The UK Information Commissioner's Office (ICO) has issued a £3.07 million fine on Advanced Computer Software Group Ltd for a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. Notable cases of past ICO fines on data controllers include the record £20 million fine on British Airways for a 2018 data breach and a £18.4 million fine on Marriott for a 2014 security incident. Today, the ICO has announced a hefty £3.07 million ($3.95 million) fine on Advanced as a penalty for failing to safeguard sensitive data and systems against hackers. It's worth noting that the fine imposed on Advanced for the 2022 ransomware incident is significantly reduced compared to the £6.09M ($7.74 million) figure that ICO considered previously and announced in August 2024. The cyberattack was announced in early August 2022 when various NHS services, including 111 emergency services, suffered significant outages, pointing to a breach at British managed service provider (MSP) Advanced. ICO highlights in its announcement the software vendor's failure to implement adequate security measures that would prevent the breach that caused data exposure and life-risking health service outages. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 27 Mar 2025 01:10:20 +0000