0208 915 1103|sales@thesoftwarebureau.com

Third Party Data Breaches Highlight the Need for Strong Vendor Security

By |2025-10-20T16:16:30+00:00October 20th, 2025|

At The Software Bureau, we take information security seriously. Our recent retention of the ISO 27001:2022 certification reflects our ongoing commitment to protecting sensitive data and maintaining the highest standards of security across our operations. However, the recent data breach involving LNER’s customer communications database, managed by a third party supplier - https://www.printweek.com/content/news/lner-data-accessed-in-customer-comms-breach, is a stark reminder that security must extend beyond internal systems. Reports indicate that unauthorised access was gained through a supplier, compromising customer data and raising serious concerns about vendor oversight. This incident reinforces a critical point. Your organisation’s data security is only as strong as the weakest link in your supply chain. While The Software Bureau does not share any customer data with third parties, we [...]

Read More

Top 10 sectors that fail to report data breaches revealed

By |2024-05-24T11:34:57+00:00May 24th, 2024|

As we ‘celebrate’ the 6th birthday of GDPR a new study finds that over half of all data breaches in the UK in 2023 were not reported within the required 72-hour window. The report from Hayes Connor revealed the sectors with the worst track record. These were: Local Government: 51.32% General Business: 49.16% Marketing: 47.50% Justice: 47.06% Regulators: 46.81% Membership Associations: 46.67% Online Technology and Telecoms: 45.37% Media: 45.16% Central Government: 44.57% Retail and Manufacture: 43.94% Failing to report a breach within this timeframe can result in significant fines of up to £17.5 million or 4% of global turnover, whichever is higher. However, in practice, most firms receive minimal penalties. A key finding of the research is that in the [...]

Read More

Data processing security is key data concern for 2023

By |2023-07-11T13:01:31+00:00July 11th, 2023|

Our latest review of the GDPR enforcements undertaken by the ICO over the past 12 months reveals that data processing security and right of access are the most common infringements since July 2022. Almost a third (30 per cent) of the 30 recorded infringements this year pertained to Article 5, the principles relating to data processing and of these 21 per cent were for Article 5 (f) which specifies that personal data must be processed in a manner that ensures appropriate security. Sixteen per cent contravened Article 15: Right of Access by the data subject and 15 per cent were non-compliant to Article 12 (data transparency) and Article 32 (security of processing). Last year the lion’s share of enforcements (61 [...]

Read More

Has MOVEit made you think more seriously about data governance?

By |2023-06-19T13:04:59+00:00June 19th, 2023|

If not, it should and here’s why As the days roll by it is becoming increasingly clear that the MOVEit vulnerability which was discovered earlier this month is having very, very far-reaching repercussions. A growing list of UK companies have been affected by the cyberattack on payroll service provider Zellis, which occurred via one of its third-party suppliers (Moveit), this has resulted in hundreds of thousands of staff members at these organisations having their personal information posted on the dark web. The hack was first made public when US-based firm Progress Software identified that hackers had discovered a method of breaking into its MOVEit Transfer tool, a widely used software which enables users to move files from one place to [...]

Read More
Go to Top