Alexander Martin reports:
A British law firm has been fined £60,000 ($80,000) after cybercriminals accessed the company’s case management system and published sensitive information on the dark web, something the company only learned about after being contacted by the National Crime Agency.
DPP Law, based in Bootle, was found to have breached the United Kingdom’s data protection laws by failing to “put appropriate measures in place to ensure the security of personal information held electronically.”
The Information Commissioner’s Office (ICO) stated hackers were able to access the company’s IT network by brute-forcing an infrequently used administrator account that lacked multi-factor authentication, and then using the access to move laterally across DPP’s network, pilfering over 32GB of data.
Read more at The Record. DPP only became aware data had been stolen when it was contacted by the National Crime Agency, according to the official monetary penalty notice.