UK Information Commissioner (ICO) Enforcements and Website Hacks

“alexisfitzg” blogs:

I did a brief analysis of the enforcement notices that have been handed out by the UK Information Commissioner (ICO) to organisations found to be in breach of the Data Protection Act. The idea was to see how many incidents were a result of a website hack (SQL Injection, XSS etc.) About 100 enforcements are listed on the ICO website covering the period from January 2008 to August 2010.

I found that none of the breaches were the result of a website hack. No SQL injection, XSS, CSRF attacks etc. The vast majority were related to unencrypted USB sticks, CDs, laptops etc. which have been lost or stolen.

The 4TB time bomb: when EY's cloud went public (and what it taught us)
Some lower-tier ransomware gangs have formed a new RaaS alliance -- or have they? (1)
Uncovering Qilin attack methods exposed through multiple cases
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure
Ex-CISA head thinks AI might fix code so fast we won't need security teams
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.

Related: