Personal data of all 38,000 runners in Sunday’s London Marathon, including their home addresses, was accessible to any logged in user of the event’s website, it has emerged.
The ‘glitch’ was exposed after a member of the public used the data to contact a female television presenter, the BBC reported last night. Other celebrities whose contact data was freely accessible include chef Gordon Ramsey and model Nell McAndrew.
Nick Bitel, CEO of the London Marathon, apologised for the error. ""We immediately made sure that the glitch was corrected," he told the BBC. "We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public."
The Information Commissioner’s Office (ICO) said that it will be investigating the breach.
Last week, the ICO criticised Japanese electronics giant Toshiba for a web application security flaw that exposed 20 customers’ personal data online. The details of entrants to an online competition could be accessed by simply changing a number in the URL.
Although the functionality was built by a third party, the ICO said Toshiba was at fault for failing to have take sufficient security precautions of its own. However, the ICO did not fine Toshiba for the breach. Instead, the company agreed to improve its security precautions.