Experts Insight On Watford Community Housing (WCH) Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | Mar 27, 2020 03:35 am PST

Watford Community Housing (WCH) sent out an unencrypted spreadsheet with 3,544 rows of personal information on its tenants, including names, addresses, dates of birth, religion, sexual orientation, ethnic origin and disability status.  It’s not yet been confirmed if any of these individuals are subject to witness protection orders in court proceedings.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jan Van Vliet
Jan Van Vliet , VP and GM EMEA
March 27, 2020 11:43 am

Email is a vulnerable medium. As this unfortunate data leak shows, even the best IT security tools are not infallible against human behaviour. This incident again reinforces the need for “data centric” security technologies. This would help protect data at source, removing the risk factor associated with human error. If Watford Housing Community had had such technologies in place, it could have prevented this highly sensitive information from being sent without prior approval and prevented it from being opened by the recipients. All organisations, especially those that handle sensitive personal data, have a duty of care to prioritise data protection and prevent incidents like this taking place.

Last edited 3 years ago by Jan Van Vliet
Raif Mehmet
Raif Mehmet , Sales Director
March 27, 2020 11:40 am

To prevent future attacks and safeguard sensitive information, organisations must have full visibility and control over their data. This can be accomplished by leveraging multi-faceted solutions that defend against malware on any app or endpoint, enforce real-time access control, detect misconfigurations, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage.

Last edited 3 years ago by Raif Mehmet
Samantha Humphries
Samantha Humphries , Security Strategist
March 27, 2020 11:38 am

Watford Community Housing should be commended for a responsible disclosure and a prompt response, which will make all the difference to maintaining the trust of those affected by this breach.

However, it’s important to note here that the reasons behind this breach are relatively unsophisticated and highlight a fundamentally poor operational practice. Sending files over email – particularly unencrypted files – is always risky. This incident shows that if you do this in error, there is no way of recalling that data once it’s been sent. Your only recourse is to politely request that the unintended recipients delete it.

Notwithstanding the breadth of technology now available to organisations, email has never been a good tool for sharing personal information. It can all too easily end up in the wrong hands and – as this organisation clearly knows – put you square in the sights of the ICO. With GDPR enforcement still in relatively early days, this small error could add up to a significant financial cost.

Last edited 3 years ago by Samantha Humphries

Recent Posts

Would love your thoughts, please comment.x