Boots is the latest UK organisation to lose customer data - but this time, it was from the hands of a security subcontractor.
The high street chemist chain has today admitted losing 27,000 customer records and 7,000 employees details related to their dental plan. The information included bank account details, as well as names and addresses.
The data tapes were stolen from the car of a security subcontractor on 3 April in Bristol. Police and the Financial Services Agency are investigating, and the Information Commissioner's Office (ICO) has been notified. The FSA has previously issued massive fines for such breaches, including a 1 million fine to a building society for a lost laptop.
In a statement, Boots said it takes data protection "extremely seriously," and that fraud was unlikely to occur because of the nature of the stolen data. "We would like to reassure our Boots Dental Plan customers that because of the type of data tape that was stolen and the way the information was stored it is highly unlikely that any personal data could be accessed or misused."
Boots added that all the affected people had been notified.
The news comes as the Bank of Ireland today admitted losing four laptops contining details pertaining to 10,000 customers.
The breaches are just two in a long string of UK losses.
The ICO said yesterday that nearly 100 such incidents had been reported to it in the six months since HM Revenue and customs lost records for millions of people on two discs.
-
Marc Benioff’s agentic AI gambit is paying dividendsAnalysis Agentforce is dominating the agenda at Salesforce – and it appears to be working
-
Enterprises are worried about agentic AI security risks – Gartner says the answer is just adding more AI agentsNews Not content with deploying agents for frontline operations, some enterprises might double down with ‘guardian agents’ to monitor their bot-based workforces
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
