UK nears 100 data breaches in six months

The information commissioner has bemoaned an 'alarming number' of data breaches among private and public bodies over the last six months

Nearly 100 leaks of sensitive personal information have been reported to the data-protection watchdog in the last six months.

Organisations are continuing to lose sensitive personal data — despite high-profile cases such as the HM Revenue & Customs (HMRC) data breach — and the Information Commissioner's Office (ICO) has warned chief executives to protect staff and customers' personal information following an "alarming number" of security breaches reported to his office in the past six months.

Since the security breach at HMRC in November last year, the ICO said it has been notified of almost 100 data breaches by public, private and third-sector organisations. The public sector accounted for 62 breaches and the private sector for 28.

The ICO said half of the private-sector breaches were reported by financial institutions. Of the public-sector lapses, almost a third occurred in central government, and a fifth in the NHS.

The breaches include unencrypted laptops going missing, as well as computer discs, memory sticks and paper records. Information has been stolen, gone missing in the post and while in transit with a courier. The ICO said the material includes a wide range of personal details, including financial and health records.

Richard Thomas, the information commissioner, said it was "particularly disappointing" that the HMRC breaches have not prevented other security breaches from occurring, and that the government, banks and other organisations need to regain the public's trust by being far more careful with personal information.

"Once again, I urge business and public-sector leaders to make data protection a priority in their organisation," Thomas said in a statement.

He said that, while an increasing number of chief executives appear to be taking data protection more seriously, more must be done to eradicate "inexcusable security breaches".

The ICO said that, in 16 of the cases, it has required the organisation to make changes to procedure to improve data security, such as employing encryption. In three instances, the lost information has been recovered.