DPP Law, a UK firm, has been fined £60,000 by the ICO for not reporting a significant cyber attack in 2022 that exposed sensitive data on the dark web. The breach was attributed to inadequate security measures, particularly the absence of multi-factor authentication on a seldom-used administrator account. The firm, which handles sensitive legal matters, learned of the attack from the National Crime Agency after client information was found online. Despite the severity of the situation, DPP delayed reporting the incident to the ICO for 43 days, claiming it did not believe it was a data breach.
The attack on DPP Law revealed serious lapses in cybersecurity, with the Information Commissioner's Office emphasizing the importance of continuous assessment and enhancement of security measures.
DPP Law believed the cyber incident did not constitute a data breach and delayed notifying the ICO by 43 days, despite the sensitivity of its data.
Collection
[
|
...
]