In-depth

Top 10 most embarrassing data breaches

Inspired by a notable security gaffe at BP, we give our rundown of the most embarrassing data breaches in recent memory.

1 Apr 2011

Every data breach brings the risk of embarrassing not only the company involved but also those whose information is compromised.

All too often we see breaches where truly sensitive data, such as medical information, is leaked, harming the organisation's reputation and infringing people's privacy simultaneously.

As a case in point, this week BP was guilty of losing a laptop containing personal data on around 13,000 claimants from the disastrous Deepwater Horizon oil spill of 2010.

Given the furore surrounding the oil spill, that particular loss was made all the more embarrassing for the firm.

Inspired by such epic gaffes, we've drawn together the 10 most mortifying breaches in recent memory.

10. First ICO fines

There have been far worse breaches than those that occurred at Hertfordshire County Council and employment services company A4e last year.

The reason why these two have been included in the list (making it a top 11 really) is that they were the first to be punished with an Information Commisioner's Office fine.

The anticipation in the lead up to the ICO's first monetary punishments meant whoever was forced to pay up would be left blushing.

Admittedly, their errors were fairly shaming in themselves. The council was reprimanded for two serious incidents when employees faxed highly sensitive personal information to the wrong recipients.

A4e had an unencrypted laptop stolen, which contained personal data on 24,000 people who had used community legal advice centres in Hull and Leicester.

If and when the ICO hands out the maximum 500,000 fine, the guilty organisation can expect to be even more shamefaced.