Ofcom suffers major security breach

Ex-employee offered sensitive data to major broadcaster

Ofcom has had the biggest security breach in its history after an ex-employee was caught offering confidential data on TV companies to his new employee, a major broadcaster.

The incident forced the media watchdog to send out dozens of letters explaining the breach to TV companies holding an Ofcom licence. It is believed the former employee managed to download as much as six years' worth of data, according to the Guardian.

Advertisement - Article continues below

In a statement, an Ofcom spokeswoman said: "On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee. This was a breach of the former employee's statutory duty under the Communications Act and a breach of the contract with Ofcom.

"Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties."

It is believed that Ofcom was informed of the breach by senior executives at the unnamed broadcaster. The broadcaster is not thought to have exploited the data, which would have been quite useful from a competitive standpoint.

Advertisement
Advertisement - Article continues below

As no personal data was involved, it is not compulsory for the Information Commissioner's Office (ICO) to be notified, although it is understood that Ofcom informed the watchdog of the incident anyway.

Advertisement - Article continues below

Mark Bower, global director of product management at HPE Security - Data Security, said the event illustrates that even with a strong network perimeter in place, it just is not enough.

"Perimeter security is similar to a fence around a house. However, what if someone inside the house is the thief? Today it's imperative that organisations adopt a data-centric security approach that defends the data itself, typically by encryption or tokenisation.

"This ensures that no matter where the data resides if a hacker gets it, or in this case, an employee who is granted legitimate access, the data is protected and isn't useful. This ability to render data useless if lost or stolen is an essential benefit to ensure data remains secure."

David Gibson, VP of strategy and market development at Varonis, said that low-level workers can access and make off with highly sensitive information, often without anyone knowing.

"To make matters worse, outsider attackers often hijack employee or contractor credentials and then have the same free access as insiders. Organisations have to start doing a better job of tracking and analysing how users use data, profiling their roles and behaviours, mapping and reducing unwanted access, discovering sensitive data and locking it down or moving it out of harm's way," he said.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020
Visit/business-strategy/it-infrastructure/356258/the-growing-case-for-it-flexibility
Sponsored

The growing case for IT flexibility

30 Jun 2020