Over 3,000 MP Staff Affected in Data Breach

Media Division | April 7, 2017

Data breaches can occur from several different causes, but one that seems to be all too common recently is through accidental human error.  There is unfortunately always the potential for personnel working with sensitive or personal information to make mistakes that allow that data to be released to the public.  This is precisely what happened in a recent data breach that allowed confidential details of 3,295 UK MP’s staff to be published online, which included names, salaries, working patterns, and other information.

The breach was due to a large amount of documents being incorrectly posted to the old website of the Independent Parliamentary Standards Authority (IPSA).  According to the letter from IPSA, the information was available for close to five hours and was accessed by around three dozen people in under four hours, with some having accessed it from the parliamentary estate.  Once discovering the issue, IPSA then removed the documents within the hour.  Fortunately, no security impacting information was leaked, such as bank details or addresses.

Mitigative Steps Being Taken for the Breach

IPSA immediately began a series of steps to remediate the breach.  They had written to each of the 3,295 staff members affected by the breach, and detailed the specific information that was released in regard to them.  IPSA then asked all of those that they had identified to have accessed the information to delete it.  They had said that their own IT systems were not affected, but that they will be taking disciplinary action.  As a further step, they will also be strengthening areas of their information management.  It appears that IPSA is putting thorough attention on the breach, and this is important when it comes to incidents like this.  An improperly handled breach can have even further consequences to the organization, as well as those whose information was compromised.

Government organizations can be home to a large amount of personal and privileged information of their staff and public, which can make them high-value targets for cyber attackers.  Inadvertent data breaches caused by human error can be extremely dangerous to the high-value information that these organizations hold.  There have been no details released as to whether any malicious actors had accessed the information in the above breach, but there is always the potential when this kind of information is left in such a vulnerable state.  While cyber security is a necessity for virtually every organization, it could be said that government has a requirement of even further security because of the responsibility that they hold.

Handling a Breach With Cyber Investigation Services

While some breaches are fortunately able to be remedied before heavy consequences arise, this is not always the case.  A breach could allow a cyber attacker to gain access to a wide array of information that they could use for malicious purposes.  In reality, many data breaches are caused by cyber attackers as opposed to human error.  In cases like these, it is important that the threat is handled appropriately and definitively.  Having been the victim of a data breach, an organization needs to be able to discover the source and effects of it, which is where cyber investigation services come into play.  A proper cyber investigation can trace the source of a breach, and if it was a threat actor, further actions can then be taken.  Massive Alliance provides comprehensive cyber investigation services to help organizations mitigate breaches and threats.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.