Serious Fraud Office admits to massive data breach
Confidential computer files, audio tapes and documents accidentally sent to third party.


The Serious Fraud Office (SFO) has admitted to sending a large tranche of confidential information to the wrong person.
The breach, involving 32,000 pages of documents, 81 audio files and a number of computer files relating to an investigation into British defence, security and aerospace firm BAE Systems, went undetected for a year.
Any loss of data is a serious matter and the SFO has taken action to ensure no further material can be wrongly sent out.
The SFO said the accident occurred after the close of the investigation, when it was sending back materials to an individual or organisation that had supplied information and requested its return.
The recipient received the information they had sent, as well as additional items from other sources, which constituted 3 per cent of the total amount of data submitted in relation to the case.
The SFO said that 98 per cent of the material that had been sent in error has been recovered and that it is continuing to try and recover the remaining information that has not already been destroyed by the recipient.
The accidental recipient has not been named.
"Any loss of data is a serious matter and the SFO has taken action to ensure no further material can be wrongly sent out," an SFO spokesperson said.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"At the request of the Director of the SFO, the former Director of Security at the Palace of Westminster, Peter Mason CBE, has conducted an initial review of the incident and made some recommendations.
"More generally, the Director of the SFO has instigated an independent wide-ranging review of all the organisation's business processes by Alan Woods, a former senior civil servant," the spokesperson added.
A spokesperson for the Information Commissioner's Office (ICO) said: "We have been made aware of a possible data breach involving the Serious Fraud Office.
"We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken."

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
Using WinRAR? Update now to avoid falling victim to this file path flaw
News WinRAR users have been urged to update after a patch was issued for a serious vulnerability.
-
Amazon CEO Andy Jassy doubles down on the company's AI focus
News Amazon CEO Andy Jassy thinks companies need to "lean into" AI and embrace the technology despite concerns over job losses.
-
Scania admits leak of data after extortion attempt
News Hacker stole 34,000 files from a third-party managed website, trucking company says
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three years
News Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring service
News New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customers
News The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessed
News The state is following up to ensure no information was transferred to bad actors