UK Information Commissioner (ICO) Enforcements and Website Hacks
I did a brief analysis of the enforcement notices that have been handed out by the UK Information Commissioner (ICO) to organisations found to be in breach of the Data Protection Act. The idea was to see how many incidents were a result of a website hack (SQL Injection, XSS etc.) About 100 enforcements are listed on the ICO website covering the period from January 2008 to August 2010.
I found that none of the breaches were the result of a website hack. No SQL injection, XSS, CSRF attacks etc. The vast majority were related to unencrypted USB sticks, CDs, laptops etc. which have been lost or stolen.
Read more on Web Application Security – from the start.