July Data Breach Roundup
As we roll our way through the summer, the number of data breaches occurring only continues to mount, with July being yet another hectic month.
This is our short roundup of the recent work we have been carrying out to support victims of data breaches, as well as a closer look at some of the most notable data breaches to hit the news in July and updates related to the wider data breach industry.
Have you had your personal data exposed in a data breach? Looking for expert advice and support? Please get in touch today.
Our recent work supporting victims of data breaches
Furniture Village cyber incident raises concerns over data breach
Following a cyber-security incident in June, the furniture retailer Furniture Village were forced to quickly shut down their systems, to mitigate the potential impact. While that decision ultimately caused huge disruptions to customer orders and deliveries, the consequences of the incident didn’t stop there.
It was later revealed that personal data belonging to Furniture Village employees was also exposed in the breach. This fact was not publicly revealed by Furniture Village, who instead focused on the fact that customer data had not been exposed in the breach.
Read more about this story here.
Guntrader Suffer Data Breach as Customer Records are Published to Dark Web
Thousands of names and addresses belonging to customers of the firearms dealer Guntrader.uk were published to the dark web in July following a cyber security incident.
Around 100,000 customer records were stolen, with data such as names, phone numbers, email addresses and users’ geolocation all falling into the hands of the unauthorised third party responsible for the original incident.
Beyond the immediate loss of privacy, the affected users are facing, this particularly breach also raises a number of unique security concerns. Gun ownership is tightly controlled in the UK and firearms are very valuable on the black market. If criminals are able to access the data on the black market, there is an increased risk that affected users will be targeted in person.
Jon Else, Director at Hayes Connor, spoke about the incident, saying: “This is hugely worrying for anyone who is affected or thinks they might be affected. We’ve already had worried gun owners contacting us about this and their fears are genuine. If their details have fallen into the hands of organised criminals, then they’re now concerned that their families and their properties could be targeted.”
The biggest data breaches uncovered in July 2021
New Skills Academy data breach
New Skills Academy, a major online learning provider based in Hertford, suffered a data breach in July which resulted in account information of its customers being exposed to unauthorised sources.
The number of users who have been affected by the breach are still unknown, but it has been revealed that the information accessed includes usernames, email addresses and encrypted passwords.
In a notification sent out to New Skills Academy users, the learning provider stated: “We have been notified that online education providers have been targeted by sources looking to acquire user data in recent weeks and, upon investigating our own systems, we discovered that some customer account information may have been exposed to unauthorized sources.”
Read more about this story here.
Oxford City Council expose rent statements to the public
Oxford City Council had to apologise to residents after a ‘computer error’ caused a potential data breach over rent statements. This came after local residents raised the alarm of a potential breach when they received the wrong rent statement in the post.
The issue is said to have occurred after a new computer system that supports the council’s landlord services to its 7,800 council homes was recently installed. Errors in the system meant that data being transferred from the old system to the new one resulted in a ‘small proportion’ of rent statements being sent to the wrong address.
The council believes that around 80 homes have been affected, however they are still looking to verify that number.
Read more about this story here.
National Lottery Community Fund put six years’ worth of data at risk
A data breach at the National Lottery Community Fund (NLCF) has left more than six years of contact and bank details exposed. The NCLF declined to confirm exactly how the breach occurred or how many individuals were affected.
The data includes contact details, date of birth, bank details and the applicant organisation’s address and website.
The NLCF has stated that, as this is still an ongoing investigation, there is a chance that other personal data might be affected, and it would update its website once it has confirmation.
Read more about this story here.
The latest data breach news and announcements
ICO Fines Transgender charity Mermaids for Data Breach
The Information Commissioner’s Office (ICO) fined the transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.
The ICO’s investigation began after it initially received a data breach report from the charity in relation to an email group which was set in 2016 and used for a year until it was decommissioned. The charity only became aware of this breach in June 2019.
The email group was created with insufficient security measures, leading to approximately 78- pages of confidential emails being viewable online for three years.
During the investigation carried out by the ICO, it was found that Mermaids’ approach towards data protection was negligent and that there was a lack of inadequate policies and training for staff.
Read more about this story here.
ICO publishes annual tracking research
The ICO have published their annual tracking research, surveying over 2,000 individuals to monitor changes in what people think about data protection and freedom of information.
77% of people who were surveyed said that protecting their personal information is essential, while the trust and confidence in how companies and organisations store and use personal information has remained broadly the stable since 2020.
Read more about the research here.
Investigation launched into Department of Health and Social Care CCTV footage
The ICO have announced that is investigating an alleged data breach related to the Department of Health and Social Care (DHSC).
EMCOR Group plc, which provides facilities management and CCTV services for the DHSC, has submitted a breach report, alleging that images were taken from the DHSC CCTV system without consent.
Personal computer equipment and electronic devices were seized as part of the operation and the ICO’s enquiries are ongoing.
Read more about this story here.
Speak to our legal experts about a data breach
If you are a victim of a data breach, you may be in a position to claim compensation. Whether or not you have suffered specific harm or financial loss, if your data has fallen into the wrong hands or been exposed due to negligence, you may be able to access substantial damages.
At Hayes Connor, we have one of the largest teams of data breach specialists in the country, with a wealth of combined experience representing a wide range of clients of data breaches.
Our expert team can work alongside you to help clarify whether you have a claim, how the claims process works and the level of compensation you may be able to receive.
We aim to ensure that anyone affected by a data breach is able to access the compensation they deserve, making the claims process as straightforward as it can be for our clients.
You can find out more about our expertise and how we handle data breach claims here.
To start a claim, you can use our online claim form.