In a story which is about as ironic as it gets, the Information Commissioner’s Office (ICO) – the body responsible for protecting the UK’s private information – has been hit by a data security breach.
The Information Commissioner, Christopher Graham, revealed in a short statement in the ICO’s annual report that it had suffered a ‘non-trivial data security incident’ in the last year, which prompted a ‘full internal investigation’. Unfortunately, further details about the breach have not been forthcoming and the ICO is, according to the Times, refusing to release any more information.
To compound the irony, it’s not even the first time this sort of thing has happened: a data breach in 2011 was also revealed in an annual report, although this incident was apparently a self-reported breach with ‘no resulting adverse impact on, or damage to, individuals and the ICO [treated] the matter no differently from similar incidents reported by others’.
The number of complaints the ICO received last year rose by 10% to some 15,500, prompting the Information Commissioner to request increased funding and stronger powers from the government.
Given that it can fine companies up to £500,000 for breaches of the Data Protection Act, one can only hope that the ICO doesn’t come down too hard on itself. Its resources are clearly stretched as it is.
Updates on this data breach will be available once more information has been released.