ransomware

UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack

By Nikolaos Theodorakis, Tom Evans, Laura Brodahl & Matthew Nuding on April 8, 2025

On March 27, 2025, the Information Commissioner’s Office (ICO) announced a fine of 3 million GBP (3.9 million USD) against a software provider (the company) for security deficiencies following a ransomware incident (e.g., lack of multi-factor authentication (MFA)). This is the first time the ICO has fined a processor under the UK’s General Data Protection Regulation (GDPR). This post provides an overview of the decision and outlines the key points companies should consider, including the security measures the ICO expects them to implement.Continue Reading UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack

Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements

By Demian Ahn, Cédric Burton, Nikolaos Theodorakis, Tom Evans, Laura Brodahl & Claudia Chan on January 24, 2025

Posted in Cybersecurity

On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements

The Data Advisor

ransomware

UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack

Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements

ABOUT OUR DATA, PRIVACY, AND CYBERSECURITY PRACTICE