Burnetts logo

Holiday Insurance Company Fined £175,000

Information law solicitor Natalie Ruane looks at a case where a holiday insurance company was fined by the Information Commissioner's Office.

The online holiday insurance company, Staysure.co.uk, has been fined £175,000 by the Information Commissioner’s Office (ICO) after security failings let hackers access the records of over 100,000 customers. 

The information hacked included credit card information as well as customers’ medical details.  The company had also retained credit card security numbers which were accessed by the hackers despite industry rules that these should not be retained.  Over 5,000 customers had their credit cards used by fraudsters after the attack in October 2013. 

The ICO found that the company had no policy or procedures in place to review and update their security systems.  They had failed twice to update database software which could have prevented the breach. 

In 2014 the ICO published a report highlighting some of the common IT security failings that they encounter and how these can be overcome.  Details of that report can be found at https://ico.org.uk/media/for-organisations/documents/1042221/protecting-personal-data-in-online-services-learning-from-the-mistakes-of-others.pdf

About the author

Natalie Ruane profile photo

Natalie Ruane

Natalie is a Partner and leads the Employment Law & HR team and specialises in education.

Published: Monday 16th March 2015
Categorised: Information Law

All Factsheets