FOI requests reveal "thousands" of government data breaches

Government departments reported scores of breaches and made numerous notifications to the ICO between 2019 and 2020

UK government departments experienced "thousands" of data breaches between 2019 and 2020, raising concerns about the quality of security implemented by the institutions.

According to annual reports, as well as Freedom of Information (FOI) requests made by USB drive manufacturer Apricorn, 17 government departments experienced thousands of personal breaches between them during the 12-month period and made numerous notifications to the Information Commissioner’s Office (ICO)

Between 1 August 2019 and 31 July 2020, the Office of the data protection officer (DPO) received 1,291 Data Incident Reports in relation to the HM Passport Office (HMPO), of which all but 11 were ruled to be personal data breaches.  

NHS Digital experienced 38 personal data breaches during the timeframe, according to its 2019-2020 annual report and account, with 17 relating to employee data and 21 concerning patient data. However, only four of the incidents were deemed significant enough to be reported to the ICO.

The Driver and Vehicle Licensing Agency (DVLA) sumitted a higher number of incidents to ICO, with a total of 181 notifications made in the last year along, according to data from its annual report.

Apricorn's EMEA managing director Jon Fielding said that “it may be that these departments are dealing with thousands, even millions, of records containing personal data or sensitive information”.

“Given this, and the fact these are public bodies, we should certainly be concerned. Whether these are minor breaches that required no further action or not, it is clear that more needs to be done and departments need to be considering the tools necessary to bring this number down in years to come,” he added.

Commenting on the findings, Fielding said that “the large number of data incidents being reported may be in part due to the increased awareness and changes in processes when identifying and managing data breaches”. 

“The change in requirements in line with the GDPR will of course see a rise in the numbers now being reported to the ICO. The increase in remote working through Covid will also have introduced more security concerns with an upsurge of information on the move. 

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

“Needless to say, if the data is secure in the first instance, the number of breaches, and the need to report them, would obviously decline. Public sector bodies should follow the same process as any business would when it comes to mitigating risk. At the very least, data should be encrypted in transit and at rest so that, in the event defences are compromised, the data remains inaccessible,” he added. 

The study's findings come as Hackney Borough Council battles a "serious" cyber attack. The incident has knocked its online services and IT systems offline, although little has yet been disclosed about the nature of the attack. 

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020