cyber Breach

Gloucestershire Constabulary

May 11, 2023 1 min read
Gloucestershire Constabulary

Gloucestershire Police has been fined £80,000 by the Information Commissioner’s Office.

It sent a bulk email that identified victims of non-recent child abuse.

An officer sent an update on the case to 56 recipients by email but entered their email addresses in the ‘To’ field and did not activate the ‘BCC’ function, which would have prevented their details from being shared with others.

Each recipient of the e-mail including victims, witnesses, lawyers and journalists could see the full names and e-mail addresses of all the others.

The email also made reference to schools and other organizations being investigated in relation to the abuse allegations.

Source: https://www.databreaches.net/uk-gloucestershire-police-fined-for-revealing-identities-of-abuse-victims-in-bcc-email-gaffe/

TPRM report: https://scoringcyber.rankiteo.com/company/gloucestershire-constabulary

"id": "glo2124181122",
"linkid": "gloucestershire-constabulary",
"type": "Data Leak",
"date": "06/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 56,
                        'industry': 'Public Sector',
                        'location': 'Gloucestershire, UK',
                        'name': 'Gloucestershire Police',
                        'type': 'Law Enforcement Agency'}],
 'attack_vector': 'Human Error',
 'data_breach': {'number_of_records_exposed': 56,
                 'personally_identifiable_information': ['Full names',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Full names',
                                              'Email addresses',
                                              'References to schools and '
                                              'organizations being '
                                              'investigated']},
 'description': 'Gloucestershire Police sent a bulk email that identified '
                'victims of non-recent child abuse by incorrectly using the '
                "'To' field instead of the 'BCC' function.",
 'impact': {'data_compromised': ['Full names',
                                 'Email addresses',
                                 'References to schools and organizations '
                                 'being investigated'],
            'financial_loss': '£80,000 fine by the Information Commissioner’s '
                              'Office'},
 'post_incident_analysis': {'root_causes': 'Human Error'},
 'references': [{'source': 'Information Commissioner’s Office'}],
 'regulatory_compliance': {'fines_imposed': '£80,000',
                           'regulations_violated': 'General Data Protection '
                                                   'Regulation (GDPR)'},
 'title': 'Gloucestershire Police Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improper Email Handling'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.