Law Firm’s £60K Cyber Oops: When Data Security Takes a Holiday

The ICO has fined Merseyside-based DDP Law Ltd £60,000 for a cyber-attack that leaked sensitive data onto the dark web. Remember, data protection is not optional—unless you enjoy hefty fines and hosting unwanted guests on your network!

3P
Published: April 17, 2025 8:00 amAdded: April 17, 2025 at 1:21 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, DPP Law Ltd., it seems you left the door wide open and even sent out engraved invitations to hackers! Who knew a forgotten admin account could lead to a £60,000 slap on the wrist and a starring role in the “How Not to Handle Cybersecurity” guide? Consider this a pricey reminder that data protection isn’t just a suggestion—it’s the law, literally.

Key Points:

  • DPP Law Ltd. fined £60,000 by ICO for a cyber-attack exposing sensitive information.
  • Lack of multi-factor authentication on an old admin account was a key vulnerability.
  • Hackers accessed 32GB of data, which ended up on the dark web.
  • DPP was alerted to the breach by the National Crime Agency, not their own vigilance.
  • Significant delay in reporting the breach to the ICO—43 days after discovery.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?