Home About Books Contact Log in

Contact us...

+44 (0) 208 133 0242

Data Protection News

Information Security and Data Protection news, hot off the press.

Catch up on the latest industry news with DataGRC.

Want to know about other news stories, fines, breaches?

Want to know more about these stories?

Want to recieve regular updates about industry shenanigans?

Contact us today!


13/1/20 Threatened ICO fines for BA (GBP 183m) and Marriott (GBP 99m) are still being pondered, with a 31/3/20 extention agreed between the parties. The ICO had an annual GDP 2m budget for legal aid, which may prove to be a little light...


09/01/20 GBP 500k ICO fine (the maximum pre-GDPR) for DSG Retail (Currys; PC World; Dixons), after crooks installed malware on more than 5k POS devices, between July 2017 and April 2018, providing crooks with access to 5.6m payment card details and personal data of 14m people (name, postcode, email, failed credit checks). The ICO was first notified on 8/6/18. Potentially "massive" GDPR fines were not applied in this case because the contravention happened just before "GDPR Day" (25th May 2018).


30/12/19 Travelex hit by cyber attack. Current gossip (17/1/19) includes ransomware encrypting a wide range of key systems and "a ransomware gang called Sodinokibi" asking for GBP 4.6m ransom. Criminal groups suggest they have 5GB personal data, while other suggestions are that the case hasn't been reported as a breaching data confidentiality. In addition to the company's systems being fully online for more than a couple of weeks, banks who are supplied by Travelex are also having forex currency issues. The CEO went public on 17/1/19 stating systems used in-store were operational again, which suggests other parts of their wide network are still down.


20/12/19 GBP 275k ICO fine issued to Doorstep Dispensaree Ltd for failing to ensure the security of special category data. c500,000 documents were left in unlocked containers at the back of its premises. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people.


17/12/19 EUR 15k fine issued by Belgian SA for website (c35k visitors a month) with unlawful Cookie management (lacking transparency and consent). The SA appears to have taken the action without recieving a complaint.


11/12/19 EUR 9.6m fine issued by German Belgian SA for 1and1 web hosting company (1&1 Telecom) for allowing people to access to extensive personal information just by providing a name and date of birth. The company has said that it intends to take legal action against the regulator. .


17/09/19 GDPR 15k ICO fine to Superior Style Home Improvements Ltd, for calling prospects over an 11 month period whose numbers were registered on the Telephone Preference Service (TPS) and where consent had not been provided.


25/05/19 45m suggested cost to Norsk Hydro's business after a ransomware attack disabled 22k computers across 170 sites in 40 different countries.


Want to know more? Send us a message

+44 (0) 208 133 0242