London Marathon Faces ICO Investigation

Organisers of the London Marathon could be reprimanded after it accidentally published personal details of entrants on its official website.

The Information Commissioner’s Office (ICO) has confirmed to TechWeekEurope that it will be investigating the alleged data breach.

Go the distance

The home and email addresses of participants, including model Nell McAndrew and shadow chancellor Ed Balls, were posted in the section where medals inscribed with individual times can be ordered.

The breach was first discovered when a television presenter was contacted by someone who had found their home address on the website, and the BBC made the organisers aware of the leak on Monday evening. The error has been rectified, but the organisers could face action for violating the Data Protection Act.

“We’re aware of a possible data breach involving the website of the organisers of the London Marathon,” an ICO spokesperson told TechWeekEurope. “We will be investigating this, before deciding what action, if any, needs to be taken.”

“Organisations need to be able to identify sensitive information and make sure it remains safe,” commented Carl Leonard, senior manager at Websense Security Labs. “Accidents happen, so protecting confidential data is essential if you don’t want to risk cybercriminals running away it.”

The ICO has vowed to crack down on rule breakers in 2012 and issued an £80,000 fine to East Cheshire Council for not doing enough to protect personal data in February. Toshiba promised to improve its website security after a design error led to information about competition entrants being posted online and Durham University was rapped for publishing personal information about former students and staff on its website.

How well do you know Internet security? Try our quiz and find out!