By Mark Young and Tom Jackson
On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data. In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine.
In short, Staysure had failed to implement processes to ensure that key software updates were applied, leading to vulnerabilities in the company’s IT systems. As a result, hackers gained access to customers’ personal details, medical data, and payment card information, including over 100,000 sets of credit card details relating to more than 90,000 individual customers. These stolen details were then used in relation to more than 5,000 fraudulent transactions.
Continue Reading ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies