The Sun was ordered to improve its data protection procedures after its website was hacked in 2011.
Customers’ personal details were leaked on to the internet following the hack by the infamous Lulzsec hacker group, an offshoot of Anonymous.
Four British men behind the hack were sentenced recently
Their other targets included Sony Pictures, games maker EA, and the Serious Organised Crime Agency.
Related
The Information Commissioner ordered the Sun’s owners, News Group Newspapers, to improve its security in 2011. But details have only been released now that the Lulzsec trial has finished.
The ICO investigation revealed that the server hosting part of the Suns’ website was compromised in July 2011, and that a large amount of personal customer data was released. None of the data was sensitive.
The ICO found that the Sun’s server had not been used for its originally-intended purpose for several years. But the paper’s data controller did not notice.
NGN also accepted that it did not follow its own data protection rules.
NGN was ordered to sign a pledge to inform and train staff about storing and handling people’s personal data, improve security and set up procedures to make sure a breach does not happen again.
Cleland Thom is a consultant in media law
Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog
