CEOP fixes security flaw found in its online reporting form

A serious security flaw found in the Child Exploitation and Online Protection Centre's (CEOP) online reporting procedure has been fixed.

The online form used by members of the public to inform the child protection agency of suspicious activity was not encrypted, meaning people's personal data was vulnerable when being transmitted to CEOP's servers.

The security problem was found by a member of the public in April this year and reported to the Information Commissioner's Office (ICO). The privacy watchdog found that the flaw had existed for several months following the launch of CEOP's new website.

According to the ICO this has now been rectified and the privacy watchdog's acting head of enforcement, Sally Anne Poole said: "Organisations must make sure that any personal data transmitted electronically is adequately protected.

"While there is no evidence to suggest that attempts have been made to access any of the information, it is highly likely that it would have been sensitive in nature and should not have been compromised by insufficient IT security measures.

CEOP chief executive Peter Davies and Trevor Pearce director general of its parent organisation, the Serious Organised Crime Agency (SOCA) have jointly signed an undertaking to ensure that CEOP's website is regularly tested. This will ensure the personal data they process remains secure and potential weaknesses are immediately identified.

CEOP will also introduce recommendations included in a recent Information Security Review and continue to ensure they are followed.

Poole said: "We are pleased that CEOP and SOCA have taken action to make sure that all of the information sent in by members of the public remains secure."