There was a public outcry followed by ICO “making enquiries” when Troy Hunt published a post about Tesco’s plaintext password reminders exactly a month ago.
I wanted to use the reference for a text I was writing last week when someone asked me about online accounts of Companies House. At that moment I said to myself, wait a second. Companies House sends plaintext reminders as well. How strange. I sent a link to a short post to ComputerWorld. They in turn managed to get a statement from Companies House that includes:
“… although it is [Companies House] certified to the ISO 27001 standard and adheres to the government’s Security Policy Framework, it will carry out a review of its systems in order to establish whether there is a threat to companies’ confidential information.” (more…)