ICO Probes CEOP Over Unencrypted Data Breach

The Information Commissioner’s Office (ICO) has confirmed that it has begun an investigation over a possible security breach at the Child Exploitation and Online Protection Centre (CEOP) following the discovery of unencrypted personal details.

The discovery, said to have been made by a member of the public is potentially serious as CEOP is the agency responsible for dealing with sex offenders.

Hypothetical Risk

The alleged security breach at CEOP is said to be from hyperlinks to a confidential page on the agency’s website, where people can report incidents of possible abuse.  Users who follow links to the site from Google or Facebook are directed to an unencrypted page, but if users opt to file a report they are then directed to a SSL-secured webpage.

However, the concern is that, because the initial landing page was an unencrypted webpage, a search query or other action carried out on the unsecured CEOP site could hypothetically have been observed or intercepted by other web users, because their actions were effectively sent in the clear.

The incident certainly seems to be a security oversight by CEOP, rather than an actual real life data breach. And of course, it also assumes a high level of technical expertise on behalf of the person supposedly intercepting these ‘in the clear’ transmissions.

However, the sensitive nature of CEOP’s work means that the ICO is now involved, and it confirmed to eWEEK Europe that it was investigating the matter.

“We are making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken,” said the ICO spokesperson.

No Evidence Of Breach

“The risk was a hypothetical one and there is no evidence to suggest anyone’s details have been jeopardised,” CEOP’s CEO, Peter Davies, said in an emailed statement. “We thank the member of the public who brought this issue to our attention and have rectified the problem so people can continue to report any concerns they have to us, with the reassurance that their report will remain secure.”

Peter Davies succeeded former CEOP chief executive Jim Gamble, who resigned late last year over concerns about government plans to roll CEOP into the National Crime Agency, which he felt would not benefit children.

The CEOP agency gained a lot of publicity last year thanks to its lobbying of the likes of Facebook to place a “panic button” on the social network for threatened children to use, if they thought a paedophile might be pestering them online.

Facebook initially resisted the idea, but it finally reached a compromise with CEOP, stating that both organisations were “aligned on making the Internet safer.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

13 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

16 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

17 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

18 hours ago