Belfast Telegraph

Home News UK

Previous data breaches by public bodies and companies

The Royal Borough of Kensington and Chelsea was fined £120,000 last year for identifying the owners of vacant homes in the area.

Enforcement officers working for the Information Commissioner’s Office entering the offices of Cambridge Analytica (PA)
Enforcement officers working for the Information Commissioner’s Office entering the offices of Cambridge Analytica (PA)

By Tom Horton, PA

The Cabinet Office has apologised after a list of the home addresses of New Year Honours recipients was accidentally posted online.

Here the PA news agency takes a look at some previous data blunders by public bodies and companies.

– Royal Borough of Kensington and Chelsea fined £120,000 for identifying owners of vacant homes


In April 2018, the Royal Borough of Kensington and Chelsea was hit with a £120,000 fine by the Information Commissioner’s Office (ICO) after it unlawfully identified the owners of vacant homes in the borough.

The names of those who owned the empty homes, as well as the addresses of the properties, were sent to three journalists who had requested statistical information from the council under the Freedom of Information Act.

– 3,295 people working for MPs affected by watchdog data breach

Staff details were available online (Kirsty O’Connor/PA)

Confidential details about MPs’ staff, including their names and salaries, were wrongly posted online in 2017, according to a parliamentary watchdog.

Scores of sensitive documents about the employees were available to be viewed on an old Independent Parliamentary Standards Authority website for nearly five hours.

The authority said the error amounted to a “serious data breach”.

– Northamptonshire County Council

Northamptonshire County Council accidentally published data on more than 1,400 children in 2015 – including their names, address, religion and special educational needs status, according to The Guardian.

The data was reportedly removed within a few hours of publication.

– HMRC issued with enforcement notice for failure to get consent to collect personal data


After failing to get adequate consent from callers about collecting their personal data, Her Majesty’s Revenue and Customs (HMRC) was issued with an enforcement notice by the ICO.

Seven million callers to some of HMRC’s helplines had been asked to record their voice so that it could be used as a password.

However, the ICO ordered that the data be wiped after it found that callers had not been given any further information about the voice identification system and had not been told that they did not have to participate.

– BA faces record £183 million fine over customer data hack

British Airways was heavily fined (PA)

In July, the ICO announced its intention to fine British Airways £183 million for a data breach, which will become the largest penalty ever issued by the regulator once the process is completed.

Personal data relating to around half a million passengers was compromised during the hacking incident, the ICO said.

– Hotel firm Marriott fined £99 million for customer data breach

In July, the ICO announced its intention to fine the chain £99 million after it admitted the guest records of 339 million customers had been accessed.

Seven million of those records were said to be related to UK residents.

– Facebook handed £500,000 fine over personal data use in political campaigns


The social media giant agreed to pay a £500,000 fine in October following an investigation into the misuse of personal data in political campaigns.

The ICO found that between 2007 and 2014 Facebook processed user data by letting third-party app developers access person information without the user’s informed consent.



From Belfast Telegraph