Back to Explorer
UK GDPREducation

Chartered Institute for Securities & Investment

Data Breach

Authority

ICO

Country

United Kingdom

Date Issued

February 20, 2023

Industry

Education

Summary

An unauthorized third party exploited a known vulnerability in Sitefinity software to conduct a brute-force attack and upload malicious code to CISI's website checkout page, capturing payment details and personal data of approximately 3,883 UK data subjects. The organization was running unsupported software, which contributed to the security failure.

Violation Types

Data BreachSecurityData Subject Rights

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert