The U.K. Information Commissioner's Office (ICO) has fined the British Pregnancy Advisory Service (BPAS) £200,000 following a 2012 breach in which hacker James Jeffery accessed the personal information of thousands of people who had requested information from the BPAS.
In April of 2012, Jeffery was sentenced to 32 months in prison for the attack.
According to the ICO, the BPAS wasn't aware that its Web site was storing the names, addresses, birthdates and telephone numbers of people who requested information on pregnancy issues -- the data was stored insecurely, and a vulnerability made it relatively easy for the hacker to access the system.
"Data protection is critical and getting it right requires vigilance," ICO deputy commissioner and director of data protection David Smith said in a statement. "The British Pregnancy Advice Service didn’t realise their Web site was storing this information, didn’t realise how long it was being retained for and didn’t realise the Web site wasn’t being kept sufficiently secure."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"But ignorance is no excuse," Smith added. "It is especially unforgiveable when the organisation is handing information as sensitive as that held by the BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe. There’s a simple message here: treat the personal information you are holding with respect."