The Information Commissioner's Office (ICO) has issued a £4,400,000 fine to Interserve Group Ltd for failing to secure the personal data belonging to its 113,000. Construction company Interserve did not implement appropriate technical and organisational measures as required by Article 5(1)(f) and Article 32 General Data Protection Regulation (GDPR). The company neglected to perform critical actions such as security patches and staff training, leaving it vulnerable to attack. A phishing email attack between 30 March 2020 and 2 May 2020 resulted in a serious breach of personal data. The list of compromised data included contact information, national insurance numbers, and bank account details, along with special category data about employees' ethnicity, religion, sexual orientation, health information and disability status. Information Commissioner John Edwards said: "The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office."
Read the Interserve Group Limited monetary penalty
Additional commentary in The Guardian.
We reported an article in The Register from May 2020 related to an Interserve data breach that affected 100,000 employees.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
