Racing Post Avoids Fine Over Hacked Accounts
A hack attack on the Racing Post saw 677,000 customer details stolen - but the sports betting newspaper will not be fined.
The names, address, passwords, dates of birth and telephone numbers of customer accounts were exposed in the attack in October last year.
But the Information Commissioner's Office (ICO) has announced that it has narrowly avoided being fined, and the paper has promised to improve its security.
ICO head of enforcement Stephen Eckersley said: "There is barely a day that goes by without a company being the target of an online attack.
"This is the modern world and businesses and other organisations must have adequate security measures in place to keep people's information secure.
"The Racing Post pulled up short when it came to protecting their customers' information by failing to keep their IT systems up to date.
"This data breach should act as a warning to all businesses that poor IT security practices are providing an open invitation to your customers' details."
The hackers used an SQL injection attack to gain access to the company's database of registered customers.
An investigation carried out by the ICO found that the last security test on the website took place in 2007, and security patches were not up to date.
The ICO can issue penalties of up to £500,000 for serious breaches of the Data Protection Act.