ICO to investigate Parcelforce data breach

published 19 June 2009

The Information Commissioner's Office (ICO) will investigate how confidential and personal data was exposed to people tracking deliveries on the Parcelforce website.

It comes after a BBC report revealed that a failure in the Parcelforce system allowed people who were using the mail tracing service to see the name, postcode and signature of a number of addressees.

Reference numbers were entered into the track and trace' feature on the Parcelforce website, which revealed details of unconnected deliveries.

Some parcels had already been delivered with the name, postcode and signature of the recipient shown, which the BBC said could be used for identity theft.

An ICO spokeperson said that any organisation that processed personal information needed to have proper safeguards to keep the data secure, and was an important principle of the Data Protection Act.

The spokesperson said in a statement: "Failure to protect personal details such as names, addresses and signatures could lead to information falling in the wrong hands and ultimately the loss of customers' trust and confidence."

The ICO said it would contact Parcelforce to establish how the security breach occurred. It would also find out what steps Parcelforce would be taking to ensure that similar breach couldn't happen again.

A Parcelforce Worldwide spokesman said: "We can confirm the problem was rectified and the service restored last night. We apologise to customers for any inconvenience caused."

This month the ICO rapped a hospital trust in Salford for losing a computer with data on 3,500 patients, while a survey claimed that a fifth of SMBs breached the Data Protection Act.

Get the ITPro daily newsletter