Information Commissioner warns firms still using Windows XP

The Information Commissioner's Office has warned companies about the data protection threat if they continue to use Windows XP.


The Information Commissioner's Office has warned companies about the data protection threat if they continue to use Windows XP.

This Tuesday (8 April) sees the end of official support for Microsoft’s Windows XP and Microsoft Office 2003 products.

The ICO said: "This is important news for businesses using these products, as it means their systems and the personal data stored within it could potentially be vulnerable.

"The problem will get worse over time as more vulnerabilities are gradually discovered, creating more opportunities for an attacker to exploit and potentially gain unauthorised access to systems."

If firms do not fully secure their data they are subject to fines of up to £500,000 under the Data Protection Act.

Simon Rice, ICO technology group manager, said: "As a responsible data controller, it is your organisation’s responsibility to make sure you have the measures in place to keep people’s details safe.

“Anyone using either of these two products must consider their options and ensure that personal data is not unduly placed at risk. Failure to do so will leave your organisation’s network increasingly vulnerable over time and increases the risk of a serious data breach that your actions could have prevented."

Business consulting firm KPMG has also spelt out the risks for firms continuing to run Windows XP systems beyond this week's support deadline.

KPMG said estimates suggest that almost one in five (20 percent) of personal computers still run XP. While this figure has dropped from 25 percent last year, it will "remain stubbornly high for some time", said KPMG.

The "picture is even more complex" with XP still running on computers embedded in systems that are difficult to upgrade, like ATM machines, kiosks, airline ticketing or military systems, KPMG said.

Stephen Bonner, a partner in KPMG’s information protection and business resilience team, said: "XP will be with us for some time, and in some quite unexpected places. Little wonder banks and governments are paying millions of pounds to extend support beyond 8 April.”

And highlighting the potential vulnerabilities of legacy XP systems, Bonner said: “Computers running XP provide a useful population of vulnerable systems to recruit into botnets for spam and potential attacks.

“There has been speculation about cyber criminals holding back a large store of XP vulnerabilities ready to exploit obsolescent systems. I doubt that will happen - the incentive to exploit early and make money is just too great."

"Recommended For You"

Windows XP users left high and dry as Oracle ends Java support Windows XP die-hards can slash attack risk by dumping IE