Advanced Computer Software Group Ltd – €3,500,000 Fine (United Kingdom, 2025)

€3,500,000Information Commissioner's Office26 March 2025United Kingdom
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Advanced Computer Software Group Ltd was fined €3.5 million for poor IT security that led to a ransomware attack. The attack exposed the personal data of over 79,000 individuals. This case serves as a warning that companies must implement strong security measures to protect sensitive information.

What happened

Advanced Computer Software Group Ltd was fined for failing to implement adequate IT security, leading to a ransomware attack.

Who was affected

79,404 individuals whose personal data was compromised during the ransomware attack on Advanced Computer Software Group Ltd.

What the authority found

The UK Information Commissioner's Office found that the company did not take appropriate measures to secure personal data, violating GDPR security requirements.

Why this matters

This case highlights the financial risks of inadequate data protection. Businesses should invest in robust security measures to safeguard personal information and avoid hefty fines.

GDPR Articles Cited

AI-verified

Art. 32(1) GDPR
View original scraped data
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
national law identified
amount discrepancy
entity split needed
United Kingdom enforcementInformation Commissioner's Office actionsAll Advanced Computer Software Group Ltd actions
Full Legal Summary
Detailed

The UK DPA (ICO) has fined Advanced Computer Software Group Ltd £3.07 million (EUR 3.5 million) for insufficient IT security (infringiment of Art. 32 (1) UK GDPR). The controller failed to implement appropriate technical and organisational measures to protect personal data. A ransomware attack in August 2022 allowed hackers to access systems of a health subsidiary via a customer account that lacked multi-factor authentication. As a result, the personal data of 79,404 individuals was put at risk.

Related Enforcement Actions (0)

No other enforcement actions found for Advanced Computer Software Group Ltd in UK

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 March 2025

Authority

Information Commissioner's Office

Fine Amount

€3,500,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Advanced Computer Software Group Ltd - United Kingdom (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: