Ofcom suffers major security breach

Ex-employee offered sensitive data to major broadcaster

Ofcom has had the biggest security breach in its history after an ex-employee was caught offering confidential data on TV companies to his new employee, a major broadcaster.

The incident forced the media watchdog to send out dozens of letters explaining the breach to TV companies holding an Ofcom licence. It is believed the former employee managed to download as much as six years' worth of data, according to the Guardian.

In a statement, an Ofcom spokeswoman said: "On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee. This was a breach of the former employee's statutory duty under the Communications Act and a breach of the contract with Ofcom.

"Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It is believed that Ofcom was informed of the breach by senior executives at the unnamed broadcaster. The broadcaster is not thought to have exploited the data, which would have been quite useful from a competitive standpoint.

As no personal data was involved, it is not compulsory for the Information Commissioner's Office (ICO) to be notified, although it is understood that Ofcom informed the watchdog of the incident anyway.

Mark Bower, global director of product management at HPE Security - Data Security, said the event illustrates that even with a strong network perimeter in place, it just is not enough.

"Perimeter security is similar to a fence around a house. However, what if someone inside the house is the thief? Today it's imperative that organisations adopt a data-centric security approach that defends the data itself, typically by encryption or tokenisation.

"This ensures that no matter where the data resides if a hacker gets it, or in this case, an employee who is granted legitimate access, the data is protected and isn't useful. This ability to render data useless if lost or stolen is an essential benefit to ensure data remains secure."

David Gibson, VP of strategy and market development at Varonis, said that low-level workers can access and make off with highly sensitive information, often without anyone knowing.

Advertisement - Article continues below

"To make matters worse, outsider attackers often hijack employee or contractor credentials and then have the same free access as insiders. Organisations have to start doing a better job of tracking and analysing how users use data, profiling their roles and behaviours, mapping and reducing unwanted access, discovering sensitive data and locking it down or moving it out of harm's way," he said.

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/in-depth/354726/sonos-speakers-are-environmentally-unsound
In-depth

Sonos speakers are environmentally unsound

9 Feb 2020