UK Data Watchdog Fines Interserve $4.9 Million After a Cyberattack

Around 113,000 workers were affected.

Interserve, a British construction company, was fined £4.4 million ($4.9 million) by the country's data watchdog after a cyberattack exposed the personal and financial details of up to 113,000 workers to hackers, The Guardian reported.

Interserve was targeted at the time because it had been named a "strategic supplier to the government," serving agencies including the Ministry of Defense. Personal information, including bank account data, national insurance numbers, ethnicity, sexual orientation, and religious affiliation, was exposed.

Two years after the attack, Interserve Group still hasn't implemented enough steps to mitigate the impact or prevent another hack. This is according to the Information Commissioner's Office (ICO).

The 2020 Cyberattack

An employee of Interserve fell victim to a phishing attack after downloading an attachment from an unsuspecting email, and the accompanying anti-virus alert was not thoroughly probed. The attack compromised 283 systems and 16 accounts, removed the anti-virus software, and encrypted the personal data of all present and previous employees of Interserve.

The company used outdated computer programs and protocols, undertrained employees, and inadequate risk assessments based on ICO's investigation.

John Edwards, the UK information commissioner, stated that the data breach could inflict genuine harm to Interserve's personnel, as it left them open to the threat of identity theft and financial crime.

He added that it is never acceptable to leave the door open for cyber-attackers, especially when dealing with people's most private data. Companies are more likely to be compromised by employees who are careless with data than by external hackers.

Cyberattack Damages

The maximum sanction the ICO can levy is £17.5 million ($19.7 million) or 4% of annual global turnover, whichever is greater. It has the option of reducing a fine if the corporation can show mitigating factors.

After careful analysis, the ICO opted not to lessen the amount, which was the fourth largest it has ever imposed.

When asked about the hefty penalty, Edwards replied to The Guardian, "The intention is to cause directors and chairmen to sit up and start asking questions of chief executives about cyber preparedness."

UK's Efforts to Prevent Online Hacks

After taking office in January, Edwards, who will serve as commissioner for the next five years, reported that the ICO was now conducting 80 investigations and opening another 500 annually.

According to him, ransomware attacks are by far the most common form of cyber attack the ICO has to deal with. He emphasized that paying a ransom to recover data would not be regarded as a mitigating factor because it was not considered a legitimate way to secure data.

A month ago, TikTok was warned that its company might face a fine of up to £27 million ($30 million) for allegedly failing to safeguard the confidentiality of children between 2018 and 2020.

Earlier this year, the ICO and the National Cyber Security Centre (NCSC) issued a joint warning to British businesses to increase their online protections against a potential Russian invasion of Ukraine.

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics