Context
Following a recent fine of £4,400,000 issued to Interserve Group Ltd, The Information Commissioner has warned that companies are leaving themselves open to cyber-attack by ignoring crucial measures like updating software and training staff.
Key points to note
- Interserve Group Ltd were fined for failing to keep personal information of its staff secure. This is a breach of data protection law.
- The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
- The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.
Next actions
Whilst we have included this item for information and awareness, we would urge firms to ensure they have appropriate cyber security measures and cyber risk insurance in place.