Toshiba’s website fail leads to user info leaking and a breach of the Data Protection Act
Toshiba has promised to up its website security, after a design error led to a data breach at the tech giant.
Personal data of 20 competition entrants was leaked on a Toshiba website, thanks to a web design error made by a third party. Compromised information included names, addresses, dates of birth and contact details.
The Information Commissioner’s Office (ICO) was informed about the breach by a member of the public back in September.
“It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure,” said Stephen Eckersley, the ICO’s head of enforcement.
“We are pleased that Toshiba Information Systems (UK) have committed to ensuring that any changes to applications on their website are thoroughly tested by both the developer and themselves, in order to keep the personal information they are collecting secure. We would urge other UK organisations with interactive websites to make sure they have suitable checks in place before collecting peoples’ details online.”
Toshiba has signed an undertaking, in which it has pledged to enforce “appropriate and proportionate data security testing on relevant web applications before they are launched”. This means Toshiba will have to keep a closer eye on its partners.
The ICO has the power to fine companies up to £500,000 for breaches of the Data Protection Act, but the leaked data was not deemed sensitive enough to warrant a monetary penalty.
The data protection watchdog is expected to announce a decision on the Sony breaches of last year in the next two weeks.
How much do you know about security? Try our quiz!