I flagged a major Data Protection breach but still feel uneasy

stuartJo1989

boliston wrote: »

Fortunately this is the least serious type of hacking with a maximum of only 2 years imprisonment and/or a fine under the computer misuse act.

Hacking
Hacking is the popular term for what is properly called 'cracking'. We use the term hacking as a synonym for cracking, though strictly speaking a cracker is one who breaks into someone else's computer system, while a hacker is just a computer programmer.
Under the Computer Misuse Act 1990, the following are offences:
Unauthorised access to computer material (section 1);
Unauthorised access with intent to commit or facilitate commission of further offences (section 2); and
Unauthorised modification of computer material (section 3).
The maximum penalty for the section 1 offence (unauthorised access to computer material) is two years' imprisonment and a fine. For a section 2 offence, the maximum penalty is 5 years' imprisonment and a fine. For a section 3 offence, the maximum penalty is 10 years' imprisonment and a fine.
These offences are potentially wide in scope: even guessing the password to access someone else's webmail account could be prosecuted as an offence of unauthorised access to computer material.

What is the minimum sentence?

I ask that because it is evidently clear that OP had zero intention of "hacking" the website. They only did it to test their theory that there was a flaw in the system, which was found by pure chance.

I would suspect that, were charges to be brought against OP, it would only really be a slap on the wrist.

( so OP, don't unduly worry when you read posts like boliston's. It is more scaremongering than anything else).

I've actually done something similar in the past as well... There's a Chinese racket selling fake designer goods to Westerners and they are silly in that they upload their order sheet onto their master website. Effectively, it is possible to obtain the full details of their customers. I didn't do it for my own benefit, I did it to SHOW that there was a problem. Ended up passing the info over to ActionFraud (Police), but doubtful that they ever did anything with it. They certainly didn't prosecute me though

elsien

And to quote post 3

LauraFox wrote: »

:-) I did mention the freebie but I ve already forgotten about it.

This is the first time I report such an issue; I want to check with others who have some experience whether I should be satisfied with the current response and move on.

To be fair. the focus on money is now coming from other posters not the OP who was then asking if the potential data breach had been sufficiently resolved.

arcon5

boliston wrote: »

Fortunately this is the least serious type of hacking with a maximum of only 2 years imprisonment and/or a fine under the computer misuse act.

Hacking
Hacking is the popular term for what is properly called 'cracking'. We use the term hacking as a synonym for cracking, though strictly speaking a cracker is one who breaks into someone else's computer system, while a hacker is just a computer programmer.
Under the Computer Misuse Act 1990, the following are offences:
Unauthorised access to computer material (section 1);
Unauthorised access with intent to commit or facilitate commission of further offences (section 2); and
Unauthorised modification of computer material (section 3).
The maximum penalty for the section 1 offence (unauthorised access to computer material) is two years' imprisonment and a fine. For a section 2 offence, the maximum penalty is 5 years' imprisonment and a fine. For a section 3 offence, the maximum penalty is 10 years' imprisonment and a fine.
These offences are potentially wide in scope: even guessing the password to access someone else's webmail account could be prosecuted as an offence of unauthorised access to computer material.

Stop being so dramatic.