Article:

Why IT security matters - Am I Bovvered?

14 August 2017

The aptly named company “Boomerang Video Ltd”, a Hampshire-based video rental business, suffered a double whammy when not only was its website hacked and details of more than 26,000 customers exposed to the hackers, but it was fined £60,000 this summer by the Information Commissioner’s Office (ICO) for not taking basic steps to protect its data from the attack.

This is the first such fine, levied on a relatively small business that we have become aware of and it serves as a warning to small to medium sized companies that if they are not taking steps to protect data, as well as the indignity, inconvenience and reputational damage that may be caused by a breach, there could in addition be significant financial penalties.

Sally Anne Poole, ICO enforcement manager, said:

“Regardless of your size, if you are a business that handles personal information then data protection laws apply to you.  

If a company is subject to a cyber-attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.”

The failures that allowed the hack to succeed were simple and obvious and basic IT housekeeping would have eliminated the vulnerabilities.

Although it is likely to be of little comfort to the owners of Boomerang, had the breach occurred after May 2018, when the GDPR come into force, the fines could have been very considerably higher.

The BDO Technology Advisory Services team has helped numerous businesses in the mid-market with their IT Security. If you would like further information on how we could help your business please email or call John Dennison on 0118 925 4400.