How to protect yourself following the PFEW data breach

police data breach

The Police Federation of England and Wales (PFEW) has admitted to a severe data breach across a number of its databases. As a result, the personal information of some 120k police offices has been held to ransom. The data breach affects officers at all levels up to the rank of chief inspector.

If you have been affected by the PFEW data breach, you should have received an email to let you know. And, if you are worried about how this could impact you, here are some tips to help you stay safe.

  1. Understand the risk

To stay safe from cybercriminals you need to be digitally aware. Here is a quick summary to let you know what happened in this case:

  • The attack is thought to have impacted a number of PFEW databases. These include:
    • A database that holds the names, email addresses, NI numbers, ranks and serving forces of around 120,000 police officers
    • A booking system for the PFEW conference and hotel facilities in Leatherhead. Any guests who stayed at the facilities between 1 September 2018 and 9 March 2019 may have had their personal and financial details put at risk
    • The PFEW claims case management system. Members who requested PFEW assistance for an investigation, inquiry or complaint could have had their name, address, National Insurance number, and bank details accessed
  • A ransomware attack caused the breach. Ransomware is a type of malicious software. Typically cybercriminals use ransomware to threaten to publish data, or to block access to it unless a ransom is paid
  • There is no evidence that any data was extracted from PFEW’s systems, although this cannot be discounted at this stage
  • Local Federation branches have not been affected.
  1. Follow the advice given by the PFEW

The Federation has said that any officers concerned about fraud or lost data should contact Action Fraud. Advice can also be obtained from the National Cyber Security Centre.

A PFEW helpline is also available on 0800 358 0714. Opening hours are Monday to Friday 8am to 6pm, and Saturday and Sunday 9am to 3pm.

The PFEW website has the latest information and FAQs regarding this breach.

  1. Take steps to protect yourself

Those affected by the PFEW data breach should consider the following steps:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • If you are concerned that your financial details have been compromised contact your bank/credit card provider immediately
  • You may also want to consider a credit freeze until you are confident that your details are safe
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Look out for any bills or emails showing goods or services you haven’t ordered
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Beware of fraudsters who attempt to gather additional personal information (phishing)
  • Change your passwords on all your accounts.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

  1. Understand the possible impact the data breach could have on you

Unfortunately, while the Federation claims that the risk to data is low, in many data breach cases it can take months for the full impact and losses to become apparent.

We have seen instances where the financial losses only start to occur three to six months later. This is often because data stolen is used in batches over time.

What’s more, simply knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. Experiencing a data breach can result in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. For police officers knowing that their personal information could be in the hands of criminals is bound to be even more distressing.

So, as well as taking steps to keep your information and finances safe from further attack, it’s also worth keeping an eye on your state of mind and seeking help if you are distressed or worried about the data privacy violation.

  1. Claim for compensation

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, it is often the only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, we are now considering launching a no-win, no-fee group action to compensate victims of the PFEW data breach and cyberattack.

To ensure that you are fully informed and kept up-to-date about this action, simply fill in our quick form and we will notify you about the investigation and your legal rights when making a claim.