Interserve was fined £4.4 million by the UK’s Information Commissioner’s Office (ICO) after a breach of personal employee data.

In 2019, UK-based outsourcing firm Interverse was faced with several cyberattacks that compromised the personal information of 113,000 employees. From March 18th to December 1st, the issues were investigated to find the reason for the breach.

Once the investigation was concluded, the Information Commissioner’s Office (ICO) took action and fined Interserve for failing to adequately protect its employees’ sensitive data. The fine totals £4.4 million, and Interserve has until the 21st of November to pay off the sanction. At the same time, Interserve is adamant that there is no concrete evidence of data exfiltration. The organization has 28 days to appeal the fine.

ICO presents evidence

According to the penalty notice posted by the ICO, the company has failed to secure its employee’s data appropriately. In one case, Interserve used outdated infrastructure to host its human resources systems. “Interserve ought reasonably to have been aware of the risks posed by running outdated support systems, in particular in circumstances where the risks of running outdated support systems were well-known and documented”, the notice reads.

Data privacy is regarded as a fundamental right in this day and age. The lack of data security can cause identity theft and tarnish an organization’s reputation. In the case of Interserve, it’s not the first time corners were cut when it comes to data security.

With the recent fine, there’s a chance that Interserve will try and work harder on its data protection policies to prevent future sanctions. Time will tell whether Interserve appeals the fine or pays it off.

Tip: France fines Clearview the maximum amount allowed for GDPR violations