Supply Chain Security: ICO’s £6m Provisional Fine

August 15, 2024

On 7th August 2024, the ICO provisionally decided to impose a £6.09m fine on Advanced Computer Software Group Ltd (Advanced), an IT and software services provider for organisations on a national scale including the NHS. The decision comes after reported initial findings showed that the provider had failed to protect the information of 82,946 people. The provisional decision relates to a ransomware incident in August 2022, in which hackers allegedly accessed systems via a customer account that did not have multi-factor authentication. [1]

The hackers were allegedly able to exfiltrate medical records and phone numbers. Those impacted were informed and the exfiltrated data has not been uploaded to the dark web as of today.  John Edwards the UK Information Commissioner stated, “For an organisation trusted to handle a significant volume of sensitive and special category data, we have provisionally found serious failings in its approach to information security prior to this incident.”. The provisional decision highlights the responsibility of data processors and the need for organisations to ensure that systems are secured adequately. [2] [3]

Black Room Intelligence provides comprehensive Third-Party monitoring of your Supply Chain monitoring against data breaches and potential attacks. With a quick and simple onboarding process, your entire supply chain could be monitored within hours, providing immediate peace of mind and assurance.    

References:

1. Provisional decision to impose £6m fine on software provider following 2022 ransomware attack that disrupted NHS and social care services. ICO. August 7, 2024. Available from: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/08/provisional-decision-to-impose-6m-fine-on-software-provider-following-2022-ransomware-attack/

2. UK IT provider faces $7.7 million fine for 2022 ransomware breach. BleepingComputer. August 7, 2024. Available from: https://www.bleepingcomputer.com/news/security/uk-it-provider-faces-77-million-fine-for-2022-ransomware-breach/

3. Supply chain cyber incidents: The ICO's fine, and future of data processors’ accountability. Kennedys. August 12, 2024. Available from: https://kennedyslaw.com/en/thought-leadership/article/2024/supply-chain-cyber-incidents-the-icos-fine-and-future-of-data-processors-accountability/

Experienced Analysts
+
Best of Breed Data Feeds
=
Exceptional Insights
Transform your ability to identify and monitor dark web threat actors today.

Speak to an expert
Services BlogCareersAboutContact
Black Room Intelligence is a cyber threat intelligence company with considerable expertise in a wide range of industries. Our experienced analysts and linguists offer a range of insights and monitoring that can help you understand and combat a variety of cyber threats including sophisticated disinformation campaigns.

Registered in England and Wales (number 14885394) whose registered office is at 20-22 Wenlock Road, London, N1 7GU.

Address: 20-22 Wenlock Road, London, N1 7GU

Email: contact@blackroomintelligence.comPhone: +44 (0) 208 058 2971Linkedin: linkedin.com/black-room-intel
Copyright © 2025 Black Room Intel Ltd