The UK’s Information Commissioner’s Office (ICO) has fined Merseyside-based law firm DPP Law Ltd £60,000 following a cyberattack that exposed sensitive personal information on the dark web.
The ICO investigation revealed that DPP failed to implement adequate security measures to protect the personal data stored electronically. Cybercriminals accessed the firm’s network through an unused administrator account that lacked multi-factor authentication (MFA). This allowed the hackers to steal a large amount of data, which was later published online.
Andy Curry, Director of Enforcement and Investigations (Interim), stated, “Our investigation shows we will hold organizations accountable for failing to notify affected individuals when there is a clear obligation to do so.”
He emphasized the importance of data protection, stating, “Data protection is a legal requirement. This fine serves as a clear message that failing to secure personal data results in serious financial and reputational consequences.”
DPP Law Ltd specializes in criminal law, military law, family fraud, sexual offenses, and actions against the police. This breach highlights the risks companies face when failing to properly secure sensitive personal data.
Also read : India is making impressive strides in adopting Generative AI (GenAI) technologies, with a report revealing that 86% of Indian businesses already have a strategy in place. This far exceeds the global average of 55% and the A