The UK’s Foreign Office was complicit in exposing of personal details of thousands visa applicants to the public web, the privacy watchdog the Information Commissioner’s Office (ICO) has found. It has therefore broken the terms of the Data Protection Act,

According to a Channel 4 investigation into the leak, identity data relating to 50,000 Indian citizens was insecurely stored by a visa application website.

Development and management of the offending website had been outsourced to VFS, an Indian company that also holds UK government contracts for similar sites in Russia and Nigeria. The government’s dealings with VFS are now under review.

A report from the ICO on the incident concluded that data security had not been a high enough priority in the project specification. "Sound security needs to be woven into the business and cannot be simply bolted on as an extra," the report reads.

Further reading

Commisioner lambasts data protection UK CEOs accused of "horrifying" lack of concern.

Find more stories in the Security & Continuity Briefing Room