Tom Brewster reports:
A data breach at the Independent Parliamentary Standards Authority (IPSA) led to MP’s information being placed at risk, including banking details and home telephone numbers.
The breach occurred on 13 July following IT maintenance on an MP expenses database, allowing people with an expenses account and their clerks to access the information.
The security loophole was left open for 21 hours and the Information Commissioner’s Office (ICO) has ordered the IPSA to take steps to ensure such a breach does not occur again.
Read more on IT Pro.
Here’s the statement from the ICO:
The Independent Parliamentary Standards Authority (IPSA) has agreed to take action after MPs personal details were accidentally placed at risk on the MPs expenses database, the Information Commissioner’s Office (ICO) said today.
The expenses claims were accessible for a period of 21 hours, following IT maintenance work in July 2010 which inadvertently allowed those persons with an expenses account, and their clerks, to access the information. The data included MPs banking details, vehicle registrations and home telephone numbers.
Mick Gorrill, Head of Enforcement at the ICO, said:“This case highlights how any work carried out on a database must be subject to rigorous security testing before being re-launched. MPs carry out a high profile role and the information their expenses claims include could put them at risk of fraud and endanger their security.”
Andrew McDonald, interim IPSA Chief Executive, has now signed a formal undertaking to ensure that changes to the system’s administrator account are reviewed regularly and that breach notification procedures are reviewed and communicated to all MPs and staff. The authority will also implement any other such security measures it deems necessary to protect the MPs personal information.
A full copy of the undertaking can be viewed here: http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/~/media/documents/library/Data_Protection/Notices/ipsa_undertaking.ashx