Insights

Articles

Home / Insights / Articles / Ransomware Attack Threatens Software Supplier with £6 Million Fine: ICO Urges Immediate Multi-Factor Authentication

Ransomware Attack Threatens Software Supplier with £6 Million Fine: ICO Urges Immediate Multi-Factor Authentication

Posted on 13 August 2024 in Data Protection

The ICO has provisionally decided to issue a fine to Advanced, an IT software company providing services to the NHS, after it experienced a ransomware hack in August 2022.

Cyber threats are increasing and AI is expected to heighten the global ransomware according to GCHQ. Government statistics from 2024 show that half of businesses (50%) and a third of charities (32%) report having experienced some form of cyber security breach or attack in the last 12 months. This is much higher for:

Medium businesses - 70%
Large businesses - 74%
High-income charities with £500,000 or more in annual income - 66%.

In this insight, we discuss what we know so far about the breach, refer to the regulatory framework and explain how Tozers can assist your business with GDPR.

What do we know so far?

The ICO has provisionally found that hackers initially accessed a number of Advanced's health and care systems via a customer account that did not have multi-factor authentication. They provisionally report that personal>Data Protection Team can help you comply with the regulatory framework by:

Providing advice and guidance.
Discuss>Contact our legal experts

Jessica Whittick

Posted by
Jessica Whittick
Solicitor

Ransomware Attack Threatens Software Supplier with £6 Million Fine: ICO Urges Immediate Multi-Factor Authentication

Talk to us

Name

Telephone

Nature of Enquiry

Please provide an outline of your enquiry

I confirm this enquiry relates to me

YesNo

I am making this enquiry on behalf of someone else & I confirm I have their authority to do so

YesNo

How did you hear about us?

By ticking this box, you agree to your information being stored and processed, to enable us to contact you in future regarding relevant services and events

I agree

By clicking ‘send enquiry’ you are giving permission for our team to get in touch with you via phone or email. For more information on how we use and store data, please refer to our privacy policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recent cases

ICO Fine Waived After Serious Data Breach Following Cyberattack
Following an extensive data breach, our client faced a £180,000 fine by the ICO and reputational harm. Following a detailed analysis of the circumstances, Jessica swiftly challenged the penalty notice, highlighting factual errors and mitigating factors. The ICO responded by waiving the fine in its entirety.
Swift Response to Data Breach Claim
Jessica responded to an urgent claim for £40,000 for six allegations of infringement of data rights against a client in the affordable housing sector. After reviewing extensive documentation she was able, in a robust response, to clearly set out why she considered there was no legal basis for the allegations. The Claimant chose not to pursue the matter further.
ICO Complaint Resolved Without Enforcement Action
Jessica responded to an urgent ICO complaint involving a client’s delayed Subject Access request (SAR) response. After reviewing extensive documents, she submitted detailed representations which cited significant mitigating factors and improvement steps. The ICO accepted our explanation and closed the case with no further action.
Successful Result for Data Breach Client
Acted on behalf of a client who was issued with a notice of intent for over £180,000 as a result of a data breach. We sent written representations that were successful, resulting in the investigation being dropped and the fine waived in its entirety.

Latest insights

Articles

Why Organisations Must Act Now on Data Protection Compliance: Lessons from Farley v Paymaster

2 October 2025

Articles

Data Protection Complaints: Are You Ready for the New Rules?

16 September 2025

Articles

Charity Fined After Irreplaceable Records Destroyed: Lessons for Your Organisation

9 September 2025

Read All Insights

Keep up to date with our latest insights

Search site
Site search
Contact our offices
Make an enquiry
Your Name
Telephone
Email
Nature of Enquiry

Please provide an outline of your enquiry
How did you hear about us?
By ticking this box, you agree to your information being stored and processed, to enable us to contact you in future regarding relevant services and events
I agree
By clicking ‘send enquiry’ you are giving permission for our team to get in touch with you via phone or email. For more information on how we use and store data, please refer to our privacy policy
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware Attack Threatens Software Supplier with £6 Million Fine: ICO Urges Immediate Multi-Factor Authentication

What do we know so far?

Recent cases

ICO Fine Waived After Serious Data Breach Following Cyberattack

Swift Response to Data Breach Claim

ICO Complaint Resolved Without Enforcement Action

Successful Result for Data Breach Client

Latest insights