UK crime agency forgot encryption for child abuse tips

UK’s peak serious crime fighting agency forgot to encrypt submissions made through its website

A child protection department under the UK’s peak serious crime fighting agency forgot to encrypt submissions made through its website. 

The failure to encrypt complaints lodged over the Child Exploitation and Online Protection Centre’s website meant that sensitive details could have been exposed during transmission, according to the UK’s Information Commission’s Office (ICO).

The site had been insecure for several months, according to the ICO's review.

A person submitting a tip to the CEOP noticed the online form used by the department did not encrypt the information in transit and subsequently filed a complaint with the ICO in April.

The heads of CEOP and the agency it sits under, the UK’s Serious Organised Crime Agency (SOCA), have both signed undertakings to ensure the website was tested for security weaknesses.

“Organisations must make sure that any personal data transmitted electronically is adequately protected. While there is no evidence to suggest that attempts have been made to access any of the information, it is highly likely that it would have been sensitive in nature and should not have been compromised by insufficient IT security measures,” said the ICO’s acting head of enforcement, Sally Anne Poole.

Join the CSO newsletter!

Error: Please check your email address.

Tags SOCA (Uk'sSerious Organised Crime Agency)securitynewsencryptionCEOPdata protection

More about CA TechnologiesICO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts