This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/world/2014/mar/07/abortion-service-website-hacker-information-commissioner-fine

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Abortion service to appeal against £200,000 fine over hacked website Abortion service to appeal against £200,000 fine over hacked website
(34 minutes later)
The UK's main abortion provider is to appeal against a £200,000 fine imposed after an anti-abortion campaigner hacked its website and accessed the names and telephone numbers of thousands of women requesting advice.The UK's main abortion provider is to appeal against a £200,000 fine imposed after an anti-abortion campaigner hacked its website and accessed the names and telephone numbers of thousands of women requesting advice.
The hacker threatened to publish the names and addresses of women using the British Pregnancy Advisory Service, but was prevented by a court injunction. He was sentenced to 32 months in jail.The hacker threatened to publish the names and addresses of women using the British Pregnancy Advisory Service, but was prevented by a court injunction. He was sentenced to 32 months in jail.
The Information Commissioner's Office (ICO), which imposed the fine, said the charity did not realise its website stored the names, addresses, dates of birth and telephone numbers of women who asked for its advice.The Information Commissioner's Office (ICO), which imposed the fine, said the charity did not realise its website stored the names, addresses, dates of birth and telephone numbers of women who asked for its advice.
But ignorance was no excuse, said David Smith, the ICO'S deputy commissioner and director of data protection.But ignorance was no excuse, said David Smith, the ICO'S deputy commissioner and director of data protection.
"It is especially unforgiveable when the organisation is handing information as sensitive as that held by the BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe.""It is especially unforgiveable when the organisation is handing information as sensitive as that held by the BPAS. Data controllers must take active steps to ensure that the personal data they are responsible for is kept safe."
The information commissioner said the personal data was not stored securely and a vulnerability in the website's code allowed the hacker to access the system and locate the information.The information commissioner said the personal data was not stored securely and a vulnerability in the website's code allowed the hacker to access the system and locate the information.
BPAS said it was appalled by the hacking, which it reported immediately to the police, but was also shocked by the size of the fine, which is said it would appeal. BPAS also breached the Data Protection Act by keeping the details of callers for five years longer than was necessary for its purposes, the ICO said.
"We accept that no hacker should have been able to steal our data, but we are horrified by the scale of the fine, which does not reflect the fact that BPAS was a victim of a serious crime by someone opposed to what we do," Ann Furedi, the charity's chief executive, said. BPAS said it was appalled by the hacking, which it reported immediately to the police, but was also shocked by the size of the fine, against which it would appeal.
"We accept that no hacker should have been able to steal our data, but we are horrified by the scale of the fine, which does not reflect the fact that BPAS was a victim of a serious crime by someone opposed to what we do," the chief executive, Ann Furedi, said.
"BPAS is a charity which spends any proceeds on the care of women who need our help and on improving public education and knowledge on contraception, fertility and unplanned pregnancy."BPAS is a charity which spends any proceeds on the care of women who need our help and on improving public education and knowledge on contraception, fertility and unplanned pregnancy.
"This fine seems out of proportion when compared with those levelled against other organisations who were not themselves the victims of a crime."This fine seems out of proportion when compared with those levelled against other organisations who were not themselves the victims of a crime.
"It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way. We will be appealing the verdict of the Information Commissioner's Office." "It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way."
The hacker broke into the website on 8 March 2012.The hacker broke into the website on 8 March 2012.
"He defaced our website with anti-abortion messages and obtained names and telephone numbers of people who had used a webform to request a callback from BPAS staff to discuss issues relating to pregnancy, contraception and sexual health," the charity said in a statement. "He defaced our website with anti-abortion messages and obtained names and telephone numbers of people who had used a web form to request a callback from BPAS staff to discuss issues relating to pregnancy, contraception and sexual health," the charity said in a statement.
But the names, details and medical records of women who had used the abortion service were never at risk, the charity added.But the names, details and medical records of women who had used the abortion service were never at risk, the charity added.
BPAS was also in breach of the Data Protection Act by keeping the details of callers for five years longer than was necessary for its purposes, the ICO said.