Small and medium sized businesses have received a stark warning after the Information Commissioner’s Office handed out a substantial fine to the victim of a cyber-attack.
An ICO investigation found that Boomerang Video Ltd failed to take the basic steps to prevent an attack and were penalised with a fine of £60,000.
The investigation revealed that the company held card details for too long, didn’t make password systems complex enough and allowed access to unencrypted data that contributed to the attack and failed to protect the details of more than 26,000 of its customers.
Sally Anne Poole, ICO enforcement manager, said “Regardless of your size, if you are a business that handles personal information then data protection laws apply to you”.
“If a company is subject to a cyber-attack and we find they haven’t taken steps to protect people’s personal data, they could face a fine from the ICO. Under new General Data Protection Legislation (GDPR) rules coming in – those fines could be a lot higher.”
Under GDPR – the risks for all businesses in the UK and EU are amplified. It is crucial that they protect the long-term future of their organisation by complying with the new directives.