Heathrow Airport Fined by ICO Over Data Breach

Heathrow Airport Fined by ICO Over Data Breach
ICO News

It’s not every day when you see an airport coming under heat for security reasons. London’s Heathrow, one of the busiest airports in the world would be the last place you’d expect to be surrounded by security issues.

Recently, an ICO has fined the airport with £120,000 penalty for a data breach. The airport was accused of “catalog of shortcomings” over failing to secure data.

The investigation was started by the ICO after an airport member found a USB stick. This USB stick was misplaced by a Heathrow employee in October 2017.

The USB drive contained over a thousand files in 76 folders and did not feature any encryption or password protection. This allowed the member to view the contents of the drive at a local library.

Steve Eckersley, Director of Investigations for the ICO said

“Data protection should have been high on Heathrow’s agenda. But our investigation found a catalog of shortcomings in corporate standards, training and vision that indicated otherwise.”

He further commented

“Data protection is a boardroom issue and it is imperative that businesses have the policies, procedures, and training in place to minimize any vulnerabilities of the personal information that has been entrusted to them.”

Although there wasn’t a sizable sensitive and personal data on the stick, the ICO was concerned about a training video which exposed personal details of 10 individuals. The information that was leaked included names, date of birth, passport numbers and details of 50 Heathrow aviation security personnel. 

The leak came to light when its contents were shared with a national newspaper. The news outlet took copies of the data before returning the stick to Heathrow Airport Ltd. (HAL). Once the organization was informed about the leak, standard procedures were followed that including police reporting and hiring of a third-party to monitor the internet and the dark web.

Heathrow’s Security Concerns

The investigation carried out by the ICO found that out of the staff of 6,500, only two percent of HAL’s staff has received formal data protection training.

There were further concerns over the use of removable media which violated HAL’s own policies. This also included inefficient methods to prevent personal data from being used and downloaded onto unauthorized and unencrypted media.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

VKontake Launches Cryptocurrency Of Its Own - VK Coin
ICO News
Russian Social Media Giant Launches Cryptocurrency – April Fool Prank?

VKontake (a.k.a VK), the Russian Facebook rival, launched its own cryptocurrency. There are numerous flashes and reports about …

ICO News
JPMorgan Hiring For More Blockchain Jobs Than The Rest

It has been a wider known truther that the largest bank in America seeks to rush towards a …

Emaar Group Plans to Start an ICO

The Emaar group, the real estate firm behind the world’s tallest building has planned to develop its own …

Recent Blogs

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!