Abortion charity fined £200,000 over website hack

BPAS says it is ‘possible’ Irish records were on its website but that no data made it into public domain

Sat, Mar 8, 2014, 09:23

A British charity that provides pregnancy and abortion services to about a thousand Irish women a year has been fined £200,000 after the contact details of nearly 10,000 people were obtained from its website by a hacker.

The British Pregnancy Advisory Service (BPAS) had the penalty imposed by the Information Commissioner’s office, which is the UK data protection watchdog.

‘Never at risk’
The advisory service yesterday said it was “certainly possible” Irish women and men were among those who had contacted it for information about pregnancy and abortion and had left a name and number on its website.

But it insisted the names of the women who had been treated “were never at risk” and that none of the data that the hacker obtained ever made it into the public domain. “We really don’t want this to cause women any more unnecessary anxiety,” a spokeswoman said.

The commissioner said the charity had reported the website attack to police on March 9th, 2012, and the attacker was arrested the following day. He was later jailed for 32 months.

“The police had to react quickly due to the context of the information that was accessed and the risks associated with the attack.

“Some of the call back details were from individuals whose ethnicity and social background could have led to physical harm or even death if the information had been disclosed by the attacker,” the commissioner said.

It said the particular contravention was serious because BPAS was “unaware that personal data was held on the website in such a way that the call-back details of 9,900 users were unprotected from an attack of this type”.