British Pregnancy Advice Services fined £200,000 after hacker stole information on thousands of women
Britain’s largest provider of abortions has been fined £200,000 after a hacker was able to access the names, addresses and telephone numbers of thousands of women who had sought advice on abortion, pregnancy and contraception.
The British Pregnancy Advice Service (BPAS) had been guilty of an “unforgiveable” failure to secure women’s private information, the Information Commissioner’s Office (ICO) said, which allowed James Jeffery, a hacker associated with the global hacking group Anonymous, to access women’s details in March 2012.
Mr Jeffery, who was jailed for 32 months after being tracked by specialist e-crime police officers, had threatened to publish the information and posted anti-abortion messages on BPAS’s website.
The charity said yesterday that it was “horrified” by the scale of the fine, adding that it had been “a victim of a serious crime by someone opposed to what we do” and would appeal the Information Commissioner’s decision. Ann Furedi, the charity’s chief executive, said that, as a hacker who opposed abortion, Mr Jeffery was being “rewarded” by such a heavy fine being imposed on an abortion provider.
An ICO investigation found that BPAS had not realised that its website had stored the names, addresses, dates of birth and telephone number of people who had asked for a call back for advice on pregnancy issues. A vulnerability in the website’s coding “allowed the hacker to access the system and locate the information”, the ICO said.
David Smith, the ICO’s deputy commissioner and director of data protection, said that “ignorance” was “no excuse” for health organisation’s holding personal data.
“Data protection is critical and getting it right requires vigilance…” he said. “It is especially unforgiveable when the organisation is handling information as sensitive as that held by BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe.”
BPAS alerted the police immediately after the hacking and sought an injunction against the information being published. Mr Jeffery was arrested at his home in the West Midlands after police tracked him through his computer’s IP address.
Ms Furedi said that BPAS accepted that “no hacker should have been able to steal data” but challenged the scale of the ICO’s penalty.
“BPAS is a charity which spends any proceeds on the care of women who need our help and on improving public education and knowledge on contraception, fertility and unplanned pregnancy,” she said. “This fine seems out of proportion when compared with those levelled against other organisations who were not themselves the victims of a crime. It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way.”
Mr Jeffery attacked the site because of his objection to the decision of two women he knew to seek abortion, Southwark Crown Court heard during his trial in April 2012.
He wrote on the BPAS website: “An unborn child does not have an opinion, a choice or any rights. Who gave you the right to murder an unborn child and profit from that murder?”
The fine comes amid an atmosphere of heightened concern around the security of patient data held by healthcare organisations. Plans to extract patient records from every GP surgery in England and keep them in a central database have been delayed to give the NHS time to reassure the public that the data will be secure and put to appropriate uses.
The privacy campaign group Medconfidential told The Independent that BPAS’s experience illustrated the importance of healthcare organisations ensuring their data is protected “with the highest level of security”.
Boris Nemtsov shot dead: Putin critic may have been murdered by Islamic extremists, says president-led committee
Stephen Hawking's wife Jane Wilde on their marriage breakdown: 'The family were left behind'
British are sexually uptight, dirty and drink too much – according to Spanish book
PornHub turns masturbation into energy in bid to save the planet
White and gold or blue and black – what colour is the dress? An eyewitness gives a definitive answer
New theory could prove how life began and disprove God
This is what it's like to be dead, according to a guy who died for a bit
'Cash for access' scandal: Sir Malcolm Rifkind says 'unrealistic' for MPs to live on £67,000 salary
'Jihadi John': CAGE representative storms off Sky News accusing Kay Burley of Islamophobia
Ukip would cut billions from Scottish budget to fund English tax cuts
Russia's roadmap for annexing eastern Ukraine 'leaked from Vladimir Putin's office'
- 1 The black and blue dress: Makers considering a white and gold version
- 2 Husband and wife die holding hands within hours of each other after 67 years of marriage
- 3 PornHub turns masturbation into energy in bid to save the planet
- 5 Saudi Muslim cleric claims the Earth is 'stationary' and the sun rotates around it