UK ICO – provisional decision to impose GBP 6mn fine on "Advanced LTD."

  • Author: Wolfgang von Sandersleben, DP-Dock GmbH
  • Last updated: August 2024
  • Category: Enforcement

The Advanced Computer Software Group Ltd has failed to implement measures to protect personal data of almost 83’000 individuals, which also included sensitive data. It is assumed that this was possible through a hacker attack in August 2022, where through a customer account, which was not secured with appropriate safety standards, personal information of other customers was exfiltrated while healthcare staff was unable to access patient records.

The concerned data included medical records, phone numbers and details on instructions to enter private homes of patients who receive care. People who were impacted had been notified and Advanced took measures to deal with the issue. The whole case is still under investigation. While a data leakage has been confirmed, if Advanced will be held liable for the data breaches is still subject to be decided.

Nonetheless, decided the ICO to impose a provisional fine of GBP 6mn on Advance before a final decision will be publicized.

The case displays the importance of implementing appropriate safety standards, especially regarding technical and organizational measures. Here, risk assessments can aim to analyze possible scenarios upfront and contribute to a thorough risk mitigation with proper response mechanisms to limit vulnerability towards cyber-attacks. Especially in cases that concern processing and storing of sensitive data, data controllers need to proceed with great caution.
Therefore, we recommend regular checks for vulnerabilities and the implementation of multi-factor authentication.

For more info please click here.

Businessman hand touch screen login username and password identity or sign up register concepts of cyber security, internet access, join social or personal data protection or forget pass key unlock.
© Eakrin / stock.adobe.com | #639485111

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed