Data security incident trends

<!doctype html>    <html lang="en">  <head prefix="og: http://ogp.me/ns#"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="initial-scale=1.0, width=device-width"> <title>Data security incident trends | ICO</title>   <meta name="DC.Subject" content="" /> <meta name="DC.Date" content="Monday, September 16, 2024" /> <meta name="DC.Creator" content="" /> <meta name="DC.Publisher" content="ICO" /> <meta name="DC.Title" content="Data security incident trends" /> <meta name="DC.PageID" content="21918" />  <meta name="robots" content="index" />   <meta property="og:title" content="Data security incident trends" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://ico.org.uk/action-weve-taken/data-security-incident-trends/" /> <meta property="og:description" content="View the recent data security incidents that have been reported or notified to the ICO, or that we have identified proactively." /> <meta property="og:image" content="https://ico.org.uk/media/1429/statistics-report-800x537.jpg"/> <meta name="twitter:title" content="Data security incident trends" /> <meta name="twitter:description" content="View the recent data security incidents that have been reported or notified to the ICO, or that we have identified proactively." /> <meta name="twitter:image" content="https://ico.org.uk/media/1429/statistics-report-800x537.jpg" /> <meta name="twitter:card" content="summary_large_image" />  <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" /> <link href="/cassette.axd/stylesheet/84c7d16c3755e24397d10a8f144f328c1ebc2032/css" type="text/css" rel="stylesheet"/>   <script type="text/javascript"> !function(T,l,y){var S=T.location,k="script",D="instrumentationKey",C="ingestionendpoint",I="disableExceptionTracking",E="ai.device.",b="toLowerCase",w="crossOrigin",N="POST",e="appInsightsSDK",t=y.name||"appInsights";(y.name||T[e])&&(T[e]=t);var n=T[t]||function(d){var g=!1,f=!1,m={initialize:!0,queue:[],sv:"5",version:2,config:d};function v(e,t){var n={},a="Browser";return n[E+"id"]=a[b](),n[E+"type"]=a,n["ai.operation.name"]=S&&S.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(m.sv||m.version),{time:function(){var e=new Date;function t(e){var t=""+e;return 1===t.length&&(t="0"+t),t}return e.getUTCFullYear()+"-"+t(1+e.getUTCMonth())+"-"+t(e.getUTCDate())+"T"+t(e.getUTCHours())+":"+t(e.getUTCMinutes())+":"+t(e.getUTCSeconds())+"."+((e.getUTCMilliseconds()/1e3).toFixed(3)+"").slice(2,5)+"Z"}(),iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}}}}var h=d.url||y.src;if(h){function a(e){var t,n,a,i,r,o,s,c,u,p,l;g=!0,m.queue=[],f||(f=!0,t=h,s=function(){var e={},t=d.connectionString;if(t)for(var n=t.split(";"),a=0;a<n.length;a++){var i=n[a].split("=");2===i.length&&(e[i[0][b]()]=i[1])}if(!e[C]){var r=e.endpointsuffix,o=r?e.location:null;e[C]="https://"+(o?o+".":"")+"dc."+(r||"services.visualstudio.com")}return e}(),c=s[D]||d[D]||"",u=s[C],p=u?u+"/v2/track":d.endpointUrl,(l=[]).push((n="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",a=t,i=p,(o=(r=v(c,"Exception")).data).baseType="ExceptionData",o.baseData.exceptions=[{typeName:"SDKLoadFailed",message:n.replace(/\./g,"-"),hasFullStack:!1,stack:n+"\nSnippet failed to load ["+a+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(S&&S.pathname||"_unknown_")+"\nEndpoint: "+i,parsedStack:[]}],r)),l.push(function(e,t,n,a){var i=v(c,"Message"),r=i.data;r.baseType="MessageData";var o=r.baseData;return o.message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+n+")").replace(/\"/g,"")+'"',o.properties={endpoint:a},i}(0,0,t,p)),function(e,t){if(JSON){var n=T.fetch;if(n&&!y.useXhr)n(t,{method:N,body:JSON.stringify(e),mode:"cors"});else if(XMLHttpRequest){var a=new XMLHttpRequest;a.open(N,t),a.setRequestHeader("Content-type","application/json"),a.send(JSON.stringify(e))}}}(l,p))}function i(e,t){f||setTimeout(function(){!t&&m.core||a()},500)}var e=function(){var n=l.createElement(k);n.src=h;var e=y[w];return!e&&""!==e||"undefined"==n[w]||(n[w]=e),n.onload=i,n.onerror=a,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||i(0,t)},n}();y.ld<0?l.getElementsByTagName("head")[0].appendChild(e):setTimeout(function(){l.getElementsByTagName(k)[0].parentNode.appendChild(e)},y.ld||0)}try{m.cookie=l.cookie}catch(p){}function t(e){for(;e.length;)!function(t){m[t]=function(){var e=arguments;g||m.queue.push(function(){m[t].apply(m,e)})}}(e.pop())}var n="track",r="TrackPage",o="TrackEvent";t([n+"Event",n+"PageView",n+"Exception",n+"Trace",n+"DependencyData",n+"Metric",n+"PageViewPerformance","start"+r,"stop"+r,"start"+o,"stop"+o,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),m.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4};var s=(d.extensionConfig||{}).ApplicationInsightsAnalytics||{};if(!0!==d[I]&&!0!==s[I]){var c="onerror";t(["_"+c]);var u=T[c];T[c]=function(e,t,n,a,i){var r=u&&u(e,t,n,a,i);return!0!==r&&m["_"+c]({message:e,url:t,lineNumber:n,columnNumber:a,error:i}),r},d.autoExceptionInstrumented=!0}return m}(y.cfg);function a(){y.onInit&&y.onInit(n)}(T[t]=n).queue&&0===n.queue.length?(n.queue.push(a),n.trackPageView({})):a()}(window,document,{ src: "https://js.monitor.azure.com/scripts/b/ai.2.min.js", crossOrigin: "anonymous", cfg: { instrumentationKey: "1d8b12b7-5ec8-4f8a-ad58-d9c6836b2133", disableCookiesUsage: true }}); </script> <script src="/cassette.axd/script/5ee23aacdf970dd872941ccf4f703a43bccb2949/scripts/responsive-nav.min.js" type="text/javascript"></script> <script src="/cassette.axd/script/e959342b74f6ed9b82c2aa42af0bcf7fd59f2d10/scripts/lib" type="text/javascript"></script>    </head> <body id="top" class=""> <a class="link-skiptocontent invisible" href="#startcontent">Skip to main content <span class="icon-arrow-down"></span></a> <header class="header-banner"> <div class="container-header"> <div class="container row"> <div class="column column-3 siteheader-logo"> <a href="/"><span class="invisible">ICO: Information Commissioner's Office</span></a> </div> <div class="column column-6 siteheader-strapline h4"> <div class="siteheader-strapline-inner"> <p>The ICO exists to empower you through information.</p> </div> </div> <a href="" class="button-icon" id="toggle-siteheader-search"><span class="icon-search"></span><span class="invisible">Search</span><span class="icon-close"></span></a> <form action="https://icosearch.ico.org.uk/s/search.html" method="GET" class="column column-3" id="siteheader-search"> <fieldset> <legend class="invisible">Search</legend> <div class="siteheader-search-form"> <label for="search" class="invisible">Search</label> <input type="search" id="search" name="query"> <input type="hidden" name="collection" value="ico-meta" /> <input type="hidden" name="profile" value="_default" /> <span class="button-icon icon-search"></span> <input type="submit" value="Search"> </div> </fieldset> </form> </div> </div> <div class="container-navigation"> <div class="container row"> <nav class="column column-12" aria-label="Main menu"> <ul> <li class="h3 theme-home"> <a href="/">Home<span class="icon-arrow-right"></span></a> </li> <li class="h3 theme-public"> <a href="/for-the-public/">For the public<span class="icon-arrow-right"></span></a> </li> <li class="h3 theme-organisations"> <a href="/for-organisations/">For organisations<span class="icon-arrow-right"></span></a> </li> <li class="h3 theme-report"> <a href="/make-a-complaint/">Make a complaint<span class="icon-arrow-right"></span></a> </li> <li class="h3 theme-action"> <a href="/action-weve-taken/" class="current">Action we've taken<span class="icon-arrow-right"></span></a> </li> <li class="h3 theme-about"> <a href="/about-the-ico/">About the ICO<span class="icon-arrow-right"></span></a> </li> </ul> </nav> </div> </div> </header> <main class="theme-action" id="startcontent"> <article class="container"> <header class="pageheader"> <div class="row"> <div class="column column-8"> <nav aria-label="breadcrumb" class="pageheader-breadcrumb text-small clearfix"> <ol> <li> <a href="/action-weve-taken/">Action we've taken</a><span>/</span> </li> <li> <span class="current" aria-current="page" aria-label="Current page"> Data security incident trends </span> </li> </ol> </nav> <h1>Data security incident trends</h1> </div> <div class="pageheader-download column column-4 column-indent-1"> <a href="#" id="toggle-hiddenpanel-headershare"><span class="h4">Share<span class="invisible">(Opens Share panel)</span></span><span class="button-circle"><span class="icon-share"></span></span></a> </div> </div> <div class="hiddenpanel clearfix toggle-right" id="hiddenpanel-headershare" aria-label="panel share" style="display: none;"> <h2 class="h4">Share this page</h2> <ul class="clearfix"> <li> <a href="http://www.reddit.com/submit?url=https:%2f%2fico.org.uk%2faction-weve-taken%2fdata-security-incident-trends%2f" target="_blank" class="button-circle"> <span class="icon-reddit"></span> <span class="invisible">Share via Reddit</span> </a> </li> <li> <a href="https://www.linkedin.com/shareArticle?mini=true&title=Data+security+incident+trends&url=https:%2f%2fico.org.uk%2faction-weve-taken%2fdata-security-incident-trends%2f&source=Ico.org.uk" target="_blank" class="button-circle"> <span class="icon-linkedin"></span> <span class="invisible">Share via LinkedIn</span> </a> </li> <li> <a href="/cdn-cgi/l/email-protection#a39cc1ccc7da9ecbd7d7d3d0998691c58691c5cac0cc8dccd1c48dd6c88691c5c2c0d7cacccd8ed4c6d5c68ed7c2c8c6cd8691c5c7c2d7c28ed0c6c0d6d1cad7da8ecacdc0cac7c6cdd78ed7d1c6cdc7d08691c5" target="_blank" class="button-circle"> <span class="icon-envelope"></span> <span class="invisible">Share via email</span> </a> </li> </ul> </div> </header> <div class="row"> <div class="maincolumn column column-8"> <div class="article-content"> <span id="Details_411a0314-5742-427a-bcff-c3e56fccde90" style="display: none;" aria-hidden="true">Click to toggle details</span> <details class="ico-details"> <summary class="ico-details__summary" aria-describedby="Details_411a0314-5742-427a-bcff-c3e56fccde90"> <span class="ico-details__summary-text">Latest updates </span> </summary> <div class="ico-details__text"> <ul> <li><strong>11 September 2024 </strong>- Data updated to Q2 2024</li> <li><strong>11 June 2024</strong> - Data updated to Q1 2024</li> <li><strong>15 April 2024 </strong>- Data updated to Q4 2023</li> <li><strong>24 January 2024 </strong>- Data updated up to Q3 2023.</li> <li><strong>1 November 2023</strong> - Data updated up to Q2 2023.</li> </ul> </div> </details> <h2>Incidents reported to us and what you can do to stay secure</h2> <p>This page contains information on data security breaches that have been reported to us <span style="font-weight: 400;">by organisations that have suffered a breach</span>. We publish this information to help organisations understand what to look out for and help them to take appropriate action.</p> <p>Data security incidents occur when organisations do not have “appropriate technical or organisational measures” to protect the personal data they hold. This is a requirement of the UK General Data Protection Regulation (GDPR) under <a data-udi="umb://document/6de605696c6b4006bbba64e53584537f" href="/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/the-principles/integrity-and-confidentiality-security/" title="Integrity and confidentiality (security)">Principle (f): Integrity and confidentiality (security)</a>. They are a major concern for those affected and a key area of action for the ICO. Organisations are required to report breaches within 72 hours of discovery under Article 33 of the GDPR. </p> <p>The figures reported here are based on the number of reports of personal data breaches received by the ICO up to Q2 2024. Please note that the data is presented in calendar years and quarters, following the <a rel="noopener" href="https://style.ons.gov.uk/house-style/dates/" target="_blank" class="link-external">Office for National Statistics style<span class="invisible"></span></a> for non-financial data releases.