How to protect your financial data as the Cabinet Office is fined £500k for address leaks

World News

Scammers take £800 from woman with voucher scam

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

The Government was issued the fine as the Information Commissioner’s Office (ICO) found the Cabinet Office had failed to put adequate measures in place to avoid these kinds of breaches. A number of famous faces had their personal addresses leaked online as a result of the breach and this included Iain Duncan Smith, Elton John and Nadiya Hussain.

“It’s becoming more and more urgent and something needs to change”

The leak, which occurred in 2019, resulted from complacency according to the ICO. The Government has since apologised for the breach and confirmed it put measures in place to avoid repeat occurrences.

James Walker, the CEO at Rightly, commented on the news, noting it added to a “difficult and embarrassing week of leaks” for the state.

He said: “Importantly, this revelation should also serve as yet another warning to organisations handling personal and sensitive information. Now is the time to take the rights that people have over their personal data, and data security, seriously. It’s becoming more and more urgent and something needs to change.

“The way that consumer data is handled, often exposing them to security risks and without their consent, is a systemic problem. Rightly, one of the first consumer tools to help people take back control of their own data, are calling on companies and the government to stop this trend and hold bad actors accountable.”

How to protect your financial and personal data

Mr Walker continued by explaining the responsibility to protect one’s personal data should lie with the company that holds it, the “sad truth is that many simply cannot be trusted”.

He argued in the current digital world, the sharing and misuse of personal data has unfortunately become systemic. But, there are steps people can take to get back some level of control.

He explained: “When it comes to protecting your personal data, one of the most important steps is to work out exactly which companies have access to it and how they are using it. You can do this through sending Data Subject Access Requests (DSARs) – or using a platform like Rightly to do so.

“If there is any personal information that you no longer want the company to store, you can then send a deletion request which, legally, they must respond to in 30 days.

“Cleaning up your digital footprint has traditionally taken time as it’s too much hassle and you have no idea with whom your data has been sold to. It’s important to note that because so many companies share information with third parties – usually without your knowledge or consent – it can be impossible to find out who has it, without asking everyone!

“Unfortunately, the more information you share online, the greater the risk it is shared without your knowledge.”

National Insurance scam warning: ‘National security threat’ emerges [WARNING]
Nationwide launches new tool to protect savers from scams [INSIGHT]
Facebook scammers getting ‘bolder’ as carer is targeted through job ad

Email addresses and passwords

Mr Walker concluded by providing tips on how people can protect their personal data. Using multiple email addresses can help, as he explained: “Create a second email account that you use when shopping online, registering for online services, and all those other unnecessary boxes. That way, only an essential few companies have your primary email address, and you minimise your chances of being hacked, involved in a data breach or being the victim of identity theft. Plus, all those scam emails you receive will go straight into your second inbox.

“Avoid the ‘third parties’ box. When you sign up to a website there is often a tick box about sharing your data. Make sure you avoid ticking this. Sharing with third parties is vague and most often simply allows companies to share your data with unidentified others and make a profit from your personal information.”

Focusing on one’s use of passwords is also crucial, as Mr Walker continued: “Never use the same password for different sites. Consider a password vault where you remember one password and then have all your passwords in that vault. All the passwords you then use can be highly secure and unique so if a website is breached only that password will be compromised.

“On emails if you add + before the @ sign you can ‘tag’ the website to find out who has shared your data so becomes, now if your data is shared and added to another email list or to a spam list or even a fraud attempt you will know who shared it. Apple will now allow you to use an alias email so the firm does have your real email address.”

Cookies and browsers

Taking action on the more technical side of things can also pay dividends in the long run. Mr Walker urged consumers to misspell their name when sharing data as “this way, if your data is shared with scammers, it’s significantly harder for them to steal your identity. Plus, future scam emails that you receive could be highlighted by the wrong spelling.”

To ensure as much protection as possible, consumers will need to wrap their heads around cookies, a notoriously pesky element of the modern world.

Mr Walker continued: “When you visit a website for the first time you will be asked to accept cookies. In essence, cookies act as trackers, storing and sharing snippets of information about you. While some of these are necessary, like ‘functional’ cookies that store your login details and help websites improve, many share personal information about you. This includes the websites you visit, what you buy, and what characteristics you likely have. Always choose the minimum cookies option to reduce the data being captured on you.

“Consider your browser – There are a whole range of internet browsers to choose from, many of which are built for privacy. DuckDuckGo for example has best-in-class privacy essentials for free. There are also a whole range of new technologies coming out that are designed to help you know if a website can be trusted. One of these is Browser, a community-led app that uses several databases of fraudulent websites to advise you

“Regularly check if you’ve been hacked – Make a habit of checking if any of your information has been breached. You can do this for free at, which checks your email against databases on the dark web. You can then change key information and passwords to prevent being hacked or scammed.”

The FCA, the financial regulator, also recently took steps to improve the standard of consumer protection for users of financial services and help to stop harm before it happens. The FCA said it was concerned that currently financial services do not always work well for consumers and the new plans aim to fundamentally shift the mindset of firms.

The consultation is open until February 15, 2022 and the FCA expects to confirm any final rules by the end of July 2022. Parliament has also called strongly for a change to the standard of protection for consumers.

Sheldon Mills, Executive Director of Consumers and Competition at the FCA, commented: “Making good financial decisions is vital to financial well-being and trust, but too often consumers are not given the information they need to make good decisions and are sold products or services that do not offer the benefits they might expect. We want to change that. We’ve been working to set a higher standard for firms, to put more of the onus on them to act in their customers’ interests and get their products and services right.

“The new duty will drive a change in culture at firms. We expect firms to step up and put consumers at the heart of what they do and we’ll be holding senior managers accountable if they do not. The duty will also help create an environment for healthy competition between firms, encouraging them to be innovative in developing products and services that meet consumer’s needs.”

Source: Read Full Article