Ofcom suffers major security breach

Ex-employee offered sensitive data to major broadcaster

Ofcom has had the biggest security breach in its history after an ex-employee was caught offering confidential data on TV companies to his new employee, a major broadcaster.

The incident forced the media watchdog to send out dozens of letters explaining the breach to TV companies holding an Ofcom licence. It is believed the former employee managed to download as much as six years' worth of data, according to the Guardian.

In a statement, an Ofcom spokeswoman said: "On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee. This was a breach of the former employee's statutory duty under the Communications Act and a breach of the contract with Ofcom.

"Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties."

Advertisement
Advertisement - Article continues below

It is believed that Ofcom was informed of the breach by senior executives at the unnamed broadcaster. The broadcaster is not thought to have exploited the data, which would have been quite useful from a competitive standpoint.

As no personal data was involved, it is not compulsory for the Information Commissioner's Office (ICO) to be notified, although it is understood that Ofcom informed the watchdog of the incident anyway.

Mark Bower, global director of product management at HPE Security - Data Security, said the event illustrates that even with a strong network perimeter in place, it just is not enough.

"Perimeter security is similar to a fence around a house. However, what if someone inside the house is the thief? Today it's imperative that organisations adopt a data-centric security approach that defends the data itself, typically by encryption or tokenisation.

"This ensures that no matter where the data resides if a hacker gets it, or in this case, an employee who is granted legitimate access, the data is protected and isn't useful. This ability to render data useless if lost or stolen is an essential benefit to ensure data remains secure."

David Gibson, VP of strategy and market development at Varonis, said that low-level workers can access and make off with highly sensitive information, often without anyone knowing.

"To make matters worse, outsider attackers often hijack employee or contractor credentials and then have the same free access as insiders. Organisations have to start doing a better job of tracking and analysing how users use data, profiling their roles and behaviours, mapping and reducing unwanted access, discovering sensitive data and locking it down or moving it out of harm's way," he said.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019