Rio 2016 staff downloaded files illegally during Olympic transfer programme

What
Possible loss of personal data.

How much
Unknown.

Why
 Rio Olympics employees, thought to have been working in the London 2012 technology department, downloaded files without authorisation during the official Olympic knowledge transfer programme.

The original report by Brazilian journalist Juca Kfouri suggests the ‘hack’ was discovered by London 2012 staff when details of unauthorised access were found in log files. Kfouri’s blog entry suggests the files were highly confidential and included information about strategic planning and security. The nature and content of the files has not been confirmed by LOCOG, although officials, playing down the incident, said the documents would probably have been provided to the Rio team had they requested them.

The report of the incident in the Brazilian online portal UOL suggests no personal data was compromised.

Regulator
None to date.

Regulatory action
None to date.

Reason for action
None to date.

When
September 2012

Links

Welcome Financial Services Limited

Breach details

What Loss of personal data.
How much Approximately 2 million records.
When 7 November 2011
Why Backup tapes of Shopacheck’s LAN were transported back and forth between the network site and an offsite storage room. On the 23rd of November 2011 it was discovered that two of these tapes, containing personal data, of millions of individuals were missing.

Regulatory action

Regulator ICO
Action Monetary penalty of £ 150,000
When 5 July 2012

Why the regulator acted

Breach of act Unencrypted tapes were lost, and have still not been recovered. Inappropriate organisational and technical measures.
Known or should have known Data controller was aware of the possible consequences of the tapes going missing, since policies were in place requiring encryption.
Likely to cause damage or distress Financial information of customers.

Healthcare Locums PLC (HCL)

What

Loss of personal information .

How much

Unknown.

Why

A Network Storage device containing records relating to doctors employed by the data controller was lost or stolen in transit during a move and was sold on eBay. It was eventually recovered.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that contracts are put in place between the Data controller and any contractors it uses to process personal data on its behalf, who must be sufficiently checked. Sufficient physical security measures must be implemented and records of data contained on physical media must be kept.

Reason for action

Neither the network storage device or the personal data contained within it were encrypted. No inventory of equipment being transported was taken and therefore the loss/theft of the device went unnoticed until the eBay buyer contacted the Data controller.

When

14 October 2010

Links

View PDF of the Healthcare Locums PLC Undertaking (Via ICO Website)

View PDF of the Healthcare Locums PLC Undertaking (Breach Watch Archive)