Dumfries and Galloway Council apologises over email data breach
The council said that it followed the Information Commissioner's recommended assessments of risk to determine the "most appropriate course of action"."We are confident that there is no ongoing risk to individuals, and we remain committed to upholding the highest standards of data protection and privacy," it added."We apologise for any concern to those affected by this."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
BBC News
16-07-2025
- BBC News
Dumfries and Galloway Council apologises over email data breach
A council has apologised after a data breach saw a number of email addresses disclosed in and Galloway Council is understood to have sent the addresses out with a customer survey from its planning department.A statement for the authority said: "We would like to reassure all concerned that this was a low-risk event and that no sensitive personal information was shared."The local authority has taken immediate steps to address the issue and to further strengthen our data handling procedures." The council said that it followed the Information Commissioner's recommended assessments of risk to determine the "most appropriate course of action"."We are confident that there is no ongoing risk to individuals, and we remain committed to upholding the highest standards of data protection and privacy," it added."We apologise for any concern to those affected by this."
BBC News
17-06-2025
- BBC News
UK watchdog fines 23andMe for 'profoundly damaging' data breach
DNA testing firm 23andMe has been fined £2.31m by a UK watchdog over a data breach in 2023 which affected thousands of Information Commissioner's Office (ICO) said the company - which has since filed for bankruptcy - failed to put adequate measures in place to secure sensitive user data prior to the incident."This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions," said Information Commissioner John Edwards.23andMe is set to be sold to a new owner, TTAM Research Institute, which said it had "made several binding commitments to enhance protections for customer data and privacy." 23andMe's users were targeted by what is known as a "credential stuffing" attack in October 2023. This saw hackers use passwords exposed in previous breaches to access 23andMe accounts for which people had used the same or similar were able to access 14,000 individual accounts - and, through those, download information relating to about 6.9m people linked to as possible relations on the to the ICO, this included access to personal data belonging to 155,592 UK residents, such as names, year of birth, geographical information, profile images, race, ethnicity, health reports and family data did not include DNA records."As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number," said Mr Edwards. Due to its more sensitive nature, genetic data is considered special category data under UK data protection law and requires further protections and controlling it should consider having additional security measures in place to help secure it, according to the ICO's investigation - launched along with Canada's privacy commissioner last June - found that 23andMe breached UK data protection law by not having appropriate authentication and verification measures for customers during its login included not having mandatory multi-factor authentication to allow users logging in to verify themselves through additional means or company also did not have secure password requirements or more verification requirements for users trying to download raw genetic data, it Edwards said such failures and delays in resolving them "left people's most sensitive data vulnerable to exploitation and harm"."Their security systems were inadequate, the warning signs were there, and the company was slow to respond," he company says it resolved the issues identified during the ICO and the Office of the Privacy Commissioner of Canada (OPC)'s probe by the end of watchdogs recently called on 23andMe to protect the sensitive personal data of its customers amid its bankruptcy company was initially set to be sold to biotechnology company Regeneron Pharmaceuticals in a $256m 23andMe said on Friday it had agreed to the sale of its assets to TTAM Research Institute - a non-profit biotech organisation led by its co-founder and former chief executive Anne said the purchase of the company for a new price of $305m would come with binding commitments to uphold existing policies and consumer protections, such as letting customers delete their accounts, genetic data and opt out of research.A bankruptcy court is scheduled to hear the case for its approval on Wednesday.
The Guardian
23-05-2025
- The Guardian
Marks & Spencer's IT contractor investigating potential systems breach, report claims
An Indian company which operates Marks & Spencer's IT helpdesk is reportedly investigating whether it was used by cybercriminals to gain access to systems at the retailer, which is battling a devastating hack. M&S said this week that 'threat actors' had gained access to the retailer's systems through one of its contractors – understood to be Tata Consulting Services (TCS). The clothing, food and homeware retailer confirmed the hackers used 'social engineering' techniques to attack them, such as posing as a staff member to fool a helpdesk into giving away passwords. TCS, which has worked with M&S for more than a decade, has been helping the retailer with its inquiries into the cyber-attack, which began over the Easter weekend. The retailer said the attack could cost it up to £300m in profit. The Mumbai-based group is now conducting an internal inquiry, expected to conclude this month, into whether its employees or systems were linked to the attack, according to the Financial Times. Discerning the exact route the hackers took could be important for M&S and TCS as the Information Commissioner's Office (ICO), the UK's data watchdog, will examine who might face a fine for any loss of customer and staff data as a result of the hack. The ICO can impose a fine of up to £17.5m, or 4%, of worldwide annual turnover, whichever is greater, and will take into account the nature and seriousness of a failure, how individuals have been affected, and whether other regulatory authorities are already taking action. British Airways faced a £20m fine from the ICO in 2018 after hackers diverted traffic to a fake website allowing them to access personal data while Tesco Bank was hit with a £16.4m fine after hackers stole customer card details. M&S has been battling to recover for a month. The attack forced M&S to stop orders via its website, while deliveries of food and fashion into stores and some deliveries to its online food partner, Ocado, have also been disrupted. M&S has admitted that some personal information relating to thousands of customers – including names, addresses, dates of birth and order histories – was taken. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion The TCS investigation comes as M&S's operations continue to be disrupted by the hack, with stock levels in stores affected. Its website is not expected to be fully functioning again until July. The attack, which has been attributed to the hacking collective Scattered Spider, emerged days before similar cyber-attacks were reported against the Co-op and Harrods. Staff at some of The Co-op's grocery stores are still struggling to keep shelves fully stocked this week. TCS was approached for comment.
