The ICO has imposed a monetary penalty of £150,000 on an online travel services company for serious breaches of the Data Protection Act. The company’s website was hacked and the insecure coding  used on the site allowed 1,163,996 credit and debit card records to  be compromised. No reviews or security checks had ever been carried out on the site.

ICO news release – online travel services company exposes more than a million customer records to a malicious hacker – 24 July 2014