View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 18, 2011

ICO warns child protection website over security loophole

Unencrypted form lying on the website for months made it vulnerable to hackers looking for sensitive personal details

By CBR Staff Writer

The Information Commissioner’s Office (ICO) has said that the Child Exploitation and Online Protection Centre (CEOP) and the Serious Organised Crime Agency (SOCA) – its parent organisation – have taken action after the discovery of a security loophole on CEOP’s website.

The ICO said that an investigation had revealed that an online form on the CEOP’s website had been insecure for several months. However the communications watchdog added that its probe did not find any hack attempts on the website.

The ICO came to know about the gitch when an individual complained about the glitch on the website that handles queries on sensitive topics such as child exploitation. The person alerted the ICO on 6 April, saying that the online form on the CEOP website was not encrypted, which means that some data on the data would have been vulnerable while they were being transmitted to CEOP’s servers.

The ICO said, "Both [SEOP and SOCA] organisations have now taken action to improve the security of the CEOP website in order to keep the personal information they handle secure.

The ICO has made the two organisations sign an undertaking that such incidents do not occur in future.

Acting Head of Enforcement Sally Anne Poole warned that organisations must make sure that any personal data transmitted electronically is adequately protected.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

"While there is no evidence to suggest that attempts have been made to access any of the information, it is highly likely that it would have been sensitive in nature and should not have been compromised by insufficient IT security measures.

"We are pleased that CEOP and SOCA have taken action to make sure that all of the information sent in by members of the public remains secure," Poole added.

The ICO also said that CEOP chief executive officer Peter Davies and SOCA Director General QPM Trevor Pearce, have jointly signed an undertaking to ensure that CEOP’s website is regularly tested so that the personal data they process remains secure and potential weaknesses are immediately identified.

CEOP will also introduce recommendations included in a recent Information Security Review and continue to make sure that they are followed, said the ICO.

The watchdog said that another undertaking has been signed today by Royal Liverpool and Broadgreen University Hospitals NHS Trust. The trust breached the Data Protection Act by losing the personal information of 49 patients in two separate incidents earlier this year.

"Royal Liverpool and Broadgreen University Hospitals NHS Trust has now agreed to make significant improvements to the way it keeps information secure. The trust will also undergo an audit from the ICO in order to further improve their compliance with the Act," said the ICO.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.