Back to Explorer
UK GDPRGovernment

Ministry of Defence

€406,000

Authority

ICO

Country

United Kingdom

Date Issued

February 25, 2024

Industry

Government

Summary

The UK Ministry of Defence inadvertently disclosed 265 email addresses by sending emails using the 'To' field instead of 'BCC', violating GDPR Article 5(1)(f) on data security and confidentiality. The ICO imposed a £350,000 fine for this breach of security obligations.

Violation Types

SecurityData BreachData Subject Rights

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert