Toshiba Information Systems (TIS) has been slammed by the Information Commissioner's Office (ICO) for breaching the Data Protection Act (DPA) after a fault on a competition website designed by a third-party developer left the details of entrants visible to the public.
The flaw exposed some 20 individuals' names, addresses, dates of birth and contact details and the issue was only brought to light when a member of the public contacted the ICO to inform them of the error.
The ICO said that Toshiba had not imposed stringent enough rules on its developers, which resulted in the faulty website going live.
Stephen Eckersley, the ICO's head of enforcement, said the watchdog was satisfied Toshiba was now aware of the measures it needs to take to avoid a similar incident in the future and warned other firms of the importance of checking work produced by outside agents.
"It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure," he said.
"We would urge other UK organisations with interactive websites to make sure they have suitable checks in place before collecting peoples' details online."
Toshiba said it welcomed the ICO's report and sought to reassure its customers that it had learnt from the incident and had addressed the issue as soon as it was made aware of the breach.
"Toshiba takes the security of its customers' personal information very seriously and following this occurrence conducted an extensive internal review of all data protection procedures and protocols throughout the organisation," it said.
"It is important to bear in mind that no sensitive data was at risk, and that on discovering the data vulnerability Toshiba took immediate action to remedy the issue within a matter of hours and subsequently contacted all affected customers."
Under the current DPA, there is no definition of 'sensitive data', merely a requirement on firms to protect personal information that they collect.
Last week the ICO was forced to issue an undertaking against an NHS trust after two unencrypted USB sticks containing sensitive data were mislaid, as data breaches continue to occur in both the private and public sectors.
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Spray-on antenna could enable seamless integration of antennas with everyday objects
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA