DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Action taken over security flaw in online reporting form

Posted on September 15, 2011 by Dissent

From the Information Commissioner’s Office:

The Child Exploitation and Online Protection Centre (CEOP) and the Serious Organised Crime Agency (SOCA) – its parent organisation – have taken action after the discovery of a security flaw on CEOP’S website, the Information Commissioner’s Office (ICO) said today.

On 6 April, the ICO received a complaint from an individual who noticed that the information submitted using the online form on the CEOP website was not encrypted. The security problem meant that the details – some of which were sensitive – would have been vulnerable while they were being transmitted to CEOP’s servers.

The ICO’s investigation found that the form had been insecure for several months following the launch of the new CEOP website, although there was no evidence to suggest that any attempts had been made to access the information. Both organisations have now taken action to improve the security of the CEOP website in order to keep the personal information they handle secure.

Acting Head of Enforcement, Sally Anne Poole said:

“Organisations must make sure that any personal data transmitted electronically is adequately protected. While there is no evidence to suggest that attempts have been made to access any of the information, it is highly likely that it would have been sensitive in nature and should not have been compromised by insufficient IT security measures.

“We are pleased that CEOP and SOCA have taken action to make sure that all of the information sent in by members of the public remains secure.”

Peter Davies, Chief Executive Officer of CEOP, and Trevor Pearce QPM, Director General of SOCA, have jointly signed an undertaking to ensure that CEOP’s website is regularly tested so that the personal data they process remains secure and potential weaknesses are immediately identified. CEOP will also introduce recommendations included in a recent Information Security Review and continue to make sure that they are followed.


Related:

  • IVF provider Genea notifies patients about the cyberattack earlier this year.
  • Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine
  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
Category: Breach IncidentsExposureGovernment SectorNon-U.S.

Post navigation

← 101 Sites hacked and huge amounts of data leaked by Stohanko
UK: NHS trust signs undertaking after two breaches involving paper records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.