Foreign Office admits data breach

The ICO's had a word...

The Foreign and Commonwealth Office (FCO) has been found to have breached the Data Protection Act following an investigation.

The Information Commissioner's Office (ICO) investigated the FCO after Channel 4 News alerted it to the fact personal details belonging to visa applicants were accessible by anyone visiting certain websites.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

The ICO was alerted to a security breach on the website of UKvisas, the joint Home Office and FCO Directorate responsible for visa processing, and immediately launched an investigation into the site. The problem emerged back in May on the visa application websites run by UKvisas' commercial partner, VFS.

As soon as the breach was exposed, UKvisas closed down all of the VFS-run websites in India, Nigeria and Russia in order to rectify the problem.

The FCO has signed a formal undertaking to comply with the Data Protection Act, with failure to do so resulting in further ICO action.

Mick Gorrill, assistant commissioner at the ICO, said organisations have a duty to keep personal information secure and failure to do so will lead to people losing confidence and trust in them.

Mark Sedwill, director of UKvisas, said the organisation regrets mistakes were made but no evidence has been found the details were exploited and no visas were wrongly issued as a result.