The British Pregnancy Advice Service (BPAS), a charity that offers help and advice to women considering a termination of pregnancy, has been served a £200,000 penalty following the data breach that revealed almost 10,000 users’ details to a hacker.

The hacker, James Jeffery (previously jailed for 32 months in April 2012 for hacking the same website) defaced BPAS’ homepage with the logo of the Anonymous hacking group’s logo as well as an anti-abortion message.

The Information Commissioner’s Office (ICO) investigation found that in 2007 BPAS used a third party IT company to develop an online booking service and although had chosen not to store data in the CMS due to security concerns, did not communicate this explicitly enough to the developer and so the feature was built anyway.

The ICO investigation also found that personal data was not stored securely.

Additionally, it was also found that BPAS had stored call back information for five years longer than was necessary for its purpose – a breach of the Data Protection Act.
If BPAS fails in its appeal of the verdict, it will have the opportunity to reduce the fine to £160,000 if it pays by the end of March.

Source website