ICO Probes CEOP Over Unencrypted Data Breach

The Information Commissioner’s Office (ICO) has confirmed that it has begun an investigation over a possible security breach at the Child Exploitation and Online Protection Centre (CEOP) following the discovery of unencrypted personal details.

The discovery, said to have been made by a member of the public is potentially serious as CEOP is the agency responsible for dealing with sex offenders.

Hypothetical Risk

The alleged security breach at CEOP is said to be from hyperlinks to a confidential page on the agency’s website, where people can report incidents of possible abuse.  Users who follow links to the site from Google or Facebook are directed to an unencrypted page, but if users opt to file a report they are then directed to a SSL-secured webpage.

However, the concern is that, because the initial landing page was an unencrypted webpage, a search query or other action carried out on the unsecured CEOP site could hypothetically have been observed or intercepted by other web users, because their actions were effectively sent in the clear.

The incident certainly seems to be a security oversight by CEOP, rather than an actual real life data breach. And of course, it also assumes a high level of technical expertise on behalf of the person supposedly intercepting these ‘in the clear’ transmissions.

However, the sensitive nature of CEOP’s work means that the ICO is now involved, and it confirmed to eWEEK Europe that it was investigating the matter.

“We are making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken,” said the ICO spokesperson.

No Evidence Of Breach

“The risk was a hypothetical one and there is no evidence to suggest anyone’s details have been jeopardised,” CEOP’s CEO, Peter Davies, said in an emailed statement. “We thank the member of the public who brought this issue to our attention and have rectified the problem so people can continue to report any concerns they have to us, with the reassurance that their report will remain secure.”

Peter Davies succeeded former CEOP chief executive Jim Gamble, who resigned late last year over concerns about government plans to roll CEOP into the National Crime Agency, which he felt would not benefit children.

The CEOP agency gained a lot of publicity last year thanks to its lobbying of the likes of Facebook to place a “panic button” on the social network for threatened children to use, if they thought a paedophile might be pestering them online.

Facebook initially resisted the idea, but it finally reached a compromise with CEOP, stating that both organisations were “aligned on making the Internet safer.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

1 day ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

1 day ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

1 day ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

2 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

2 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

2 days ago