Thu, 03 Dec 2020

'Serious' data breach at Heathrow Airport leads to huge fine

By Sheetal Sukhija, Middle East News.Net
09 Oct 2018, 23:56 GMT+10

LONDON, U.S. - A careless mistake by one of its employees in 2017, has returned to haunt operators of Europe's busiest airport. 

On Tuesday, nearly a year after the Heathrow Airport admitted the potential security scare, the Information Commissioner's Office (ICO) has slammed the airport for the "serious" data protection failings.

The country's regulator has slapped Britain's busiest airport with a massive fine of 120,000 pounds.

Boggling oversight

On October 30, 2017, an explosive report in Britain's The Mirror revealed the shocking data breach, which it said posed a risk to national security. 

The publication said that it had received a USB stick containing secret national security data from an unemployed man, who found it lying on the street. 

Authorities quoted in the report confirmed that the USB stick contained documents with details related to security safeguards for VIPs and ministers.

The device reportedly contained a total of 76 folders, including maps, videos and documents and authorities pointed out that none of the documents were encrypted or password protected.

The report further noted that the USB stick, that reportedly belonged to an airport employee, contained routes and safeguards for the Queen, foreign dignitaries and top politicians using Heathrow. 

Further, maps showing the location of CCTV cameras, and escape route for the Heathrow Express railway serving the airport was also found on the device.

Following the expose, Heathrow officials said that they had launched an investigation into the discovery of the USB stick and the confidential data it held. 

Regulatory rebuke

While announcing its decision on Tuesday, the U.K. regulator acknowledged that the USB stick had been passed on to a national newspaper, but the ICO did not mention Mirror or is bombshell report from last year. 

The ICO also refused to comment on the files found within the device - which the Mirror report claimed were related to national security.

The regular said that the scope of its investigation had been to look at "personal data" only.

In a statement, ICO director of investigations, Steve Eckersley, said, "Data protection should have been high on Heathrow's agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise."

The regulatory body also pointed out that only 2 percent of the 6,500-strong workforce at the airport had been trained in data protection.

Following ICO's announcement, Heathrow Airport officials, who have expressed regret over the breach, emphasized its corrective action in the aftermath.

While the airport declined to comment on the national security claims, a spokeswoman said in a statement, "Following this incident, the company took swift action and strengthened processes and policies. We accept the fine that the ICO have deemed appropriate and spoken to all individuals involved. We recognize that this should never have happened and would like to reassure everyone that necessary changes have been implemented, including the start of an extensive information security training programme which is being rolled out company-wide."

More Middle East News

Access More

Sign up for Middle East News

a daily newsletter full of things to discuss over drinks.and the great thing is that it's on the house!