British Pregnancy Advice Services fined £200,000 after hacker stole information on thousands of women
Britain’s largest provider of abortions has been fined £200,000 after a hacker was able to access the names, addresses and telephone numbers of thousands of women who had sought advice on abortion, pregnancy and contraception.
The British Pregnancy Advice Service (BPAS) had been guilty of an “unforgiveable” failure to secure women’s private information, the Information Commissioner’s Office (ICO) said, which allowed James Jeffery, a hacker associated with the global hacking group Anonymous, to access women’s details in March 2012.
Mr Jeffery, who was jailed for 32 months after being tracked by specialist e-crime police officers, had threatened to publish the information and posted anti-abortion messages on BPAS’s website.
The charity said yesterday that it was “horrified” by the scale of the fine, adding that it had been “a victim of a serious crime by someone opposed to what we do” and would appeal the Information Commissioner’s decision. Ann Furedi, the charity’s chief executive, said that, as a hacker who opposed abortion, Mr Jeffery was being “rewarded” by such a heavy fine being imposed on an abortion provider.
An ICO investigation found that BPAS had not realised that its website had stored the names, addresses, dates of birth and telephone number of people who had asked for a call back for advice on pregnancy issues. A vulnerability in the website’s coding “allowed the hacker to access the system and locate the information”, the ICO said.
David Smith, the ICO’s deputy commissioner and director of data protection, said that “ignorance” was “no excuse” for health organisation’s holding personal data.
“Data protection is critical and getting it right requires vigilance…” he said. “It is especially unforgiveable when the organisation is handling information as sensitive as that held by BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe.”
BPAS alerted the police immediately after the hacking and sought an injunction against the information being published. Mr Jeffery was arrested at his home in the West Midlands after police tracked him through his computer’s IP address.
Ms Furedi said that BPAS accepted that “no hacker should have been able to steal data” but challenged the scale of the ICO’s penalty.
“BPAS is a charity which spends any proceeds on the care of women who need our help and on improving public education and knowledge on contraception, fertility and unplanned pregnancy,” she said. “This fine seems out of proportion when compared with those levelled against other organisations who were not themselves the victims of a crime. It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way.”
Mr Jeffery attacked the site because of his objection to the decision of two women he knew to seek abortion, Southwark Crown Court heard during his trial in April 2012.
He wrote on the BPAS website: “An unborn child does not have an opinion, a choice or any rights. Who gave you the right to murder an unborn child and profit from that murder?”
The fine comes amid an atmosphere of heightened concern around the security of patient data held by healthcare organisations. Plans to extract patient records from every GP surgery in England and keep them in a central database have been delayed to give the NHS time to reassure the public that the data will be secure and put to appropriate uses.
The privacy campaign group Medconfidential told The Independent that BPAS’s experience illustrated the importance of healthcare organisations ensuring their data is protected “with the highest level of security”.
Justin Bieber was one of the hardest hit
Weather bomb in pictures: Storms cuts power for tens of thousands – and snow is on the way
Jessica Chambers: 19-year-old woman 'doused with lighter fluid and burned alive' in the US
Russell Brand calls Nigel Farage 'poundshop Enoch Powell' in BBC Question Time debate
Russell Brand was rendered speechless on Question Time by this man
Fury at Airbus after it hints the super-jumbo may be mothballed
Disgruntled RBS worker writes hilarious open letter to Russell Brand after anti-capitalist publicity stunt leaves him hungry
Shock poll shows voters believe Ukip is to the left of the Tories
Nigel Farage's approval rating hits 'record low' as popularity suffers in wake of Ukip sex scandal
Nigel Farage defends Kerry Smith 'ch***y' comment: 'If you are going for a Chinese, what do you say you’re going for?'
Ukip candidate jokes about 'shooting peasants' in racist and homophobic rant
Pakistan school attack live: Taliban kill at least 132 children in 'horrifying' massacre
- 1 Nigel Farage: Me vs Russell Brand on Question Time – he's got the chest hair but where are his ideas?
- 2 Harry Potter fans can apply to the Hogwarts-inspired College of Wizardry
- 3 Jessica Chambers: 19-year-old woman 'doused with lighter fluid and burned alive' in the US
- 4 Russell Brand calls Nigel Farage 'poundshop Enoch Powell' in BBC Question Time debate
- 5 Orange Wednesdays are no more