BPAS Appeals £200,000 Fine Over Hacked Website 104
DW100 writes "A UK charity that provides help and guidance for women seeking abortions has been fined £200,000 after a hacker breached its website in 2012 and was able to gather data on 9,900 people that had requested help from the organization. The hacker was given almost three years in jail for the attack. The charity's CEO has condemned the decision, arguing it rewards the hacker for his efforts."
The data was unintentionally stored in their CMS after miscommunication with a contractor, and they never performed security audits. Martin S. writes "The BPAS is appealing a £200,000 fine imposed by the ICO after their website was hacked by an Anonymous anti-abortion extremist. The amount is particularly egregious when perpetrators of willful data theft often attract fines of only a few thousand pounds."
Re:Low hanging fruit... (Score:5, Informative)
That's not how ICO fines work.
The way they work is this: If you suffer a data breach that the ICO hears off, they'll investigate.
Once the investigation is complete, they'll do a few things:
1. Write a beautifully-worded press release explaining exactly what you did wrong and put it on the news wires.
2. Write an equally beautifully-worded report explaining what you did wrong in explicit detail.
3. Issue a thumping great fine.
It's important to note that they don't have to take an organisation to court to raise this fine. It's the other way around - if your organisation gets fined, it's down to you to raise an appeal.