Sign up for our Newsletter
Keep up to date with the latest IT news, tips and guides from Dragon IS and sign up here:
The incident occurred when the estate agent, Life at Parliament View Ltd (LPVL), passed the details from its own servers onto a partner company. An “Anonymous Authentication” function was not switched off, which meant there were no access restrictions to the data between March 2015 and February 2017.
The exposed details included bank statements, salary details, copies of passports, dates of birth and addresses of both tenants and landlords.
Writing on its website, the ICO said its investigations had uncovered a ‘catalogue of security errors’. LPVL had failed to take appropriate technical and organisational measures, in addition, only alerting the ICO to the breach when it was contacted by a hacker.
Steve Eckersley, Director of Investigations at the ICO, explains: “Customers have the right to expect that the personal information they provide to companies will remain safe and secure. That simply wasn’t the case here.
“As we uncovered the facts, we found LPVL had failed to adequately train its staff, who misconfigured and used an insecure file transfer system and then failed to monitor it. These shortcomings have left its customers exposed to the potential risk of identity fraud.
“Companies must accept that they have a legal obligation to both protect and keep secure the personal data they are entrusted with. Where this does not happen, we will investigate and take action.”
Commenting on the news, Lionel Naidoo, Director at Dragon IS, said: “This ruling should act as a wake-up call for other estate agents that the time to act on cybersecurity and data protection is now.
“We know that estate agents are a target for cybercriminals due to the valuable data they hold. We also know that small estate agencies are among the least likely to have cyber security measures in place, which puts them at even greater risk.
“The consequences of not acting could be huge – a data breach could hit the business financially, not just in the form of a fine but also in the lasting damage caused to reputation. Figures show that already this year 32% of businesses have experienced breaches or attacks, so there’s no time to waste.”
At Dragon IS, for more than a decade we have been supporting estate agencies to keep their IT systems efficient and secure. We specialise in working with growing estate agencies to provide comprehensive IT management services, supporting their day-to-day activities, as well as development needs.
For more information, see our blog: Is your estate agency a target for cyber criminals?