UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach

British software and IT services provider Advanced Computer Software Group has been fined £3 million ($3.8 million) by the UK Information Commissioner’s Office (ICO) over a 2022 data breach resulting from a ransomware attack.

Advanced, which is operating as OneAdvanced, was targeted in 2022 by the notorious LockBit ransomware group. The attack caused significant disruptions to several of the company’s products and resulted in the information of roughly 80,000 people getting stolen.

The company caters to the UK’s National Health Service and other healthcare providers and in the case of nearly 900 people who had been receiving care at home the compromised information included details on how to enter their home.

Advanced systems were compromised through a customer account that did not have multi-factor authentication (MFA), and the ICO said the company violated data protection laws by failing to fully implement appropriate security measures, including ...