The Information Commissioner’s Office (ICO) has confirmed that it will look into allegations that personal information belonging to entrants into the recent London Marathon was accidentally shared online.
According to the BBC, the home and email addresses of the 38,000 people who took part in the race were published on the organiser’s website. Organisers said the error was quickly spotted and the information removed, but the BBC has claimed the data was visible online for a full day.
The error occurred when the names and addresses of participants were included in the section where they could claim their medals at the end of the race. Politicians and celebrities who took part would have had their details exposed.
The BBC said it was first alerted after a member of the public found information relating to a BBC TV presenter on the site. The corporation then alerted organisers, who had been unaware of the issue.
"We apologise for this error," said Nick Bitel, the chief executive of the London Marathon. "We immediately made sure that the glitch was corrected." We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public."
The ICO said in a statement that it would look into the issue. "We’re aware of a possible data breach involving the website of the organisers of the London Marathon. We will be investigating this, before deciding what action, if any, needs to be taken," it said.
John Thielens, Chief Security Office at Axway, backed the ICO’s investigation but warned that it must be tougher on data breaches if security is to be improved.
Content from our partners
"The ICO’s intention to investigate is good and right, it has to happen. However, without more effective closure over cases, this is a problem that will just not go away. Since its inception the ICO has received 26,277 complaints, yet only 14 monetary penalties have been served."
"Stronger enforcement will lead to better security. It isn’t just about the ICO acting as a deterrent; organisations should feel a moral obligation to protect their customers and our citizens," he added.
"There are a number of key questions that need to be investigated with the London Marathon breach," Thielens added. "What kind of records have they kept, can they quantify how many downloads there were of this information. Until this information is fully disclosed, we may never know how big the breach was and how they can learn to better protect our vital information."
