Digital Transformation

Competition entrants’ details exposed by security lapse

Toshiba’s online competition failed to properly protect the information submitted by participants

Electronics giant Toshiba have been found guilty of failing to properly protect the details submitted by entrants to an online competition that was held on its website.

A security lapse led to the personal information of 20 people being exposed, with their names, addresses and dates of birth accessible to other users, and the company has since been reprimanded by the Information Commissioner’s Office (ICO).

"It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure," said Stephen Eckersley, the ICO’s head of enforcement.

Adequate data protection provisions could have prevented this flaw in the set-up of Toshiba’s website and would have enabled the company to avoid the embarrassment that comes with failing to protect the details of its customers.

Given the risk of identity theft and the number of opportunist criminals looking to take advantage of situations in which the information of innocent members of the public is exposed online, the company could experience a loss of trust in its brand as a result of the incident.

Had Toshiba properly tested the system that it used to support and run the competition, the breach in the details of its entrants could have been avoided as the glitch would have been picked up before the program went live.

Measures such as these can help organisations guard against accidentally exposing the data of people who expect any records they submit to be properly protected, and thus maintain the public’s faith in companies.

Toshiba has since committed itself to taking more effective steps to safeguard information and the ICO has welcomed this move.

"We are pleased that Toshiba Information Systems (UK) have committed to ensuring that any changes to applications on their website are thoroughly tested by both the developer and themselves, in order to keep the personal information they are collecting secure," Mr Eckersley added.