This story is a New Testament to poor security
ICO smites Bible Society, well fines it £100k...
The Information Commissioner's Office has not so much rained fire and brimstone down the British and Foreign Bible Society as drizzled it with a £100,000 fine - after the personal data of 417,000 supporters was put at risk due to a cyber attack. As a result of a ransomware attack in 2016, intruders were able to exploit a …
COMMENTS
-
Friday 8th June 2018 11:44 GMT Anonymous Coward
No, they shouldn't be fined!
Because not protecting their data amounts to turning the other cheek (as required by the rules), and the flock whose privates have been exposed should be forgiving the Bible Society. And the ICO, who are THEY to sit in judgement....etc etc
Today's thought is for the Bible Society, and comes from the New International Version, Psalm 19:2 "Day after day they pour forth speech; night after night they reveal knowledge"
-
Friday 8th June 2018 11:49 GMT Richard 22
How is this helpful?
So, because an organisation which relies on credit card donations for funding was not careful with those cardholder details, they're fining the organisation £100000. Money, which the organisation got from the cardholders. So the the cardholders are paying the fine for something which potentially injured them, and which wasn't their fault. Something feels wrong about this...
-
Friday 8th June 2018 12:08 GMT Anonymous Coward
Re: How is this helpful?
Like all fines its not just about punishing the guilty, it is also about making others sit up and listen.
Sadly the approach doesn't really work because the fine's are not based on income but generally fixed and out of date.
In this case, though I suspect it will work as few charities can afford to just soak up a £100K fine.
Having written system's for charities over the years the common theme in my experience is they are run by people who want to do good, but not necessary component to run a company, as such the Bible Societies example here rings true with my experiences elsewhere.
-
Friday 8th June 2018 12:24 GMT big_D
Re: How is this helpful?
The same is true of any organization or company... Its money had to come from somewhere, either paying customers, paying supporters or the general population (taxes for governmental departments and institutions).
Using your argument, no company should ever be fined, no matter what they do, because they are not being hurt, because their customers are paying for it...
-
Friday 8th June 2018 12:38 GMT Dodgy Geezer
Re: How is this helpful?
...So the the cardholders are paying the fine for something which potentially injured them, and which wasn't their fault....
This is the case for all commercial organisations.
Any such organisation provides services in return for money. The money either comes in from the customers, or, frequently nowadays, from taxpayers. When it is hit with a fine, that just means the customers get less value for their money.
Even if we are talking about a highly competitive multi-company environment, hitting one company with a fine will make it less competitive, and hence less of a danger to its competitors. So they can raise prices a bit more.
Fines work against individual people. They are pointless against companies, and especially pointless against government organisations.
-
-
-
Monday 11th June 2018 11:01 GMT Anonymous Coward
Re: How is this helpful?
CEOs and directors should be held accountable where negligence can be proven, ie they were aware of security weaknesses but didn’t instigate work to fix the issue. Sysadmins should get sacked for misconduct / gross misconduct if they didn’t follow due process, implement the standards that have been defined by the organisation when requested to do so.
-
-
-
Tuesday 12th June 2018 02:59 GMT david 12
Re: How is this helpful?
>This is the case for all commercial organisations.<
Commercial organisations are the same as not-for-profits? Right, I'll go tell my boss he should re-organise the company as a not-for profit. I'll tell him that "only customers and taxpayers" are affected by profits.
-
-
Monday 11th June 2018 14:12 GMT Sam Therapy
Re: How is this helpful?
At least it averages out to a little less than 25p per person so, unfair as it is, it could have been worse.
It would be better, however, to make the top brass - or equivalent thereof - directly responsible and hit them with a fine and possibly some time in HM hostelry.
-
-
Friday 8th June 2018 12:04 GMT Panicnow
OK if they pro-rata the fine when its applied to big business
Bet there is an upper limit so they get off!
All these "regulations" are designed to impact small businesses more than big.
ICO reg is £40 max £2900, so % of turnover dropped for big business
Compliance is typically the same for a small business as a large one, again this impacts small business more than big business.
My calcualtions are the compliance for any small business is now over a one man-year task.
Accounting, Tax forms, Pension, GDPR, planning, H&S, I could go on.
Regulation is designed by those who go to the meetings, When could a plumber afford to go to "consultations"? British Gas, BT, Google et al can send teams!
-
-
Friday 8th June 2018 12:31 GMT }{amis}{
Re: OK if they pro-rata the fine when its applied to big business
My possibly erroneous understanding is that changes to the law cannot affect a running case in the UK at least.
The idea is that the government can't create a new law and then backdate its effect to shaft someone who has offended them,
-
Friday 8th June 2018 13:34 GMT Anonymous Coward
Re: OK if they pro-rata the fine when its applied to big business
"The idea is that the government can't create a new law and then backdate its effect to shaft someone who has offended them, [...]"
While apparently true - that doesn't stop the government declaring possession of something as illegal. Even if it has been possessed legally for many years previously.
A general exception could be the introduction of the change to the principle of "double jeopardy". That then made it possible to retry someone for an historical crime - of which they had previously been found not guilty.
-
Friday 8th June 2018 13:52 GMT Ben Tasker
Re: OK if they pro-rata the fine when its applied to big business
> The idea is that the government can't create a new law and then backdate its effect to shaft someone who has offended them,
Unless, of course, they've realised that a department... say GCHQ... wasn't actually exempted from, I dunno, lets say the Computer Misuse Act and so passed an amendment and applied it retrospectively in response to that department being sued.
That's totally different, you understand...
-
-
-
-
Friday 8th June 2018 16:08 GMT frank 3
Re: OK if they pro-rata the fine when its applied to big business
"My calcualtions (sic) are the compliance for any small business is now over a one man-year task.
Accounting, Tax forms, Pension, GDPR, planning, H&S, I could go on."
You could go on, but please don't, because you would be talking from your fundament. Most business regulations don't apply to micro-businesses (fewer than 10 people). But either way, as a small business owner, I can absolutely confirm that your statement is not accurate, so please don't spread FUD. We have the Daily Mail for that.
-
Saturday 9th June 2018 09:51 GMT Panicnow
Re: OK if they pro-rata the fine when its applied to big business
You are out of date, most regulation now applies to all business regardless of size. GDPR, Pensions, H&S, and of course all tax stuff. Transport regs, (e.g. taxi), Gas, electric, trade, house rental,
I have creates 10s of small businesses I DO know!
-
-
-
Friday 8th June 2018 12:27 GMT Paul Herber
Religeous types should be brilliant at IT. Moses brought down 2 tablets from Mt Sinai, I assume they were Apples, joining up with a previous story in the book. And this Job character, obviously instigated batch-processing. Numbers, well, where would data processing be without numbers? Exodus? That's Friday lunchtimes down the pub.
-
This post has been deleted by its author
-
-
Friday 8th June 2018 13:44 GMT Anonymous Coward
Re: Holy orders
"The Lord giveth and the ICO take away"
Their god moves in mysterious ways. Maybe the ICO is a milder form of retribution than the proverbial bolt of lightning - or is possibly a modern type of plague.
On the other hand they will probably say it shows their god's disapproval of governments allowing same-sex marriages.
-
-
Friday 8th June 2018 13:36 GMT tiggity
let off lightly
100 grand for over 400K users details
It did not specify how many of those had credit card data (or how detailed the CC data was e.g. obfuscated card (not all digits stored - e.g. just last 4), full card, encrypted (properly), no card details just tokens etc.)
But given the huge amount of time it takes (defrauded person) to resolve card fraud (& problems of getting some fraudulent transactions refunded) then its not a biblical old testament level of punishment
(SO had card physically stolen a while ago so recent experience of how much time spent on phone to bank anti fraud team is requited to get things resolved - it took quite a long time)
-
Saturday 9th June 2018 17:11 GMT Claverhouse
>"Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated."<
It is appalling that contributors to The British and Foreign Bible Society should be outed as Christians.
-
Monday 11th June 2018 00:03 GMT Anonymous Coward
A study is to be made about any increase in anti-Christian hate crimes. Some articles have suggested it is down to the UK becoming more secular - but some examples seem to be of vicars being threatened by people whose fervent Christian belief has taken over their reason.
-
Monday 11th June 2018 14:58 GMT Loyal Commenter
A study is to be made about any increase in anti-Christian hate crimes.
That sounds very much like designing the study to fit your (pre-determined) conclusions. Part of the reason why we need a 'journal of negative results', and study registrations to ensure results are published, to mitigate the situation where someone sponsors a study and then throws it away when it doesn't give the conclusion they want.
If we're talking about comparative studies of how religious and non-religious people behave, how about this one, which gives the opposite conclusion to that which many Christians would expect:
https://www.cell.com/current-biology/abstract/S0960-9822(15)01167-7?code=cell-site
-
-
-
This post has been deleted by its author
-
Monday 11th June 2018 10:31 GMT Old Englishman
Not sure that a charity like the bible society exactly has £100k just lying around unused. It's quite hard on a small charity.
There will be more of this sort of thing. Every organisation has to be on the web; but the web is inherently insecure. Making things secure is impossible; or at least, very expensive. Charities don't have the resources to do this; so they get fined for the web being insecure by design.
I'm not sure what the answer is, but I can't help feeling something is amiss.