Back in 2012, just four days before Christmas, an unidentified hacker broke into the servers of an online travel company based out of the UK called Think W3.
The hacker got in through a coding error on the site. Three days later the breach was noticed and sealed, but not before 1,163,996 credit and debit card records were stolen.
The real story here is the fine that the British Information Commissioner's Office (ICO) just handed down to Think W3. The ICO has fined the company £150,000, or approximately $250,000. Compared to the extent of the breach, it seems a little light when you consider how bad this could have been. But the ICO is saying it came down hard:
Stephen Eckersley, head of enforcement, said the incident was a “staggering lapse” in security and underlined the fact firms of shape and size must take the issue of data protection seriously.
“Data security should be a top priority for any business that operates online. Think W3 Limited accepted liability for failing to keep their customers’ personal data secure; failing to test their security and failing to delete out-of-date information,” he said.
Think W3 plans to pay the fine, though the company defended its response, saying that no customers were affected by the breach, and the hole was shut quickly.
What do you think? Is this fine to lenient or too stiff? Let me know in the comments below.