January Data Breach Roundup
January has been another busy month in the world of data breaches, with more breaches happening all the time and lots of interesting news around data protection and data breaches – including a recent BBC News article featuring our own data breach expert Christine Sabino, as well as Richard Forrest speaking in the Financial Times.
This is our roundup of recent work we have been doing to support data breach victims, as well as the most notable data breaches in the last month and the latest news and announcements affecting our industry and those impacted by data breaches.
You can also find out more about our coverage in the BBC and Financial Times, as well as a number of other places our team have popped up in the press by taking a look at our latest guide to Hayes Connor in the press.
Have you had your personal data exposed in data breach? Looking for expert advice? Please get in touch.
Our recent work supporting victims of data breaches
Hackers Steal Data from Cosmetic Surgery Chain The Hospital Group
The team at Hayes Connor are currently supporting several clients affected by the theft of data from cosmetic surgery chain The Hospital Group.
The data was stolen by hacker group REvil, also known as Sodinokibi, who claim to have obtained over 900 gigabytes of patient photographs.
A spokesperson for The Hospital Group confirmed: “Elements of our IT systems were accessed by an unauthorised third party on December 6th.”
Read more about this story here.
Blackpool Council data breach reveals HMO licence holders’ personal details
We are acting for a number of clients affected by an accidental leak of personal data by Blackpool Council contained in a response they provided to a Freedom of Information (FOI) request made about House in Multiple Occupation (HMO) licences.
The information was published online in November 2018 and included over 400 HMO licence holders’ personal contact details, dates of birth and ethnicities.
In an email to an HMO licence holder, a Blackpool Council Data Protection Officer formally apologised for the leak, admitted it was a breach of GDPR and confirmed the council would be self-reporting the matter to the Information Commissioner’s Office for investigation.
Read more about this story here.
The biggest data breaches uncovered in January 2021
Millions of passwords stolen in data breaches for sale on dark web
Millions of passwords stolen in data breaches are being sold on the dark web, according to an investigation carried out by Which?.
The investigation found that stolen account information and other data was being advertised for sale on the dark web, which is the name for a hidden part of the internet not accessible through normal means.
The data for sale included account information related to customers of household names including Tesco, Deliveroo and McDonald’s. This information could potentially be used to close accounts or gain access to online services, such as the Deliveroo app.
Read more about this story here.
E.On customers left without gas and electricity following data breach
E.On customers who use the company’s pre-payment meters have been left without gas or electricity after the energy supplier suspended its app following a security breach that saw customer login details stolen.
The E.On app was taken down on 12 January and is used by tens of thousands of households to top up pre-pay meters. This has led to hundreds of complaints from E.On customers unable to top up their meters, meaning they have no gas or electricity once their current balance expires.
E.On said that they deactivated the app after discovering hackers attempting to access customer accounts using personal data stolen from a third party.
Read more about this story here.
Grindr fined £8.5m for data privacy breach
Gay dating app Grindr is to be fined £8.5million for illegally disclosing user data to advertising firms. The fine has been issued by the Norwegian Data Protection Authority and is equivalent to 10% of the company’s annual turnover.
The Norwegian regulator announced the fine following an investigation it carried out in response to a consumer complaint in 2020 that accused the app of sharing personal data with third parties for marketing purposes.
Read more about this story here.
Criminal group leaks Hackney council files online following cyber attack
A cyber criminal group has posted documents online that it claims were stolen from Hackney council last year in a ransomware attack.
The group, known as Pysa/Mespinoza, published the documents allegedly stolen from Hackney Council on the dark web, making them potentially accessible to fraudsters and other criminals who know where to look.
The names of the files included in the leak suggest the data could include people’s passport information, as well as staff data and other photo ID data.
Hackney council announced it has suffered a serious cyber attack in October 2020 and that it has self-reported to the Information Commissioner’s Office.
Read more about this story here.
The latest data breach news and announcements
£480,000 in fines issued to companies behind nuisance calls
The Information Commissioner’s Office (ICO) has issued fines totalling £480,000 to four companies who were found to have made unlawful phone calls to numbers registered with the Telephone Preference Service (TPS).
Between them, the companies made 2.4million of the illegal calls, with over 250 complaints made to ICO and the TPS in response. Making calls to a number that has been registered with the TPS for more than 28 days is a crime
Read more about this story on the ICO website.
UK government agrees to maintain free flow of personal data from EU for up to 6 months
The UK government’s Brexit treaty with the EU will allow personal data to be passed freely from EU and EEA member countries to the UK for up to 6 months from January 1 2021. This is intended to prevent any immediate disruption that could be caused to businesses, law enforcement and other organisations while more long-term arrangements are made.
Read more about this story on the ICO website.
ICO resumes adtech investigation
ICO has now resumed its investigation into Real-Time Bidding (RTB) technology, that allows companies to bid for digital advertising space in milliseconds. This technology is behind billions of online adverts every day. ICO’s investigation was paused in May 2020 in response to changing priorities due to the COVID-19 pandemic.
The ad tech investigation is of potentially huge importance for data protection and data breaches as the automated nature of this technology means that people’s data may be being shared with hundreds of companies for ad targeting purposes without proper checks being carried out to assess whether that data will be processed securely.
Read more about this story on the ICO website.
Speak to our legal experts about a data breach
If you have suffered harm as a result of a data breach, you are likely owed compensation. Even if you have not suffered specific harm, you may still have a claim, but if you have experienced financial, emotional or other personal consequences of a data breach, substantial damages could be available.
Hayes Connor has one of the largest teams of data breach claims specialists in the country, boasting a wealth of experience in representing clients who have suffered due to a data breach. Our friendly team are equipped to advise you on whether you have grounds for a claim, the level of compensation you may be entitled to, and what you need to do to start a claim.
We understand the emotional impact a data breach can have on an individual. So, not only do we want to help you get the compensation you deserve, we want to make the process as simple and stress-free as possible.
You can find out more about our expertise and how we handle data breach claims here.
To start a claim, you can use our online claim form.
To speak to a member of our team, please do not hesitate to give us a call on 0151 363 5895.