Consider IT

Consider IT
Consider IT

2013

Local Authority fined £80k for losing unencrypted USB stick

North East Lincolnshire Council has been fined a monetary penalty of £80,000 (eighty thousand pounds) for failing to encrypt a USB stick that contained personal information about the physical or mental health of pupils and their teaching requirements as well as information about their home life.

On 1 July 2011 an unencrypted USB memory stick containing personal and sensitive personal data was lost on the data controller’s premises. A special educational needs teacher had been working with the information held on the USB stick while using a laptop that was connected to the data controller’s networked computer system.

When logging off the system and leaving the office for the day, the teacher forgot to remove the USB stick. When the teacher realised the mistake and tried to retrieve the USB stick, it was gone. To date, the USB stick has not been recovered. The data controller completed an internal investigation in response to the incident.

Stephen Eckersley, ICO head of enforcement, said: “Organisations must recognise that sensitive personal data stored on laptops, memory sticks and other portable devices must be encrypted.”

He went on to say: “North East Lincolnshire Council failed to do this by delaying the introduction of a policy on encryption for two years and then failing to make sure that staff were following the policy once it was finally implemented. This breach should act as a warning to all organisations that their data protection policies must work in practice, otherwise they are meaningless and fail to ensure people’s information is being looked after correctly.”

 

October 29, 2013
0

Google Apps Service Disruption

At about 3:25pm yesterday (Monday 23rd September 2013), Google Apps suffered some service issues. Clients were noticing issues sending or receiving emails.

Google estimated that this issue affected less than 0.024% of the GMail user base.

Their team provided updates constantly every hour and at 7PM they confirmed the issue was much more widespread than first thought, affecting 50% of GMail users.

At 3AM this morning (24th September), Google confirmed that the issue was resolved and provided this statement:

As of 1600 Pacific Time, Gmail message delivery and attachment download is functioning normally for all users. We apologize for the duration of today’s event; we’re aware that prompt email delivery is an important part of the Gmail experience, and today’s experience fell far short of our standards. We have analyzed the data on user impact and are providing a preliminary assessment of what occurred:

Between 0554 and 1530 Pacific Time today, 29.1% of messages received by Gmail users were delayed. The average (median) delay was just 2.6 seconds, but some mail was more severely delayed. However, this issue did not affect users’ access to the Gmail page or other functionality.

September 24, 2013
0

South Korea hit by cyber attack

A cyber alert was issued by South Korea after a hacking attack on government websites. Media sites and even the website of the presidential office were hit by an apparently co-ordinated attack on Tuesday morning. The identity of the hackers was not known, a government statement said.

Messages praising North Korean leader Kim Jong-un and claiming that hacking collective Anonymous was responsible were left on the hacked websites. However, Anonymous denied any involvement in the South Korean cyber-attacks on its official Twitter account, AFP news agency reported. In fact, the group Anonymous was said to have planned attacks against North Korean websites.

A number of North Korean websites went offline on Tuesday morning and appeared to have been targeted by hackers on Tuesday, South Korea’s Yonhap news agency reported, citing unnamed sources.

BBC Report: http://www.bbc.co.uk/news/world-asia-23042334

 

June 25, 2013
0

Glasgow City Council fined £150k for unencrypted laptops

The Information Commissioner’s Office (ICO) has issued Glasgow City Council with a penalty of £150,000 following the loss of two unencrypted laptops, one of which contained the personal information of over 20,000 people.

The serious breach of the Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a similar breach where an unencrypted memory stick containing personal data was lost.

In the latest incident, two unencrypted laptops were stolen from the council’s offices on 28 May last year. The laptops were stolen from premises which were being refurbished and where complaints of theft and a lack of security had been made. One laptop had been locked away in its storage drawer and the key placed in the drawer where the second laptop was kept, but the second drawer was subsequently left unlocked overnight, allowing the thief access to both laptops.

One of the laptops stolen contained the council’s creditor payment history file, listing the personal information of over 20,000 people, including 6,069 individuals’ bank account details.

The ICO’s investigation found that, despite the ICO’s previous warning and in breach of its own policy, the council had issued a number of its staff with unencrypted laptops after encountering problems with the encryption software. While most of these devices were later encrypted, the ICO also discovered that a further 74 unencrypted laptops remain unaccounted for, with at least six of these known to have been stolen.

The ICO has also served the council with an enforcement notice requiring it to carry out a full audit of its IT assets used to process personal data and arrange for all of its managers to receive asset management training. The council must also carry out a full check of all of its devices each year so that the asset register can be kept up to date.

Ken Macdonald, the ICO’s Assistant Commissioner for Scotland, said:

How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief. The fact that these laptops have never been recovered, and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.

Consider IT offer encryption services to all clients, so get in touch today if you’d like to discuss the various options available. Alternatively, click here to visit our encryption services page.

June 7, 2013
0

Important Reminder: Support for Windows XP ends on 8th April 2014

The support for Windows XP with Service Pack 3 ends 8th April 2014. If you’re running Windows XP with Service Pack 3 (SP3) after support ends, to ensure that you will receive all important security updates for Windows, you need to upgrade to a later version, such as Windows 7 or 8.

May 16, 2013
0

Unlock any iPhone 5 running iOS 6.1

As if Apple weren’t embarrassed enough…

iPhone_5_34L_Black_PRINTSome smart person has found a bug in iOS 6.1 which effectively renders the lock screen entirely useless. By doing a bit of this and a bit of that, applying for iPhone repair in San Diego maybe, whilst the phone is in a locked state, any person that knows the simple process can make use of the bug in iOS to unlock the iPhone 5 in a matter of seconds.

As IT Consultants, we’re not going to give you the process for doing it. We want to make users of the iPhone 5 aware of this serious security flaw so that you can be extra vigilant with your iPhone until Apple get around to releasing a fix for this mess.

By sliding to unlock, doing a few other things, then pushing the sleep/wake button, the phone will unlock as if you’ve entered the pin code (and no, you don’t enter the pin code!).

Apple are currently working on 6.1.3 which is in Beta just now, this should hopefully fix this gaping hole in their security.

(Edit: that’s Unlock as in unlock the phone using the 4 digit pin code, as opposed to unlocking it from the specific network operator).

February 26, 2013
0

ICO fines Nursing and Midwifery Council £150,000

The Information Commissioner’s Office has urged organisations to review their policies on how personal data is handled, after the Nursing and Midwifery Council was issued a £150,000 civil monetary penalty for breaching the Data Protection Act.

The council arranged for the DVDs, which contained confidential video files relating to alleged offences by a nurse as well information about two vulnerable children, to be couriered to a hearing in October 2011. Upon arrival it was found that the package didn’t contain the DVDs.

The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. An ICO investigation found the information was not encrypted. The DVDs are yet to be found.

David Smith, Deputy Commissioner and Director of Data Protection, said:

“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.
While many organisations are aware of the need to keep sensitive paper records secure, they forget that personal data comes in many forms, including audio and video images, all of which must be adequately protected.”

Further details about today’s case can be found on the ICO’s civil monetary penalty notice page.

 

February 18, 2013
0
CONSIDER IT FACEBOOK CONSIDER IT Twitter CONSIDER IT Linkedin

Contact Us

0131 510 0110
[email protected]
Find Us

Customer Service

Contact Us
Our Locations
Case Studies

Information

About Consider IT
Domains
Privacy Policy
Terms & Conditions
Press Enquiries

© 2025 Consider IT Limited – All Rights Reserved
Registered office: Waterview House, 37 Shore, Edinburgh, EH6 6QU. Company Number: SC320341 | VAT number: GB 930 1862 42
Consider IT is a trading name of Consider IT Limited