Law Firm’s $60K Data Breach Blunder: When Cyber Essentials Aren’t So Essential

DPP Law Ltd faces a hefty £60,000 fine after a cyberattack exposed 32 GB of personal data. The UK’s data watchdog insists that DPP’s security lapses were glaring. DPP Law is appealing, but whether their Cyber Essentials certification can save them remains to be seen. Data protection: It’s not just a suggestion!

3P
Published: April 16, 2025 2:48 pmAdded: April 16, 2025 at 8:18 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems DPP Law Ltd.’s cybersecurity measures were as rusty as an old bicycle left in the rain. After 32 GB of personal data took a joyride to the dark web, the law firm is now appealing a £60,000 fine, probably hoping for a verdict as lenient as a forgiving parent to a kid who “borrowed” the car without asking.

Key Points:

  • The UK’s Information Commissioner’s Office (ICO) fined DPP Law Ltd. £60,000 following a data breach.
  • 32 GB of personal information was stolen using brute-force tactics on an unprotected admin account.
  • DPP learned about the breach when the National Crime Agency alerted them of data on the dark web.
  • DPP took 43 days to report the breach to the ICO.
  • DPP Law is appealing the fine, citing their compliance with cybersecurity certifications.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?