UK government dragged for incomplete security reforms
Briefly

UK government dragged for incomplete security reforms
"It examined 11 major UK data breaches between 2008 and 2023, including the Ministry of Defence's (MoD) dangerous email blunder that exposed the details of Afghans who worked with British forces during the conflict with the Taliban, as well as British troops and spies. The others included a similar email mistake made by the Police Service of Northern Ireland, Norfolk and Suffolk police forces, Digital ID, another MoD leak of data to Malian recipients instead of US military (.ml/.mil), and more in the public sector."
"Chi Onwurah, chair of the committee that pushed for the secret review to be published on Thursday, said the previous government that oversaw the investigation has questions to answer over why only 12 of the 14 changes have been made. Senior minister Pat McFadden and Information Commissioner John Edwards have been asked to explain the context around the review and how the government plans to prevent sensitive breaches from happening again."
A secret 2023 review examined 11 major UK data breaches from 2008 to 2023, including an MoD email that exposed Afghans who worked with British forces, British troops and intelligence personnel. The review identified common failures such as inadequate controls over downloads, frequent "wrong recipient" email leaks, and hidden personal data in spreadsheets published online. The review issued recommendations with deadlines from November 2023 to August 2024, including ensuring proper technical controls and making data protection processes visible on staff intranets. Only 12 of the 14 recommendations have been implemented, and two remain outstanding. Senior officials have been summoned to explain the gaps and outline plans to prevent future sensitive breaches.
Read at Theregister
Unable to calculate read time
[
|
]