DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Serious Fraud Office fined after “astounding” data protection breach

Posted on March 30, 2015 by Dissent

The Information Commissioner’s Office (ICO) has fined the Serious Fraud Office £180,000 after a witness in a serious fraud, bribery and corruption investigation was mistakenly sent evidence relating to 64 other people involved in the case.

The Serious Fraud Office’s investigation focused on allegations that senior executives at BAE Systems had received payments, including two properties worth over £6 million, as part of an arms deal with Saudi Arabia. The case was closed in February 2010.

The Serious Fraud Office began returning the evidence documents after the case concluded. Between November 2011 and February 2013 the witness was sent over 2,000 evidence bags. In total, 407 of these bags contained information about third parties. The information included bank statements showing payments made by BAE Systems to various individuals, hospital invoices, DVLA documents and passport details.

The Serious Fraud Office only began investigating the full circumstances of the breach after details of the errors were requested on 13 June 2013 for a briefing in response to a parliamentary question. An internal investigation was launched shortly afterwards and the ICO was informed of the breach.

The ICO investigation found that the information returned to the witness had been prepared by a temporary worker who had received minimal training and had no direct supervision. The information was disclosed by the witness to The Sunday Times, which published a number of articles based on the evidence.

ICO Deputy Commissioner and Director of Data Protection, David Smith, said:

“Anyone who provides information to a criminal investigation does not take this decision lightly and often does so at considerable risk to themselves. People will be quite rightly shocked that the Serious Fraud Office failed to keep the information of so many individuals connected to such a high-profile case secure.

“Given how high-profile this case was, and how sensitive the evidence being returned to witnesses potentially was, it is astounding that the SFO got this wrong. This was an easily preventable breach that does not reflect well on the organization. All law enforcement agencies should see this penalty as a warning that their legal obligations to look after people’s information continue even after their investigation has concluded.”

The Serious Fraud Office has recovered 98% of the documents that shouldn’t have been disclosed. The organization has also taken action to make sure adequate security checks are in place to ensure case files containing personal information are returned to the correct recipient.

SOURCE: Information Commissioner’s Office

Related posts:

  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
Category: ExposureGovernment SectorNon-U.S.

Post navigation

← British Airways frequent-flyer accounts hacked
Personal details of world leaders accidentally revealed by G20 organizers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.