identity fraud.
The message of the case is perhaps obvious – organisations should make sure they safeguard customers’ or clients’ personal data – but yet simple breaches still occur.