Snapchat, the popular photo messaging app where photos, videos, texts and drawings are sent as “Snaps” to recipients, is the latest big name to fall foul of hackers. The hackers breached Snapchat's security systems and were able to download usernames and phone numbers for 4.6 million Snapchat accounts. These details were then temporarily made available through a website called SnapchatDB, save for the last two digits of phone numbers. This may not be the end of problems for Snapchat as the hackers have said they may yet release the un-redacted data at a later stage.
Snapchat is not the first big name to be hacked. Sony received a £250,000 fine from the ICO last year after its Sony Playstation Network Platform was hacked in April 2011. The ICO's position is that an organisation should have had appropriate measures in place to prevent the hacking. Organisations need to maintain up to date software and keep up to speed with technical developments to try and reduce the risk of attack. The Snapchat case serves as a reminder that criminal activity is not enough to exempt an organisation from a fine and that keeping up to speed with technical developments is no easy feat. Failing to put robust protections in place in advance of an attack can be exceedingly costly. Particularly if your organisation holds a large amount of personal data, or sensitive personal data, you should consider carefully how best to protect areas which may be vulnerable to attack and invest in appropriate measures. Ultimately if the worst happens, and you are hacked, could you show the ICO that you had done all that could be expected?
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at January 2014. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.
TLT LLP is a limited liability partnership registered in England & Wales number OC 308658 whose registered office is at One Redcliff Street, Bristol BS1 6TP England. A list of members (all of whom are solicitors or lawyers) can be inspected by visiting the People section of this website. TLT LLP is authorised and regulated by the Solicitors Regulation Authority under number 406297.