On 24 October the Information Commissioner's Office (ICO), the independent supervisory body responsible for ensuring data protection, announced it had imposed a £4.4 million (€5.08 million) fine on UK construction company Interserve for breaches of General Data Protection Regulation (GDPR). The UK company is accused of inadequate vigilance that resulted in the theft of the personal data of its 113,000 employees and ex-employees.
The events in question took place between 30 March and 02 May 2020. At that time, an employee of the construction group forwarded a ‘phishing’ email to a colleague, which Interserve’s security system neither detected, nor blocked. The employee opened the email and downloaded its contents, resulting in malware being installed onto the employee’s workstation. At that moment the company’s anti-virus system functioned and quarantined the malware but Interserve did not then thoroughly investigate th
…Do you have information to share with us?