recent work

Website security flaw leads sensitive data vulnerable

A security flaw on the Child Exploitation and Online Protection Centre (CEOP) website, which came to light following a complaint to the Information Commissioner’s Office (ICO), has meant the organisation, and its parent organisation, the Serious Organised Crime Agency (SOCA) has taken action to rectify the situation.

An unencrypted online form is at the centre of the complaint; this lack of security could have led to sensitive data being left in a state of vulnerability during transfer between servers. The form itself had been left unencrypted for some months ‘although there was no evidence to suggest that any attempts had been made to access the information’.

Acting Head of Enforcement, Sally Anne Poole said:

“Organisations must make sure that any personal data transmitted electronically is adequately protected. While there is no evidence to suggest that attempts have been made to access any of the information, it is highly likely that it would have been sensitive in nature and should not have been compromised by insufficient IT security measures.

“We are pleased that CEOP and SOCA have taken action to make sure that all of the information sent in by members of the public remains secure.”