SFO's data breach blunder over BAE Systems bribery trial cost it £180,000

The Serious Fraud Office sent thousands of documents to a witness in the BAE Systems bribery trial, who passed them onto The Sunday Times before the breach was discovered in 2013.


The Serious Fraud Office (SFO) was fined £180,000 after files from an alleged bribery investigation of BAE Systems were sent to a witness, who proceeded to disclose them to a national newspaper.

The witness in the serious fraud, bribery and corruption investigation was sent evidence relating to 64 other people involved in the case, the Information Commissioner’s Office said today.

The allegations that senior executives at BAE Systems had received payments, including two properties worth over £6 million, as part of an arms deal with Saudi Arabia, date back to 2010.

The SFO began returning evidence between 2011 and 2013 and the witness received over 2,000 bags of evidence including bank statements, hospital invoices, DVLA documents and passport details.

That witness disclosed the evidence to The Sunday Times, which published several stories based on the information.

An internal investigation took place in 2013, when the ICO was informed of the breach.

The ICO, an independent authority set up to monitor information rights, found that a temporary worker who had little training and no direct supervision had handled the documents.

“Anyone who provides information to a criminal investigation does not take this decision lightly and often does so at considerable risk to themselves. People will be quite rightly shocked that the Serious Fraud Office failed to keep the information of so many individuals connected to such a high-profile case secure.

“Given how high-profile this case was, and how sensitive the evidence being returned to witnesses potentially was, it is astounding that the SFO got this wrong. This was an easily preventable breach that does not reflect well on the organisation. All law enforcement agencies should see this penalty as a warning that their legal obligations to look after people’s information continue even after their investigation has concluded.”

The Serious Fraud Office said it had recovered “98 percent” of the documents that shouldn’t have been disclosed.

"Recommended For You"

ICO fines Plymouth City Council £60k for unsecure printing system Student Loans Company criticised by ICO for data breaches