January 2022 Data Breach Roundup
A new year means new data breaches to report. The educational sector was hit the hardest in January, with three school data breaches being reported.
Here we report a brief roundup of some of the most significant data breaches to hit the news in January, including the data of more than half a million vulnerable people stolen from the International Red Cross. We also include some important updates in concern to the wider data breach industry.
Are you a victim of a data breach and had your personal data exposed? Are you looking for expert legal advice and support? Please get in touch with our data breach solicitors today.
The biggest data breaches uncovered in January 2022
Russian hackers linked to cyber attack on Gloucester Council
On December 20, 2021, Gloucester Council were subject to a cyber attack, which is still currently causing disruption to their website over a month later.
Since the attack occurred, the local council has been working alongside the National Crime Agency and the National Cyber Security Centre to learn more about how it happened. It has been found that the malware responsible for the disruption was embedded into an email one of the council officers received.
The council have been contacted by sources alleging Russian hackers were responsible for the breach.
Read more about this story here.
Parents of students at Liverpool school targeted by scam email
Many students and parents of current and past students at The Whitby High School in Liverpool received an email claiming to be from school officials.
The email in question deafferented depending on the receiver, with one receiver saying, "I got one that related to an email conversation in 2020!!"
Parents went to Facebook to make other individuals associated with the school aware of the scam and to ensure they did not open the link.
The school is aware of the data breach and are currently taking measures to investigate the breach and who is responsible. One mother of a child at the school discovered that the sender responsible is located in the USA.
Read more about this story here.
Human error led to Worcestershire school COVID-19 test mix up
Students at The De Montford School were involved in a data breach incident ascribed as a “human error”. Following the Christmas break, students underwent COVID-19 tests, but unfortunately, in a mix up, a small number of students’ results were sent to the wrong parents.
One of the students affected by the data breach was Amelia Felton, whose mother, Becky, was only made aware of the breach by another child’s parent who had received Felton’s test result. Becky said, “It was another parent that told me she had received my daughter’s result. This is a serious breach of personal data.”
The breach has since been investigated, following the school’s data protection policy, and confirmed to be caused by human error. The school have reported the data breach to the Information Commissioner’s Office.
Read more about this story here.
Year 11 students’ private data released
A document concerning the needs of children at Greensward Academy was accidentally released onto Google Classroom visible to other parties’ part of the school.
The breach was a human error made by a teacher who was unaware that the document contained personal information, including free school meal statuses, addresses, deprivation statuses, exam dispensation and special educational needs.
The document on Google Classroom was available to view by parents of students and the year 11 students themselves.
An anonymous parent expressed, “Some kids might not want other kids to know these things about them, as sadly, when it comes to stuff like free school meals, they might be mocked or looked down upon.”
Read more about this story here.
International Red Cross have half a million vulnerable peoples data stolen
Personal details of 515,000 people’s data were stolen from the International Red Cross. The humanitarian organisation helps people who are victims of conflict and armed violence, meaning many of those affected were highly vulnerable victims of war.
The ICRC Director-General pleads with those who are responsible to "do the right thing - do not share, sell, leak or otherwise use this data". It puts those vulnerable people at an even greater risk than they already are.
It is not yet known who carried out the cyber attack on the organisation, but it is known that the external company that were used to store the data were targeted.
Read more about this story here.
The latest data breach news and announcements
The ICO appoints a new UK Information Commissioner
The new year at the ICO started with a new UK Information Commissioner. John Edwards joined the ICO on a five year term, replacing Elizabeth Denham CBE. Edwards spent the last eight years as New Zealand Privacy Commissioner.
Edwards expressed, “My role is to work with those to whom we entrust our data so they are able to respect our privacy with ease whilst still reaping the benefits of data-driven innovation. I also want to empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong.”
The ICO expects a busy year with plans to propose reforms to the government in concern with the Data Protection Act and the introduction of the Online Safety Bill.
The ICO announce they’re conducting a listening exercise
The ICO want to understand more about individuals, businesses, and organisations experience of working with the ICO.
They plan to learn more about the experiences through the means of surveys and a series of events where the new UK Information Commissioner, John Edwards, will directly listen and discuss the experiences of individuals, businesses, and organisations.
Edwards explains, “I’m new here. I’ve worked in data protection and freedom of information for many years, and now my focus is on immersing myself in the UK system. I want to hear from businesses and organisations about their experiences. What’s working? What’s not? I want to know what would help you to achieve your objectives under our legislation.”
Speak to our legal experts about a data breach
Even where you have not suffered a loss due to a data breach, it is still possible for you to make a compensation claim. When you trust a business to handle your sensitive data, they have a legal responsibility under GDPR to keep it secure. Where this has not been done, and as a result, you become a victim of a data breach, you have the potential to suffer substantial damages.
Our team at Hayes Connor are data breach specialists, having one of the largest data breach teams nationally. We have decades of combined experience and will provide a bespoke service. No matter the type of data breach you have suffered, our team have the knowledge and expertise to assist.
We will take the time to understand your situation so we can establish whether you have a claim. We will clearly explain the claims process and the possible available compensation.
You can find out more about our expertise and how we handle data breach claims here.
To start a claim, you can use our online claim form.