United Kingdom: Information Commissioner's Office issued final decision to fine GBP 3.07 million Advanced Computer Software Group for data protection failures

Description

Information Commissioner's Office issued final decision to fine GBP 3.07 million Advanced Computer Software Group for data protection failures

On 26 March 2025, the UK Information Commissioner's Office (ICO) imposed a monetary penalty of GBP 3.07 million on Advanced Computer Software Group Limited for violations of the United Kingdom General Data Protection Regulation (UK GDPR). The enforcement action stemmed from a ransomware incident in August 2022 that compromised personal data relating to 79'404 individuals, including medical records and home access information for 890 care recipients. The ICO's investigation identified deficiencies in Advanced Computer Software Group's implementation of multi-factor authentication, vulnerability scanning, and patch management systems. The ICO initially proposed a penalty of GBP 6.09 million in August 2024, which was subsequently reduced following Advanced Computer Software Group's cooperation with the National Cyber Security Centre (NCSC), National Crime Agency (NCA) and the National Health Service (NHS). Advanced Computer Software Group accepted the final penalty amount and waived its right of appeal.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
software provider: other software
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2024-08-07
under investigation

On 7 August 2024, the UK Information Commissioner's Office provisionally decided to fine Advanced C…

2025-03-26
in force

On 26 March 2025, the UK Information Commissioner's Office (ICO) imposed a monetary penalty of GBP …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.