</p> <p>To view the dashboard in full screen, click the button in the bottom-right corner below.</p> <p> </p> <p data-placeholder="Double click to add text. The primary goal of data visualization is to communicate information clearly and efficiently."><iframe title="Data Security Incidents Dashboard - Web Version" src="https://app.powerbi.com/view?r=eyJrIjoiMzVmNWZiMzctNjg1Mi00MzcyLWFiNWEtOTczNWRhYjdjM2IxIiwidCI6IjUwMTI5MzIzLThmYWItNDAwMC1hZGMxLWM0Y2ZlYmZhMjFlNiJ9&pageName=ReportSection70a61c96f79f3ac49298" allowfullscreen="true" width="1008" height="627.5" frameborder="0"></iframe></p> <span id="Details_ab4f0f22-42db-4158-ba92-8ded86c8b2f2" style="display: none;" aria-hidden="true">Click to toggle details</span> <details class="ico-details"> <summary class="ico-details__summary" aria-describedby="Details_ab4f0f22-42db-4158-ba92-8ded86c8b2f2"> <span class="ico-details__summary-text">Limitations in this release</span> </summary> <div class="ico-details__text"> <p>There are some limitations to the data contained in this release. Notably:</p> <ul> <li>The data starts at Q2 2019 as incidents were recorded differently prior to this period.</li> <li>Categories and incident types are allocated by the ICO and are assigned as a best fit. In some cases multiple factors will have contributed to an incident but in those cases the most significant incident type or category is assigned.</li> <li>As with categories and incident types, the sector is allocated by the ICO and is assigned as a best fit.</li> <li>The way the ICO inputs data changes over time. This results in some discrepancies, so caution should be taken when drawing conclusions on changes in specific sectors, incident types or outcomes.</li> <li>The way we categorise incidents as cyber or non-cyber within the dashboard is currently under review. As noted above, caution should be taken when drawing conclusions from the split of incident category.</li> <li>Although the data can provide insights on the general trends of data security incidents, it should not be seen as a definitive source as it contains only the data security incidents that were discovered and then reported to the ICO.</li> <li>There may be some instances of inaccurate data, such as dates or number of data subjects affected. This could be due to human error or this data not being accurately reported by the organisation reporting the breach. Although we have tried to identify and correct historic errors, there may be some that have not been corrected. We are looking at ways to improve data quality moving forward.</li> <li>There are some occasions where the data recorded for a particular breach is incomplete. In these cases, the missing details are not included in the dashboard. Therefore, some sections of the dashboard may have less datapoints than others.</li> <li>Under specific circumstances some cases are transferred to a separate system for review. As a result, these cases, which may include some of the larger and more serious breaches, are not included within this data.</li> <li>The case management system needs both a date and time for when a breach was discovered. Where only a date and not time is provided by an organisation, the case handler will input midnight as the time a breach was discovered. This may mean that some breaches are labelled as being submitted outside the 72 hour window required even when they were reported on time.</li> <li>Data presented is generally based on the information provided when an organisation initially reports a breach. Any additional information provided as the case progresses is used to reach an outcome, but this is not added to this system. As such the information provided here should be viewed as a point in time reflection of the incident report.</li> <li>Some categories of data are presented as ranges. This is to guard against conclusions being drawn with spurious accuracy and to ensure we are only providing the information that is required for analysis to limit the instances where specific incidents can be identified.</li> <li>We changed our definitions of ‘informal action taken’ and ‘no further action’ in April 2021. This means there are far more cases recorded as ‘informal action taken’ since that date than before it, compared with ‘no further action cases’.</li> <li>In late 2019 we moved away from recording cases as ‘general business’, and tried to be more specific. This means it will look as though we received fewer of those cases from that sector, when instead we’ve just categorised the cases differently.</li> <li>There was a substantial drop in reporting in Q2 2020 which is likely a result of the first national UK coronavirus lockdown in 2020 (<a rel="noopener" href="https://www.instituteforgovernment.org.uk/sites/default/files/timeline-lockdown-web.pdf" target="_blank" class="link-external">March 2020 to Jun 2020<span class="invisible"></span></a>).</li> </ul> </div> </details> <p>This dashboard has been produced as part of the ICO's commitment to responsible, proactive publishing of data. If you have any feedback or comments, please contact <a href="/cdn-cgi/l/email-protection#d9bbabbcb8bab1b0b7aab0beb1adaa99b0bab6f7b6abbef7acb2"><span class="__cf_email__" data-cfemail="3250405753515a5b5c415b555a4641725b515d1c5d40551c4759">[email protected]</span></a>.</p> <p>A downloadable version of the data contained within the dashboard is provided below along with some supporting documentation. Note: some reports hold multiple characteristics for some of the categories of data and as such appear on multiple rows – this may make it appear as if there are more breaches reported than is actually the case.</p> </div> <aside class="aside-further" aria-label="Document menu"> <h2 class="offscreen">Further Reading</h2> <ul> <li> <a href="/media/action-weve-taken/csvs/4030963/data-security-incidents-trends-q1-2019-to-q2-2024.csv" class="theme-359" target="_blank"> <h3 class="h4 link-external">Data Security Incidents Trends - Q1 2019 to Q2 2024<span class="invisible"></span></h3> <div class="text-small"> <p>Action we've taken</p> <p>File (23.25MB)</p> </div> <span class="icon-file"></span> </a> </li> <li> <a href="/action-weve-taken/data-security-incident-trends/glossary-of-terms/" class="theme-action"> <h3 class="h4">Data security incident trends - glossary of terms</h3> <div class="text-small"> <p>Action we've taken</p> </div> <span class="icon-file"></span> </a> </li> </ul> </aside><div class="article-content"> <h2>What you can do to stay secure</h2> <p>Below you will find links to our guidance and guidance published by the National Cyber Security Centre (NCSC) about how to prevent breaches.</p> </div> <aside class="aside-further" aria-label="Document menu"> <h2 class="offscreen">Further Reading</h2> <ul> <li> <a href="/for-organisations-2/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/" class="theme-organisations"> <h3 class="h4">Personal data breaches</h3> <div class="text-small"> <p>For organisations</p> </div> <span class="icon-file"></span> </a> </li> <li> <a href="/for-organisations-2/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/" class="theme-organisations"> <h3 class="h4">Security</h3> <div class="text-small"> <p>For organisations</p> </div> <span class="icon-file"></span> </a> </li> <li> <a href="https://www.ncsc.gov.uk/section/advice-guidance/all-topics" target="_blank"> <h3 class="h4 link-external">All topics - NCSC.gov.uk<span class="invisible"></span></h3> <div class="text-small"> <p>External link</p> </div> <span class="icon-external-link"></span> </a> </li> </ul> </aside> </div> <div class="column column-3 column-indent-1"> <aside class="aside-further" aria-label="Document menu"> <h2>Further reading</h2> <ul> <li> <a