September Data Breach Roundup
Plenty of data breaches took place across a variety of sectors in September, with sensitive personal information being exposed.
Our data breach roundup for September covers some of the most notable cases to hit the news over the past month, as well as any matters our team are currently supporting clients with.
If your data has been exposed because of a breach, our specialist solicitors will be able to advise you on the general process for making a claim. Please get in touch with our team to discuss the details of your case today.
Our recent work supporting victims of data breaches
Victims of domestic abuse put at risk following data breaches
A string of recent incidents has led the Information Commissioner’s Office (ICO) to issue a warning to organisations that handle personal belonging to victims of domestic abuse.
Seven different organisations have been issued with reprimands since July 2022, with separate data breach incidents having led to the exposure of personal data.
Wakefield Council have been revealed as one of the organisations responsible for a domestic abuse data breach. The other organisations, while not named in the ICO report, are said to include a law firm, housing association, NHS trust, government department and police service.
Legal Director at Hayes Connor, Christine Sabino has commented on the issue: “At Hayes Connor, we deal with a large number of these types of cases, and they are becoming more and more common, which is borne out by the ICO report. We are pleased that the ICO are now taking a more robust approach to these type of data breaches, which cause significant distress, fear of harm and in a lot of cases result in families having to flee for their safety.”
To read more about this story, click here.
Greater Manchester Police data breach
An investigation is ongoing after a third-party supplier for the Greater Manchester Police was the target of a cyber-attack.
The supplier is responsible for producing Greater Manchester Police’s identification badges and warrant cards. This means that they are thought to hold a range of sensitive information, including names, identity numbers and photographs.
Mike Peake, Chair of the Greater Manchester Police Federation, said “Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.
“To have any personal details potentially leaked out into the public domain in this manner – for all to possibly see – will understandably cause many officers concern and anxiety.
“We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”
To read more about this story, click here.
The biggest data breaches uncovered in September 2023
Data breaches uncovered across multiple Northern Ireland government departments
Reports have found that there have been almost 50 data breaches committed by Northern Ireland government departments over the past decade.
The data breaches are said to include the loss of papers containing medical data and a member of staff accessing their ex-partner’s benefits information.
Other breaches included the loss of a laptop and hard-copy files containing ‘special category information’.
Former commissioner for public appointments in Northern Ireland Felicity Huston has commented on the breaches: "The government is insisting more and more that we go online and they collect vast amounts of our data that way - the least they can do is keep it safe."
To read more about this story, click here.
Manchester school apologises for email data breach
North Cestrian School in Manchester has admitted to a serious data breach after mistakenly sending an email to multiple recipients.
The email, which was meant for the parent of a child who had been suspended, was sent to other parents. The email provided details of the child and the circumstances that led to their suspension.
Headmaster, Lee Bergin, said in a statement: "I can confirm that there was a data breach when a letter meant for one parent was accidentally sent to others. Within 20 minutes the letter had been removed.
"We treat data protection seriously. Staff receive training on data protection and our data protection policy meets the guidance of UK GDPR. This occasion was an act of human error. All staff have been reminded of their responsibility to adhere to our policy. We have now changed the circumstances by which the original error occurred."
Read more about this story here.
Save the Children struck by ransomware attack
International non-profit Save the Children were struck by a ransomware attack in September, resulting in various sensitive files being stolen, which featured financial, health and medical data.
The group that has taken responsibility for the attack, BianLian, claim to have stolen 6.8TB of data.
Save the Children have confirmed the breach, stating: “Save the Children International recently experienced an IT incident involving unauthorised access to part of our network. There has been no operational disruption and the organisation continues to function as normal to build a better future for children across the world.
We are working hard with external specialists to understand what happened and what data was impacted so we can take all the appropriate next steps.”
Read more about this story here.
Details belonging to charity donors exposed
Hundreds of people who have donated to some of the most high-profile charities in the UK have had their personal details stolen following a major cyber-attack.
An attack was launched against survey company About Loyalty, who work with more than 40 charities, including the RSPCA, Dogs Trust and Battersea Dogs and Cats Home. The data stolen in the attack is said to include victim’s surnames, parts of their home address, email address and amounts of money they have donated.
While the total number of people affected has not been confirmed, it is thought to be in the hundreds of thousands.
Read more about this story here.
The latest data breach news and announcements
ICO calls on public authorities to stop using spreadsheets in FOI responses
The Information Commissioner, John Edwards, has called on public authorities to stop using original source Excel spreadsheets when responding to Freedom of Information (FOI) requests.
This is a direct response to a number of high-profile data breaches where personal information has been accidentally shared in spreadsheets that were shared as a part of an FOI response.
The advisory notice from the ICO recommends that public organisations should:
- Immediately stop uploading original source spreadsheets to online platforms used to respond to FOI requests.
- Continually provide training to staff who are involved with disclosing information.
- Avoid using spreadsheets with hundreds or thousands of rows and instead invest in data management systems which support data integrity.
Read more about this story here.
ICO promises not to punish organisations that share information to protect children at risk
The ICO has promised not to punish any organisations that share information that helps to protect children and you people from serious harm.
This promise comes as the ICO publishes new guidance to address concerns from organisations that would be afraid to share certain information in the fear that they would fall foul of data protection laws.
John Edwards released a statement to confirm this, saying: “Data protection law helps organisations share data when required. Our guide will support senior leaders to put strong policies, systems and training in place, so their staff are encouraged and empowered to share data in an appropriate, safe and lawful way.”
Read more about this story here.
Speak to our legal experts about a data breach
The impact of a data breach can be substantial. Besides the potential for financial losses, learning that your data has fallen into the wrong hands can be an incredibly distressing experience.
Any organisation that holds your personal data has a range of legal obligations. This includes keeping the data secure. If they fail to uphold these obligations, this could mean that any affected parties will be in a position to claim compensation.
At Hayes Connor, our specialist data breach solicitors have a wealth of combined experience and expertise in handling data breach claims. This means that we are well-positioned to provide the support you need and help you understand how best to proceed.
We will take the time to establish the details of your case, the impact it has had on you and your family and the level of compensation you may be able to receive.
For further information on our data breach expertise and how we handle claims, see here.
To start a data breach claim, you can use our online claim form.