Heathrow Airport has been fined with £120k by the Information Commissioner Office for serious deficiencies in data protection
The fact arose after a member of the airport staff personnel lost a memory stick last October; the device contained “confidential personal data”, which a user of the airport subsequently found, as reported by specialists in digital forensics from the International Institute of Cyber Security.
So far, the information indicates that the lost device included security and travel arrangements for the Queen, although the Information Commissioner Office has not pronounced about it.
Heathrow was greatly saddened by the carelessness.
The Information Commissioner Office (ICO) said that the memory stick, which contained 76 folders and over a thousand files, was not encrypted or protected with a password or any other type of security measure.
The airport mentioned that only a small amount of files contained “sensitive” information, including a training video that exposed the names, birth dates and passport numbers of 10 people. Personal data for up to 50 members of Heathrow aviation security personnel were also disclosed.
However, a report by specialists in digital forensics suggests that this carelessness is a potential danger to national security. The report mentions that a man would have found the memory in a street in west London and had seen its contents in a local library, discovering information such as:
- A patrol calendar that was used to protect the airport from suicide bombers and terrorist attacks
- Routes used for foreign ministers and officials
- The exact route the Queen took when using the airport and the security measures used to protect her
The ICO confirmed that a nationwide newspaper had gained access to the memory stick. However, it did not comment on national security claims, and said that memory stick contained only personal information of the airport’s staff.
The ICO added that only 2% of the 6500 employees of the airport workforce had been trained in personal and organization information protection.
Heathrow declined to speak out, however, a spokesperson said: “after this incident, the company took swift action and strengthened security processes and policies”.
“We will accept the fine that the ICO has considered appropriate and we’ll talk to the people involved in the incident”, the spokesperson concluded.
According to specialists in digital forensics from the International Institute of Cyber Security, incidents related to airlines and airports have been a real headache for the UK authorities, because they go through facts as simple as misplacing a memory stick, even the complexity of having to deal with a data theft like the one that happened in British Airways.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.