Toshiba rapped by ICO for data breach

News 18 Apr, 2012

PC vendor falls foul of the Data Protection Act, after personal details of competition entrants are published online.

Toshiba has been found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO), after personal details of 20 competition entrants were published on its website.

A member of the public tipped-off the ICO last September that personal details; including names, dates of birth, contact information and addresses had been leaked.

In an undertaking published by the ICO and Toshiba, the company confirmed the information could be accessed for a two-month period.

The breach had been blamed on a web design error, but an ICO investigation found that, at the time of the incident, insufficient measures were in place to detect such a flaw.

Stephen Eckersley, head of enforcement at the ICO, said: “Toshiba Information Systems have committed to ensuring that any changes to applications on their website are thoroughly tested by both the developer and themselves, in order to keep the personal information they are collecting secure.”

In a statement to IT Pro, Toshiba expressed its relief at avoiding the full wrath of the ICO, which can hand out fines of up to £500,000.

The vendor also stressed that no sensitive data was leaked during the breach, and it had taken “immediate action to remedy the issue.”

"Toshiba takes the security of its customers’ personal information very seriously and following this occurrence conducted an extensive internal review of all data protection procedures and protocols throughout the organisation," it added.