- Jul 27, 2015
- 5,459
Britain's data watchdog has slapped construction business Interserve Group with a potential £4.4 million ($4.98M) fine after a successful phishing attack by criminals exposed the personal data of up to 113,000 employees.
The Information Commissioner's Office said the Berkshire-based company failed to exercise good security hygiene, missing alerts and more, and so was deemed to have broken data protection laws. In a classic sting, one member of Interserve's workforce forwarded the email containing the hidden nasty to a colleague, who then opened it and downloaded the content, allowing the malware to do its work. The anti-virus in use quarantined the malware and dispatched an alert, but Interserve "failed to thoroughly investigate the suspicious activity," and doing so might have revealed the bad actor had obtained access to company systems.
ICO fines Interserve £4.4m for security malpractise
Staff member bit on lure, ultimately exposed up to 113,000 colleagues' personal information
www.theregister.com