Data Breach

London Estate agency fined £80,000 for failing to protect tenants’ data

A London estate agency has been fined £80,000 by the Information Commissioner’s Office (ICO) for leaving 18,610 customers’ personal data exposed for almost two years.

The security breach happened when Life at Parliament View Ltd (LPVL) transferred personal data from its server to a partner organisation and failed to switch off an ‘Anonymous Authentication’ function.

This failure meant access restrictions were not implemented and allowed anyone going online to have full access to all the data stored between March 2015 and February 2017.

The exposed details included personal data such as bank statements, salary details, copies of passports, dates of birth and addresses of both tenants and landlords.

During its investigation, the ICO uncovered a catalogue of security errors and found that LPVL had failed to take appropriate technical and organisational measures against the unlawful processing of personal data. In addition, LPVL only alerted the ICO to the breach when it was contacted by a hacker.

The ICO concluded this was a serious contravention of the 1998 data protection laws which have since been replaced by the GDPR and the Data Protection Act 1998.

Steve Eckersley, Director of Investigations at the ICO said:

“Customers have the right to expect that the personal information they provide to companies will remain safe and secure. That simply wasn’t the case here.

“As we uncovered the facts, we found LPVL had failed to adequately train its staff, who misconfigured and used an insecure file transfer system and then failed to monitor it. These shortcomings have left its customers exposed to the potential risk of identity fraud.

“Companies must accept that they have a legal obligation to both protect and keep secure the personal data they are entrusted with. Where this does not happen, we will investigate and take action.”

 

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services