FOI requests reveal "thousands" of government data breaches

Government departments reported scores of breaches and made numerous notifications to the ICO between 2019 and 2020

UK government departments experienced "thousands" of data breaches between 2019 and 2020, raising concerns about the quality of security implemented by the institutions.

According to annual reports, as well as Freedom of Information (FOI) requests made by USB drive manufacturer Apricorn, 17 government departments experienced thousands of personal breaches between them during the 12-month period and made numerous notifications to the Information Commissioner’s Office (ICO)

Between 1 August 2019 and 31 July 2020, the Office of the data protection officer (DPO) received 1,291 Data Incident Reports in relation to the HM Passport Office (HMPO), of which all but 11 were ruled to be personal data breaches.  

NHS Digital experienced 38 personal data breaches during the timeframe, according to its 2019-2020 annual report and account, with 17 relating to employee data and 21 concerning patient data. However, only four of the incidents were deemed significant enough to be reported to the ICO.

The Driver and Vehicle Licensing Agency (DVLA) sumitted a higher number of incidents to ICO, with a total of 181 notifications made in the last year along, according to data from its annual report.

Apricorn's EMEA managing director Jon Fielding said that “it may be that these departments are dealing with thousands, even millions, of records containing personal data or sensitive information”.

“Given this, and the fact these are public bodies, we should certainly be concerned. Whether these are minor breaches that required no further action or not, it is clear that more needs to be done and departments need to be considering the tools necessary to bring this number down in years to come,” he added.

Commenting on the findings, Fielding said that “the large number of data incidents being reported may be in part due to the increased awareness and changes in processes when identifying and managing data breaches”. 

“The change in requirements in line with the GDPR will of course see a rise in the numbers now being reported to the ICO. The increase in remote working through Covid will also have introduced more security concerns with an upsurge of information on the move. 

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

“Needless to say, if the data is secure in the first instance, the number of breaches, and the need to report them, would obviously decline. Public sector bodies should follow the same process as any business would when it comes to mitigating risk. At the very least, data should be encrypted in transit and at rest so that, in the event defences are compromised, the data remains inaccessible,” he added. 

The study's findings come as Hackney Borough Council battles a "serious" cyber attack. The incident has knocked its online services and IT systems offline, although little has yet been disclosed about the nature of the attack. 

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021