UK GDPRTechnology

Optionis Group Limited

Data Breach

Authority

ICO

Country

United Kingdom

Date Issued

October 9, 2023

Industry

Technology

Summary

Optionis Group Limited suffered a ransomware attack resulting in personal data exfiltration due to inadequate security controls including lack of multi-factor authentication, insufficient account lockout policies, and absence of a clear Bring Your Own Device policy. The ICO issued a reprimand for these UK GDPR infringements.

Violation Types

Data BreachSecurityRisk Assessment

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert