The Information Commissioner's Office (ICO) has fined online travel services company Think W3 Limited £150,000 following a data protection breach arising from insecure "coding" on the website of their subsidiary business Essential Travel Limited.
The travel firm was hacked in December 2012, resulting in a total of 1,163,996 credit and debit card records of customers being extracted. Of those records extracted, 430,599 were identified as current details and 733,397 had expired.
The privacy watchdogs at the ICO stated that "cardholder details had not been deleted since 2006 and there had been no security checks or reviews since the system had been installed".
Stephen Eckersley, Head of Enforcement at the ICO, noted that the actions of Think W3 Limited were a "staggering lapse that left more than a million holidaymakers' sensitive personal details exposed to a malicious hacker.
"Data security should be a top priority for any business that operates online. Think W3 Limited accepted liability for failing to keep their customers' personal data secure, failing to test their security and failing to delete out-of-date information."
The Data Protection Act 1998 obligates organisations not to hold personal data for longer than is necessary and to undertake regular checks to ensure that the data held is up to date and accurate.
If Think W3 Limited had acted in accordance with these obligations, it is likely that the 700,000 plus individuals whose details had expired and any details that were no longer required would not have been on the travel firm's system at the time of the hacking.
MacRoberts can provide advice on data protection and help your business develop and implement its own data protection procedures including interactive training.
Did you know...?
MacRoberts now offers a Family Law service. Our team offers expert advice to individuals on all areas of family law including divorce, separation, child law, cohabitation and pre-nuptial agreements. In addition, our Private Client specialists offer expert advice on Wills, tax planning, house sales, power of attorney and family businesses. Please do not hesitate to contact us for more details.
Disclaimer
The material contained in this article is of the nature of general comment only and does not give advice on any particular matter. Recipients should not act on the basis of the information in this e-update without taking appropriate professional advice upon their own particular circumstances.
