Abortion provider BPAS fined £200,000 for data breach

Worried woman

An abortion provider has been fined £200,000 for a data breach that revealed almost 10,000 people's details to a hacker.

The hacker threatened to publish the names of people who had contacted the British Pregnancy Advisory Service's website for advice on pregnancy issues.

The Information Commissioner's Office said the fact BPAS had not realised its site stored details was "no excuse".

BPAS said the fine was "out of proportion" and plans to appeal.

Start Quote

The British Pregnancy Advice Service didn't realise their website was storing this information, didn't realise how long it was being retained for and didn't realise the website wasn't being kept sufficiently secure”

End Quote David Smith Information Commissioner's Office

The Information Commissioner's Office (ICO) investigation found the charity had failed to realise its website was storing the name, address, date of birth and telephone number of people who asked for a call back for advice on pregnancy issues.

The personal data was not stored securely, and a vulnerability in the website's code allowed the hacker to access the system and locate the information in March 2012.

The hacker threatened to publish the names of the individuals whose details he had accessed, but was prevented from doing so after the information was recovered by the police following an injunction obtained by BPAS.

He was subsequently given a prison term of 32 months.

David Smith, deputy commissioner and director of data protection at the ICO, said: "Data protection is critical and getting it right requires vigilance.

'Simple message'

"The British Pregnancy Advice Service didn't realise their website was storing this information, didn't realise how long it was being retained for and didn't realise the website wasn't being kept sufficiently secure.

"But ignorance is no excuse.

Start Quote

We accept that no hacker should have been able to steal our data but are horrified by the scale of the fine”

End Quote Ann Furedi, British Pregnancy Advisory Service

"It is especially unforgivable when the organisation is handing information as sensitive as that held by the BPAS."

Mr Smith added: "Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe.

"There's a simple message here: treat the personal information you are holding with respect. This includes making sure you know just what information you are holding and that it's subject to up-to-date and effective security measures."

Computer data The hacker was able to access BPAS data

BPAS chief executive Ann Furedi said: "We accept that no hacker should have been able to steal our data but are horrified by the scale of the fine, which does not reflect the fact that BPAS was a victim of a serious crime by someone opposed to what we do.

"BPAS is a charity which spends any proceeds on the care of women who need our help and on improving public education and knowledge on contraception, fertility and unplanned pregnancy.

"This fine seems out of proportion when compared with those levelled against other organisations who were not themselves the victims of a crime."

More on This Story

The BBC is not responsible for the content of external Internet sites

More Health stories

RSS

Features & Analysis

  • Prostitute in red light district in Seoul, South KoreaSex for soldiers

    How Korea helped prostitutes work near US military bases


  • LuckyDumped

    The rubbish collector left on the scrap heap as his city cleans up


  • A woman gets a Thanksgiving meal at a church in FergusonFamily fears

    Three generations in Ferguson share Thanksgiving reflections


  • Canada joins TwitterTweet North

    Canada's self-deprecating social media feed


BBC Future

Dreaming woman

Do we dream in slow motion?

The strange passage of time as we sleep Read more...

Programmes

  • All-inclusive holidaysThe Travel Show Watch

    With all-inclusive holidays seeing a resurgence are local trades missing out to big resorts?

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.