FOI requests reveal "thousands" of government data breaches

Government departments reported scores of breaches and made numerous notifications to the ICO between 2019 and 2020

UK government departments experienced "thousands" of data breaches between 2019 and 2020, raising concerns about the quality of security implemented by the institutions.

According to annual reports, as well as Freedom of Information (FOI) requests made by USB drive manufacturer Apricorn, 17 government departments experienced thousands of personal breaches between them during the 12-month period and made numerous notifications to the Information Commissioner’s Office (ICO)

Between 1 August 2019 and 31 July 2020, the Office of the data protection officer (DPO) received 1,291 Data Incident Reports in relation to the HM Passport Office (HMPO), of which all but 11 were ruled to be personal data breaches.  

NHS Digital experienced 38 personal data breaches during the timeframe, according to its 2019-2020 annual report and account, with 17 relating to employee data and 21 concerning patient data. However, only four of the incidents were deemed significant enough to be reported to the ICO.

The Driver and Vehicle Licensing Agency (DVLA) sumitted a higher number of incidents to ICO, with a total of 181 notifications made in the last year along, according to data from its annual report.

Apricorn's EMEA managing director Jon Fielding said that “it may be that these departments are dealing with thousands, even millions, of records containing personal data or sensitive information”.

“Given this, and the fact these are public bodies, we should certainly be concerned. Whether these are minor breaches that required no further action or not, it is clear that more needs to be done and departments need to be considering the tools necessary to bring this number down in years to come,” he added.

Commenting on the findings, Fielding said that “the large number of data incidents being reported may be in part due to the increased awareness and changes in processes when identifying and managing data breaches”. 

“The change in requirements in line with the GDPR will of course see a rise in the numbers now being reported to the ICO. The increase in remote working through Covid will also have introduced more security concerns with an upsurge of information on the move. 

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

“Needless to say, if the data is secure in the first instance, the number of breaches, and the need to report them, would obviously decline. Public sector bodies should follow the same process as any business would when it comes to mitigating risk. At the very least, data should be encrypted in transit and at rest so that, in the event defences are compromised, the data remains inaccessible,” he added. 

The study's findings come as Hackney Borough Council battles a "serious" cyber attack. The incident has knocked its online services and IT systems offline, although little has yet been disclosed about the nature of the attack. 

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021