ICO Report Identifies Eight Most Common Causes Of Data Breaches

The Information Commissioner’s Office (ICO) has called on businesses and organisations to familiarise themselves with the best ways of protecting personal data and not fall prey to the most common causes of data breaches.

The watchdog has published a new report highlighting the most common security vulnerabilities of data breaches and says many of the most serious occurrences could have been prevented that the best practices been adopted.

Eight of the most common vulnerabilities discovered during the ICO’s investigations include a failure to keep software security up to date, a lack of protection from SQL injection, the use of unnecessary services and the poor decommissioning of old software and services.

ICO report

Other common causes include the unsafe storage of passwords, the failure to encrypt online communications, poorly designed networks processing data in inappropriate areas and the continued use of default credentials including passwords.

The ICO says that many of the issues identified in the report should be common knowledge to IT professionals, but the fact that the same mistakes are being made suggests that not everyone responsible for ensuring personal data is secure is as familiar with them as they should be.

“In just the past couple of months we have already seen widespread concern over the expiry of support for Microsoft XP and the uncovering of the security flaw known as Heartbleed,” says Simon Rice, ICO group manager for technology. “While these security issues may seem complex, it is important that organisations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers’ information secure.

“Our experience investigating data breaches on a daily basis shows that whilst some organisations are taking IT security seriously, too many are failing at the basics.”

Earlier this year, the ICO fined the British Pregnancy Advice Service (BPAS), a charity which helps women considering abortion, £200,000 after a data breached revealed the names of 10,000 users to a hacker in 2012. An investigation concluded that the charity failed to realise its own website was storing the names, address, date of birth and telephone number of people who asked for a call back for advice on pregnancy issues.

How well do you know Internet security? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago