An online holiday insurance company has been fined £175,000 by  the ICO after it found that the company had breached the Data Protection Act 1998 after security flaws within its IT system let hackers access customer records. The hackers obtained credit card details of more than 5,000 customers and potentially had access to more than 100,000 live credit card details, as well as customers’ medical details. The ICO investigation revealed that the company had no policy or procedures in place to review and update IT security systems, and had twice failed to update database software which could have prevented this incident.

ICO Press Release