ICO investigating security breach at CEOP

The Information Commissioner's Office (ICO) has launched an investigation into the Child Exploitation and Online Protection Centre (CEOP) after some personal details stored in its IT systems were found to be unencrypted.

A spokeswoman for CEOP was vague about how much data was at risk, but said that she thought it was the details of one individual who had been using a form to report their concern about some online activity.

This information had then been accessed accidentally by another member of the public.

CEOP is a department of the Serious Organised Crime Agency tasked with bringing online child sex offenders to court. Children and parents can report concerns to the agency by filling out an online form.

The spokeswoman said that the form found by one member of the public has now been encrypted, and that concerns over the security of the reporting system could be put to rest.

She added that it would have taken someone with ulterior motives and "high levels of technology know-how" to access the data, and that there is no evidence of this happening so far.

Meanwhile CEOP chief executive, Peter Davies, said "The risk was a hypothetical one."

"We thank the member of the public who brought this issue to our attention and have rectified the problem so people can continue to report any concerns they have to us, with the reassurance that their report will remain secure."

However, the ICO said that it will look into the security breach.

“We are making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken,” said a spokesperson.