href="/about-the-ico/ico-and-stakeholder-consultations/call-for-views-data-security-incident-trends/" class="theme-about"> <h3 class="h4">Call for views: data security incident trends</h3> <div class="text-small"> <p>About the ICO</p> </div> <span class="icon-file"></span> </a> </li> <li> <a href="/about-the-ico/our-information/complaints-and-concerns-data-sets/" class="theme-about"> <h3 class="h4">Complaints and concerns data sets</h3> <div class="text-small"> <p>About the ICO</p> </div> <span class="icon-file"></span> </a> </li> <li> <a href="/for-organisations/report-a-breach/" class="theme-organisations"> <h3 class="h4">Report a breach</h3> <div class="text-small"> <p>For organisations</p> </div> <span class="icon-file"></span> </a> </li> <li> <a href="https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022" target="_blank"> <h3 class="h4 link-external">Cyber Security Breaches Survey 2022 - GOV.UK<span class="invisible"></span></h3> <div class="text-small"> <p>External link</p> </div> <span class="icon-external-link"></span> </a> </li> </ul> </aside> </div> </div> </article> </main> <footer> <div class="footer-sociallinks container row"> <div class="footer-sociallinks-links footer-sociallinks-links--left column column-2"> <ul class=""> <li> <a href="#" class="button-circle" id="toggle-hiddenpanel-share"> <span class="icon-share"></span> <span class="invisible">Share this page</span> </a> </li> <li> <a href="javascript:window.print()" class="button-circle" data-item="Print"> <span class="icon-print"></span> <span class="invisible">Print this page</span> </a> </li> <li> <a href="/global/rss-feeds/" class="button-circle" data-item="RSS"> <span class="icon-feed"></span> <span class="invisible">RSS feeds</span> </a> </li> </ul> </div> <div class="footer-sociallinks-language column column-2 language-dropdown-container"> <div class="language-dropdown-tab-controls dropdown"> <a href="#" class="visible-xs mobile-tabcontrol" title="Language Selector" aria-haspopup="true" aria-expanded="false" data-target="[langSelector__nav]"> <ul class="globe-list"> <li class="button-circle globe" title="Language"> <span class="icon-globe"></span></li> </ul> <span class="dropdown-label">English</span> <span class="chevron down"></span> </a> <ul class="nav nav-tabs" data-name="langSelector__nav"> <li class="tab active"> <a rel="nofollow" href="https://ico.org.uk" name="English" class="content language-item">English</a> </li> <li class="tab"> <a rel="nofollow" href="https://cy.ico.org.uk" name="Welsh" class="content language-item">Cymraeg</a> </li> </ul> </div> </div> <div class="footer-sociallinks-links footer-sociallinks-links--right column column-4"> <ul class="clearfix"> <li> <a href="https://twitter.com/iconews" target="_blank" class="button-circle" data-item="Follow us on Twitter"> <span class="icon-twitter"></span> <span class="invisible">Follow us on Twitter</span> </a> </li> <li> <a href="http://facebook.com/ICOnews" target="_blank" class="button-circle" data-item="Like us on Facebook"> <span class="icon-facebook"></span> <span class="invisible">Like us on Facebook</span> </a> </li> <li> <a href="http://linkedin.com/company/information-commissioner's-office" target="_blank" class="button-circle" data-item="Connect with us on Linkedin"> <span class="icon-linkedin"></span> <span class="invisible">Connect with us on Linkedin</span> </a> </li> <li> <a href="http://www.youtube.com/user/icocomms" target="_blank" class="button-circle" data-item="Watch us on YouTube"> <span class="icon-youtube"></span> <span class="invisible">Watch us on YouTube</span> </a> </li> </ul> </div> <div class="hiddenpanel clearfix" id="hiddenpanel-share"> <h2 class="h4">Share this page</h2> <ul class="clearfix"> <li> <a href="http://www.reddit.com/submit?url=https:%2f%2fico.org.uk%2fglobal%2fprivacy-notice%2fwhen-we-audit-an-organisation%2f" target="_blank" class="button-circle"> <span class="icon-reddit"></span> <span