Skip to content
CybersecurityHarnessing the Power of Cloud ComputingExplore Symphony's Tech UniverseGeneral-newsCrime-and-justice

Breach implicates data recovery service in Co-op data incident

Data thieves managed to pilfer the personal details of 83,000 Co-operative Life Planning customers from an unidentified data recovery service this year, as reported by the authorities.

 and  Administrator
2 min read
Co-op breach involves data recovery service alleged for unauthorized access
Co-op breach involves data recovery service alleged for unauthorized access

Breach implicates data recovery service in Co-op data incident

In a recent turn of events, Co-operative Life Planning (CLP) has managed to avoid penalties from the Information Commissioner's Office (ICO) following a data breach incident. The breach, which occurred earlier this year, saw the theft of 83,000 customer details from CLP's servers.

The ICO's investigation revealed that the data breach did not pose a significant risk to CLP's customers. However, the investigation also found that the service provider hired by CLP, whose server later contained the unauthorized data, had no authorization to copy the data from CLP's servers. The data recovery service provider responsible for the theft remains unnamed.

The data was retained on the service provider's servers after the work was complete, and was later hacked into. The hacked data was accidentally made available online, causing concern for CLP and its customers.

In response to the ICO's findings, CLP has agreed to take all the remedial action suggested by the ICO. This includes ensuring the data is no longer available online "as far as possible," implementing data loss prevention software across all its servers, and taking precautions to prevent future data breaches.

Ian Mackie, managing director of CLP, agreed to these measures and also agreed to introduce data loss prevention software across all the company's servers. The ICO also sought assurances from CLP that the data was deleted from the data recovery provider's servers.

CLP has also assured the ICO that they were unaware that the data had been transferred on two separate occasions or that customers' details had been made available online. The ICO required CLP to take precautions to prevent a similar incident from occurring again.

Despite the breach, the ICO did not penalize CLP. This decision was made due to CLP's prompt response to the ICO's findings and their commitment to rectifying the situation.

The ICO's requirements also include ensuring the data is no longer available online and taking precautions to prevent future data breaches. CLP has agreed to comply with these requirements and is working diligently to ensure the security of its customers' data.

Read also:

Related

Latest