|Date of enforcement action:|
|United Kingdom||GBP 80,000 (US$103,000)|
|Defendant company or entity:||Industry segment:|
|Life at Parliament View Ltd||Real Estate /|
The Information Commissioner’s Office (ICO) has fined a London estate agency, Life at Parliament View Ltd, £80,000 for leaving 18,610 customers’ personal data exposed for almost two years.
The security breach happened when Life at Parliament View Ltd (LPVL) transferred personal data from its server to a partner organisation and failed to switch off an ‘Anonymous Authentication’ function. This failure meant access restrictions were not implemented and allowed anyone going online to have full access to all the data stored between March 2015 and February 2017.
The exposed details included personal data such as bank statements, salary details, copies of passports, dates of birth and addresses of both tenants and landlords.
During its investigation, the ICO uncovered a catalogue of security errors and found that LPVL had failed to take appropriate technical and organisational measures against the unlawful processing of personal data. In addition, LPVL only alerted the ICO to the breach when it was contacted by a hacker. The ICO concluded this was a serious contravention of the 1998 data protection laws which have since been replaced by the GDPR and the Data Protection Act 2018.
(ICO Official Release)
|Enforcement authority:||Type of enforcement action:|
|Information Commissioner's Office||Penalty notice|
|Subject to appeal?|
Cite this fine in your work
Data Privacy Fines Index. (2019-07-17 10:10) Life at Parliament View Ltd fined GBP 80k. dataprivacyfines.com. Retrieved from https://dataprivacyfines.com/fine/life-at-parliament-view-ltd-fined-gbp-80k/
Entry last updated: 2020-01-12 02:23 GMT.