In 2013, Erik Sundqvist, then 16, hacked into Umeå Municipality’s IT system and gained access to a database containing more than 600 passwords. He was found guilty, but escaped a jail sentence because of his age – instead, he was sentenced to 35 hours’ community service. Now the municipality is seeking half a million kroner (about €54,000 or £40,000) in damages in a civil action.
According to The Register, the authorities say the compensation “will in part pay for the time spent going through their systems to change the passwords, as well as evidence collection and other unspecified costs.” Erik “told the local press that he realised the system was not secure and that anyone could steal the passwords. He says he himself did not steal anything or damage the servers and that his incursion took less than an hour… He said it was ridiculous that a public IT system that stores personal data on so many people should be so unsafe.”
It’s never a defence that works, that. Imagine someone saying, “I’m highlighting the inadequacy of your fire prevention system by burning down your office.” They’d be laughed all the way to the nearest prison.
Organisations that hold personally identifiable information are legally obliged to secure it properly. The forthcoming General Data Protection Directive (GDPR) will put an ever greater burden on organisations across Europe. Managing the security of your data to ensure your compliance with the GDPR requires a robust information security management system (ISMS). ISO 27001 is the international standard for information security management, and sets out the best-practice requirements of an ISMS.
IT Governance’s fixed-price ISO 27001 Packaged Solutions allow EU organisations to implement an ISO 27001-compliant ISMS for as little as €530. Using a combination of implementation resources, online consultancy support, and expert guidance materials, EU organisations can implement best-practice information security practices, secure the information they hold, comply with laws such as the GDPR, and reassure stakeholders and customers that they are taking information security seriously. For more information on our ISO 27001 Packaged solutions, please click here >>