UK DATA WATCHDOG the Information Commissioner’s Office (ICO) has told Toshiba off after it leaked the personal details of some competition entrants.
The ICO said that a security flaw lead to the breach, but it isn’t too annoyed about it and has decided not to punish the firm too much. The personal details of 20 people were exposed by the breach after they registered for an online competition with the firm.
The data lost included names, addresses and dates of birth along with contact information, and the ICO said that Toshiba’s measures had not been strong enough to spot the web design error.
Reputational Compliance
“It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure,” said Stephen Eckersley, the ICO’s head of enforcement.
“We are pleased that Toshiba Information Systems (UK) have committed to ensuring that any changes to applications on their website are thoroughly tested by both the developer and themselves, in order to keep the personal information they are collecting secure. We would urge other UK organisations with interactive websites to make sure they have suitable checks in place before collecting peoples’ details online.”
Toshiba has promised to make sure that it handles all data much better in the future, and said that it will test all third party software applications before launching them to the public.
In a statement provided to The INQUIRER, Toshiba said that it is happy with the decision and the lack of any formal enforcement action.
“Toshiba UK welcomes the report and statement from the ICO today, particularly the point that the ICO does not consider the issue serious enough to make it necessary to take any formal enforcement on the basis of the undertaking Toshiba has provided,” said a spokesperson.
“It is important to bear in mind that no sensitive data was at risk, and that on discovering the data vulnerability Toshiba took immediate action to remedy the issue within a matter of hours and subsequently contacted all affected customers. Toshiba is confident it has taken the necessary steps to prevent such incidents occurring in the future.”
Source: theinquirer
