British Pregnancy Advice Services fined £200,000 after hacker stole information on thousands of women
Britain’s largest provider of abortions has been fined £200,000 after a hacker was able to access the names, addresses and telephone numbers of thousands of women who had sought advice on abortion, pregnancy and contraception.
The British Pregnancy Advice Service (BPAS) had been guilty of an “unforgiveable” failure to secure women’s private information, the Information Commissioner’s Office (ICO) said, which allowed James Jeffery, a hacker associated with the global hacking group Anonymous, to access women’s details in March 2012.
Mr Jeffery, who was jailed for 32 months after being tracked by specialist e-crime police officers, had threatened to publish the information and posted anti-abortion messages on BPAS’s website.
The charity said yesterday that it was “horrified” by the scale of the fine, adding that it had been “a victim of a serious crime by someone opposed to what we do” and would appeal the Information Commissioner’s decision. Ann Furedi, the charity’s chief executive, said that, as a hacker who opposed abortion, Mr Jeffery was being “rewarded” by such a heavy fine being imposed on an abortion provider.
An ICO investigation found that BPAS had not realised that its website had stored the names, addresses, dates of birth and telephone number of people who had asked for a call back for advice on pregnancy issues. A vulnerability in the website’s coding “allowed the hacker to access the system and locate the information”, the ICO said.
David Smith, the ICO’s deputy commissioner and director of data protection, said that “ignorance” was “no excuse” for health organisation’s holding personal data.
“Data protection is critical and getting it right requires vigilance…” he said. “It is especially unforgiveable when the organisation is handling information as sensitive as that held by BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe.”
BPAS alerted the police immediately after the hacking and sought an injunction against the information being published. Mr Jeffery was arrested at his home in the West Midlands after police tracked him through his computer’s IP address.
Ms Furedi said that BPAS accepted that “no hacker should have been able to steal data” but challenged the scale of the ICO’s penalty.
“BPAS is a charity which spends any proceeds on the care of women who need our help and on improving public education and knowledge on contraception, fertility and unplanned pregnancy,” she said. “This fine seems out of proportion when compared with those levelled against other organisations who were not themselves the victims of a crime. It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way.”
Mr Jeffery attacked the site because of his objection to the decision of two women he knew to seek abortion, Southwark Crown Court heard during his trial in April 2012.
He wrote on the BPAS website: “An unborn child does not have an opinion, a choice or any rights. Who gave you the right to murder an unborn child and profit from that murder?”
The fine comes amid an atmosphere of heightened concern around the security of patient data held by healthcare organisations. Plans to extract patient records from every GP surgery in England and keep them in a central database have been delayed to give the NHS time to reassure the public that the data will be secure and put to appropriate uses.
The privacy campaign group Medconfidential told The Independent that BPAS’s experience illustrated the importance of healthcare organisations ensuring their data is protected “with the highest level of security”.
Liam Neeson's Downton dreams
Thriller is set in the secret world of British espionage
Bomber jacket worn by Mary Berry sells out within an hour
Daniele Watts: Django Unchained actress detained by Los Angeles police after being mistaken for a prostitute
Scottish independence referendum: A nation divided against itself
Scottish independence: David Cameron is becoming the 'George Bush of Britain'
Russia freezes Ukraine into submission: Kiev admits country doesn't have enough fuel for winter
Scottish independence: The Queen breaks silence on referendum debate – as think tank warns of £14bn black hole if Scotland votes Yes
Portuguese academic says British are 'filthy, violent and drunk'
- 2 Scottish independence: What you shouldn't tweet about if you want to avoid jail today
- 3 Scottish independence: Five reasons Salmond is secretly hoping for a 'No' vote
- 4 Isis plan to 'behead random member of the public' in Sydney thwarted by Australian police
- 5 Archbishop of Canterbury admits doubts about existence of God