Investment Week website suffers data leak

(Image credit: Pixabay) (Image credit: Image Credit: Pixabay)

Thousands of readers of a major UK financial news sites may have had their personal data leaked after the site suffered a major data breach.

As many as 330,000 financial buffs may have had their details revealed after the Investment Week website was found to be failing to protect user details securely.

The information, apparently held in unprotected records, included sensitive personal information such as full names, email addresses, and other subscription details, including business addresses - which given the theme of the publication, could include some of the UK's top firms.


The database also included unencrypted user passwords, which could have been cracked if subject to a brute-force attack.

The breach was discovered on April 4th, but more information was detected this week on a Reddit thread uncovered by anonymous security researchers.

Incisive Media, the publisher of Investment Week, released a statement on April 29th saying it was "sorry" to inform readers of a "potential breach of security that may have resulted in the unauthorised disclosure of your login details to our websites".

"Incisive Media take data security and protection very seriously," the company added, noting that it had informed the Information Commissioner’s Office (ICO) of the breach.

However the researchers who discovered the threats did not immediately hear back from Incisive, meaning it may have breached the 72-hour disclosure window demanded by GDPR.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.