A data breach can really happen to anyone – just ask the UK’s Information Commissioner’s Office (ICO).
Buried in the recently made public 2013-2014 Annual Report, the authority tasked with making sure that UK organizations – private and governmental – keep customer and user data secure, has stated that it has suffered a “non-trivial data security incident.”
“The incident was treated as a self-reported breach. It was investigated and treated no differently from similar incidents reported to us by others. We also conducted an internal investigation,” they stated.
“It was concluded that the likelihood of damage or distress to any affected data subjects was low and that it did not amount to a serious breach of the Data Protection Act. A full investigation was carried out with recommendations made and adopted. The internal investigation was also concluded.”
The Times reports that no more details about the breach have been shared with the public, and a spokesman for the office has said that those who want to know what happened will have to submit a Freedom of Information request.
Whether such a request would actually be productive is another matter – there is at least one previous instance in which a similar request did not lead to the wanted information.