August Data Breach Roundup
August has been and gone, with plenty more data breaches taking place in a variety of different sectors.
This is our short roundup of the most significant data breaches that hit the news in August, as well as some notable updates related to the wider data breach industry.
Have you had your personal data exposed in a data breach? Looking for expert advice and support? Please get in touch today.
The biggest data breaches uncovered in August 2021
Isle of Wight schools affected by ransomware attack
Six schools on the Isle of Wight, alongside the Isle of Wight Education Federation, had their data encrypted in an August cyber-attack. All of the schools’ websites were subsequently taken offline while the issue was investigated.
The Isle of Wight Federation said that it was liaising with authorities to pursue those responsible for the attack.
A spokesperson for the Federation said: "As you can imagine, the team now have hours, days, and months of work ahead of them to recreate the information that has been lost. In order to assist with this painstaking process, the Trustees have approved the school to close for 3 extra days at the end of the summer holidays.
“This means the children will not be returning to school until Monday 6th September 2021. We ask that you are patient with the team during this period,"
Read more about this story here:
T-Mobile suffer data breach after sophisticated cyberattack
T-Mobile was hit by a ‘highly sophisticated’ cyberattack that compromised the personal data of more than 7.8 million customers. In addition to this, more than 40 million records belonging to former or prospective customers were also exposed.
The incident was discovered after reports emerged claiming that criminals were attempting to sell a large database containing T-Mobile customer data. This means that attackers were able to break into the company’s systems without being detected or setting off any alarms.
After disclosing the breach, T-Mobile said that it was ‘confident’ that it has shut down the entry point used by the hackers.
Read more about this story here.
Criminals hack trusted websites in text message fraud wave
An investigation by Telegraph Money in August revealed that a number of high-profile business websites had been hacked, with malicious pages being planted to steal personal data.
Consumers have been receiving waves of text messages containing links to pages which aim to harvest personal details in order to steal from unsuspecting victims. Targets have included a British car servicing company and a consultancy in the United Arab Emirates.
Hayes Connor’s Legal Director, Richard Forrest, told the Telegraph that being hacked puts companies at risk of breaching data protection law, although the degree would depend on what happened to victim’s data and where it was stored.
Read more about this story here.
Microsoft Power Apps leak data belonging to 38 million people
A security research team uncovered an issue with the default permission settings in the app-building tool Microsoft Power Apps, leaking data belonging to 38 million people.
The exposed data is said to include names, email addresses, phone numbers, social security numbers and COVID-19 vaccination status. Microsoft responded by releasing a tool for checking Power Apps portals and planned changes to the product so that table permissions will be enforced by default.
As of yet, there is no evidence to suggest that the breached data has been exploited.
Read more about this story here.
Housing association residents hit by phishing emails following cyber attack
London housing association residents were sent phishing emails by fraudsters in August after a cyber-attack against a repairs provider led to email addresses being accessed by unauthorised third parties.
Residents living in homes belonging to L&Q, Notting Hill Genesis, Peabody and Penge Churches Housing Association (PCHA) received messages that attempted to defraud them of money by posing at repairs platform, Plentific.
Plentific said it could not disclose how many tenants were affected but confirmed that not all client or tenant data had been impacted.
Read more about this story here:
The latest data breach news and announcements
ICO details what happens next after introduction of the Children’s Code
In August, the ICO released detailed information about the Children’s Code, which officially came into force at the start of September. The Children’s Code plans to create a safer internet, by ensuring online services likely to be accessed by children respect their rights and freedoms when using their personal data.
Facebook, Google, Instagram, TikTok and others have all made significant changes to their child privacy and safety measures in response to the code.
The ICO stated that they expect organisations to prove that children’s best interests are a primary concern moving forward.
Read more about this story here.
ICO approves first UK GDPR certification scheme criteria
The ICO approved the first UK GDPR certification scheme criteria in August. Certification was brought in under the UK GDPR as a way to help organisations demonstrate compliance with data protection rules and, in turn, inspire trust and confidence among consumers.
Organisations which achieve the standards set out these certification schemes can create a competitive advantage, demonstrating they have the highest level of commitment to data protection compliance.
Anulka Clarke, Acting Director of Regulatory Assurance of the ICO said: “This is a significant step forward in enabling organisations to demonstrate their commitment to compliance with UK data protection law.”
Read more about this story here:
Guidance released on direct marketing and the public sector
The ICO published a new resource to help public sector organisations understand when direct marketing rules apply to their messages. If a message is considered to be direct marketing, public authorities need to comply with strict rules in the Privacy and Electronic Communications Regulations (PECR).
The guidance, aimed at those responsible for data protection within public sector organisations, is designed to help people send promotional messages that are legally compliant.
Anthony Luhman, ICO Director, said: “Done properly the public should have trust and confidence in promotional messaging from the public sector.”
Read more about this story here.
Speak to our legal experts about a data breach
If you are the victim of a data breach, you be able to claim compensation, regardless of whether you have suffered specific harm or financial loss. If a company’s negligence has caused your data to fall into the wrong hands, you may be able to access substantial damages.
At Hayes Connor, we have one of the largest teams of data breach specialists in the country, with a wealth of combined experience representing a wide range of clients of data breaches.
Our expert team can work alongside you to help clarify whether you have a claim, how the claims process works and the level of compensation you may be able to receive.
We aim to ensure that anyone affected by a data breach is able to access the compensation they deserve, making the claims process as straightforward as it can be for our clients.
You can find out more about our expertise and how we handle data breach claims here.
To start a claim, you can use our online claim form.