The Child Exploitation and Online Protection Centre (CEOP) has admitted its website contained an unencrypted form, potentially placing user data at risk.
A member of the public was responsible for highlighting the unencrypted form, which related to the CEOP button integrated into Facebook last year, a spokesperson told IT PRO.
"The day we were made aware of the problem we rectified it. The issue isn't a problem anymore," the spokesperson said.
CEOP chief executive (CEO) Peter Davies said the risk "was a hypothetical one."
"We thank the member of the public who brought this issue to our attention and have rectified the problem so people can continue to report any concerns they have to us, with the reassurance that their report will remain secure," Davies added.
Despite reassurances no user data appeared to have been taken, the Information Commissioner's Office (ICO) said it would be launching an investigation.
"We are making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken," an ICO spokesperson said.
The CEOP button, which became known as the ClickCEOP panic button, was made live on Facebook in July 2010 after plenty of back and forth between the social network and the campaign group.
The button offers advice on staying safe online and lets users report any cases of suspected grooming or improper sexual behaviour.
Although CEOP moved to fix the problem on its own website quickly, anyone with malicious intent and the know-how could hijack a user's unencrypted web session on a non-HTTPS site.
There has been much talk about the value of HTTPS recently, with Twitter adding the security layer last month.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
