In the past year, the UK Ministry of Justice (MoJ) reported 17 serious data breaches to the Information Commissioner’s Office (ICO), affecting more than 120,000 people.
This is according to data found in MoJ’s annual report for 2019/20, and analyzed by the Parliament Street think tank.
The incidents mostly came down to sloppy and reckless behavior – e.g lost unencrypted USB drives, emails being sent to the wrong people, or equipment such as smartphones and mobile phones being stolen from official vehicles or even homes.
One involved technical error related to a sub-processor. This incident has made various files on a staff training database briefly accessible to unauthenticated users. The database was downloaded twice, once fully and once partially.
The 17 most serious incidents aside, the MoJ apparently recorded 6,425 additional data incidents, which it described as “not substantial enough to report to the ICO”. 5,445 of those were described as “unauthorized disclosure”, with the remaining 823 classified as loss of ‘inadequately protected electronic equipment, devices or paper documents’.
For Tim Sadler, CEO at Tessian, accidents are “human nature”. It’s up to organizations to make sure the risk of error is minimal, and they can do that by putting in place proper measures.
“As organisations expect people to be responsible for more and more sensitive data, measures must be in place to prevent the mistakes that compromise security. Failure to do so could result in regulatory fines and ruined reputations,” he said.