Cyber Security and Data Privacy Failures this Month – and how to get it right!

Here’s just a small selection of some of the cyber and data protection stories to hit the news, and suffer regulatory force, this month.

Cyber attacks

Parliament hit by cyber attack prompting officials to disable remote email access. The “determined attack” was claimed to be an “attempt to identify weak passwords” and experts warn of potential blackmail attempts if emails were successfully accessed.

University College London (UCL) was struck by a major ransomware attack this that left students and staff locked out of their files. The virus is believed to have spread through UCL’s network after users visited a compromised website.

Petya, a massive, global ransomware outbreak, has been hitting airports, banks, shipping firms and other businesses across Ukraine, Russia, the United Kingdom, Denmark, India and beyond. Danish shipping giant Maersk and the global pharmaceutical giant Merck all appear have had their systems compromised.

Please see a recap of the advice issued by City of London Police in relation to ransomware*.

Ransomeware protection

 Data Privacy Regulator – It’s been a bad month for local councils

The Information Commissioner’s Office (ICO) have been busy…

Medway Council received an enforcement notice from the ICO following previous audits and two security breaches. They failed to take adequate steps to ensure that mandatory data protection training had been rolled out.

The ICO fined Gloucester City Council £100k after a cyber attack resulted in the breach of employee sensitive personal data – if you think it’s all about consumer’s you’re wrong!

Basildon Borough Council were fined £150k when their planning department published a family’s sensitive personal information. It was found that Basildon failed to take adequate organisational measures and had failed in staff training.

Maybe not quite as bad as the results in April which saw 11 well known charities fined for failings.

With GDPR less than a year from coming into effect, it seems there is much still to do before the ICO has the power to levy much more punitive fines.

Good information security management for prevention rather than cure

Whilst good information security management won’t guarantee cyber attacks and breaches can’t take place, it will reduce the threats significantly. Demonstrating effective information security management to regulators will also mitigate the risk of fines.

Our top three information security and data privacy recommendations:


Following the ISO 27001 framework or preparing for GDPR compliance?

Get a huge headstart with

Or visit

*You can stay tuned to the latest cyber crimes with The Met Police.

ISMS Online Rating: 5 out of 5
Share This