class="invisible">Share via Reddit</span> </a> </li> <li> <a href="https://www.linkedin.com/shareArticle?mini=true&title=When+we+audit+an+organisation&url=https:%2f%2fico.org.uk%2fglobal%2fprivacy-notice%2fwhen-we-audit-an-organisation%2f&source=Ico.org.uk" target="_blank" class="button-circle"> <span class="icon-linkedin"></span> <span class="invisible">Share via LinkedIn</span> </a> </li> <li> <a href="/cdn-cgi/l/email-protection#e9d68b868d90d4819d9d999ad3ccdb8fccdb8f808a86c7869b8ec79c82ccdb8f8e85868b8885ccdb8f999b809f888a90c487869d808a8cccdb8f9e818c87c49e8cc4889c8d809dc48887c4869b8e8887809a889d808687ccdb8f" target="_blank" class="button-circle"> <span class="icon-envelope"></span> <span class="invisible">Share via email</span> </a> </li> </ul> </div> <a href="/about-the-ico/media-centre/e-newsletter/" class="footer-sociallinks-newsletter"> <span class="h4">Subscribe to our e-newsletter</span> <span class="button-circle"> <span class="icon-envelope"></span> </span> </a> <div class="footer-sociallinks-language--mobile language-dropdown-container"> <div class="language-dropdown-tab-controls dropdown"> <a href="#" class="visible-xs mobile-tabcontrol" title="Language Selector" aria-haspopup="true" aria-expanded="false" data-target="[langSelector__nav--mobile]"> <ul class="globe-list"> <li class="button-circle globe" title="Language"><span class="icon-globe"></span></li> </ul> <span class="dropdown-label">English</span> <span class="chevron down"></span> </a> <ul class="nav nav-tabs" data-name="langSelector__nav--mobile"> <li class="tab active"> <a rel="nofollow" href="https://ico.org.uk" name="English" class="content language-item">English</a> </li> <li class="tab"> <a rel="nofollow" href="https://cy.ico.org.uk" name="Welsh" class="content language-item">Cymraeg</a> </li> </ul> </div> </div> </div> <div class="container-sitemap"> <div class="container row"> <div class="column column-2"> <a href="/" class="footer-sitemap-logo"><span class="invisible">ICO: Information Commissioner's Office</span></a> </div> <div class="column column-2"> <h2 class="h4"><a href="/for-the-public/">Your data matters</a></h2> <ul class="text-small"> <li><a href="/for-the-public/official-information/">Official information</a></li> <li><a href="/for-the-public/nuisance-calls/">Nuisance calls</a></li> </ul> </div> <div class="column column-2"> <h2 class="h4"><a href="/for-organisations/">For organisations</a></h2> <ul class="text-small"> <li><a href="/for-organisations/uk-gdpr-guidance-and-resources/">UK GDPR guidance and resources</a></li> <li><a href="/for-organisations/foi/">Freedom of information</a></li> <li><a href="/for-organisations/eir-and-access-to-information/">EIR and access to information</a></li> <li><a href="/for-organisations/direct-marketing-and-privacy-and-electronic-communications/">Direct marketing</a></li> <li><a href="/for-organisations/advice-and-services/">Advice and services</a></li> </ul> </div> <div class="column column-2"> <h2 class="h4"><a href="/action-weve-taken/">Action we've taken</a></h2> <ul class="text-small"> <li><a href="/action-weve-taken/enforcement/">Enforcement action</a></li> <li><a href="https://icosearch.ico.org.uk/s/search.html?collection=ico-meta&profile=decisions&query">Decision notices</a></li> <li><a href="/action-weve-taken/audits-and-overview-reports/">Audits</a></li> </ul> </div> <div class="column column-2"> <h2 class="h4"><a href="/about-the-ico/">About the ICO</a></h2> <ul class="text-small"> <li><a href="/about-the-ico/who-we-are/">Who we are</a></li> <li><a href="/about-the-ico/what-we-do/">What we do</a></li> <li><a href="/about-the-ico/media-centre/">Media centre</a></li> <li><a href="/about-the-ico/jobs/">Careers</a></li> <li><a href="/about-the-ico/modern-slavery-statement/">Modern Slavery Statement</a></li> </ul> </div> </div> </div> <div class="container-strapline"> <div class="container row"> <div class="column column-12 h4"> <p>The ICO exists to empower you through information.