small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

UK ICO Fines Charity Following Cyber Attack

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

UK ICO Fines Charity Following Cyber Attack

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

Chicago
London

Related Topics

Health Care Privacy
Data Breach
Europe Privacy

Related Capabilities

Privacy & Data Security

March 21, 2014

The UK Information Commissioner’s Office (ICO) has fined registered charity, the British Pregnancy Advice Service (BPAS), £200,000 following an attack on its website. BPAS is the largest provider of abortion services in the UK. Its website had been attacked by an individual who disagreed with abortion. The attacker gained access to the personal details of thousands of individuals that had viewed the BPAS website and requested a call back from the organization. The attacker intended to publish the details but the information was recovered by the police before it could be published. The ICO found that BPAS had failed to take appropriate technical and organizational measures to prevent unauthorized processing of personal data on its website and, in particular, had failed to carry out appropriate security testing on the website which would have alerted them to its vulnerabilities. The fact that BPAS was allegedly unaware that the personal details stored on the website were vulnerable to this type of attach was found to be unacceptable by the ICO, particularly since the data in question related to the extremely personal and sensitive services provided by BPAS.

TIP: This case is a reminder that organizations that collect personal data online should ensure that the data is held securely. Cyber-attacks are on the rise, and companies are expected to be prepared. 

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising