An online Rugby World Cup competition run by Toshiba Information Systems UK last year exposed 20 people's personal data, the Information Commissioner's Office has found.
A member of the public made a complaint in September 2011 about the online competition, which logged competitors using a sequential registration URL. Personal data, including names, addresses, telephone numbers, and email addresses, were exposed for a two month period, said the ICO in an undertaking signed by Toshiba Information Systems UK.
"There is a suggestion that a small number of entrant's details were accessed by a third party," an ICO spokeswoman told ZDNet UK on Tuesday.
Toshiba used a third party web developer to design the competition website, and had failed to thoroughly test the design, ICO head of enforcement Stephen Eckersley said in a statement.
"It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure," Eckersley said. "We are pleased that Toshiba Information Systems (UK) have committed to ensuring that any changes to applications on their website are thoroughly tested by both the developer and themselves, in order to keep the personal information they are collecting secure."