Data Breach at Glasgow City Council Exposes 20,143 People’s Personal Data

The UK Information Commissioner’s Office (ICO) recently fined the Glasgow City Council £150,000 following the theft of two unencrypted laptops from the council’s office on May 28, 2012.

According to the ICO, one of the stolen laptops contained the council’s creditor payment history files, listing 20,143 people’s personal information — including 6,069 people’s bank account details.

The council had already been served with an enforcement notice from the ICO in 2010 following a similar breach in which an unencrypted memory stick containing personal data was lost. Still, the council had provided several of its staff members with unencrypted laptops, 74 of which remained unaccounted for, and at least six of which are known to have been stolen.

“How an organization can fail to notice that 74 unencrypted laptops have gone missing beggars belief,” ICO assistant commissioner for Scotland Ken Macdonald said in a statement. “The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”

In addition to the £150,000 penalty, the council will also be required to carry out a full audit of its IT assets used to process personal data, to arrange for all of its manager to receive asset management training, and to carry out a full check of all of its devices on an annual basis.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles