|
Co-Op suffers data recovery security breach
A recent investigation by the Information Commissioner’s Office (ICO) found that funeral finance organisation Co-operative Life Planning suffered a significant breach of security during data recovery procedures.
The Co-op’s funeral planning division discovered that the personal data of 83,000 customers was leaked after a data recovery firm moved the files during an operation to salvage data. The firm was called in after a hard disk failure caused damage to the customer details files and hard disk recovery was required to retrieve the information. Although the work was successful, the data was retained on the servers of the data recovery company, and their servers were then hacked into.
The details of the Co-op’s customers were available online for a short period, before operators were alerted to the security breach. “The ICO’s investigation found that the software support services provider had no authorisation to copy the data from the organisation’s servers and failed to delete the information once the file had been repaired,” said the ICO in a statement summarising the case.
“CLP also failed to realise that the data had been transferred on two separate occasions and were unaware that customers’ details had been made available online.”
Thankfully the customers affected by the information leak were not thought to have been put at significant risk by the security breach, so the Co-op escaped being fined for leaking the data. However, the company was required to demonstrate it had implemented more stringent data security procedures.
The incident highlights the need for companies to hire only the most experienced and trustworthy data recovery firms, as the data recovered is often confidential and must be handled with appropriate care.
Editors Note: We'd like to make it clear that the data recovery firm at fault was NOT us.