Law firm ‘didn’t think’ data theft was a breach, says ICO. Now it’s nursing a £60K fine

by

Law firm ‘didn’t think’ data theft was a breach, says ICO. Now it’s nursing a £60K fine

Summary

DPP Law is facing a £60,000 fine from the ICO after a significant data breach where 32 GB of personal information was stolen. The breach occurred in June 2022, and DPP Law claims they did not consider it a breach, disputing the findings of the ICO. They are appealing against the decision, asserting that they fully cooperated with the investigation and maintain their compliance with data protection laws.

Source: The Register

Key Points

  • DPP Law had 32 GB of personal data stolen from their systems due to a brute-force cyberattack.
  • The breach was only reported to the ICO 43 days after DPP became aware of it, violating reporting obligations.
  • The ICO highlighted lapses in DPP’s security measures, particularly the lack of multi-factor authentication on vulnerable accounts.
  • DPP Law argues their status as Lexcel and Cyber Essentials certified indicates their commitment to security best practices.
  • The ICO reiterated the importance of compliance with data protection laws to prevent severe penalties.

Why should I read this?

If you’re in a business or legal field, this article is a must-read! It dives into the pitfalls of data security and the hefty repercussions of negligence, like a £60K fine. DPP Law’s case raises crucial awareness about data protection compliance and the consequences of underestimating a data breach. Don’t let this be a lesson you learn the hard way!