</p> </div> </div> </div> <div class="container-footerlinks"> <div class="container row"> <div class="column column-12"> <nav aria-label="footer" class="clearfix"> <a href="/global/contact-us/">Contact us</a> <a href="/global/privacy-notice/">Privacy notice</a> <a href="/global/cookies/">Cookies</a> <a href="/global/accessibility/">Accessibility</a> <a href="https://ico.org.uk/about-the-ico/who-we-are/wales-office">Cymraeg</a> <a href="/global/request-publications/">Publications</a> <a href="/global/disclaimer/">Disclaimer</a> <a href="/global/copyright-and-re-use-of-materials/">© Copyright</a> </nav> <div class="footerlinks-phone h2"><span class="icon-phone"></span><span class="invisible">Phone:</span> 0303 123 1113</div> <div class="footer-ogl"><span class="invisible">Open Government Licence</span></div> <div class="text-small footer-ogl-info"> All text content is available under the <a href="http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/">Open Government Licence v3.0</a>, except where otherwise stated. </div> </div> </div> </div> </footer> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="application/json" id="CookieControlConfig"> {"apiKey":"dbf86e044f3ab8c4df852af5c7c6ceb2dd7678dd","product":"PRO","theme":"dark","position":"left","rejectButton":true,"closeStyle":"button","consentCookieExpiry":90,"initialState":"open","statement":{"description":"For more detailed information, see our","name":"Cookies page.","url":"/global/cookies/","updated":"23/05/2024"},"text":{"notifyTitle":"Cookies on the ICO website","notifyDescription":"We use some essential cookies to make this site work. We'd like to set analytics cookies to understand how you use this site. We may use services from Vimeo and YouTube that may also use cookies.","accept":"Accept non-essential cookies","reject":"Reject non-essential cookies","settings":"Settings","necessaryTitle":"Essential cookies","necessaryDescription":"These cookies are necessary for core functionality, such as security and network management. They always need to be on.","title":"Cookies on the ICO website","intro":"We use some essential cookies to make this site work. We'd like to set analytics cookies to understand how you use this site. We may use services from Vimeo and YouTube that may also use cookies.","acceptRecommended":"Accept non-essential cookies","rejectSettings":"Reject non-essential cookies","closeLabel":"Save and close"},"branding":{"fontFamily":"Verdana, Helvetica, Arial, sans-serif","fontColor":"#FFF","fontSizeTitle":"25px","fontSizeIntro":"15px","fontSizeHeaders":"21px","fontSize":"15px","acceptBackground":"#FFF","backgroundColor":"#0276A5","toggleText":"#FFF","toggleColor":"#0276A5","toggleBackground":"#2F2F5F","removeAbout":true},"necessaryCookies":["rwe*","language","UMB_*","UMB-*","XSRF-*","__RequestVerificationToken"],"optionalCookies":[{"name":"analytics","label":"Analytics cookies","description":"We use Silktide to measure how you use the ICO website. \n\nThese cookies collect information about how you got to the site, the pages you visit and how long you spend on each page, and what you click on.","cookies":[],"lawfulBasis":"Consent","recommendedState":true,"onAccept":"ICO.Silktide.enable(\"12d0c703744ea255b679f823daf1645f\");","onRevoke":"ICO.Silktide.disable();"},{"name":"video","label":"Video player cookies","description":"We use services from Vimeo and YouTube to show you embedded videos on the ICO website.\n\nVimeo and Google may use cookies to receive information about the videos you watch for analytics and advertising purposes.","cookies":[],"lawfulBasis":"Consent","recommendedState":true,"onAccept":"activateEmbeddedVideos();","onRevoke":"deactivateEmbeddedVideos();"}]} </script> <script src="/cassette.axd/script/9d04de21d8a78bf0c13d1fc48c6564b1496c7b6e/scripts" type="text/javascript"></script>  </body> </html>

CINXE.COM

Data security incident trends | ICO