, ,

How to protect yourself following the PFEW data breach

police data breach

The Police Federation of England and Wales (PFEW) has admitted to a severe data breach across a number of its databases. As a result, the personal information of some 120k police offices has been held to ransom. The data breach affects officers at all levels up to the rank of chief inspector.

If you have been affected by the PFEW data breach, you should have received an email to let you know. Here are some tips to help you stay safe if you are worried about how this could impact you.

Understand the risk

To stay safe from cybercriminals, you need to be digitally aware. Here is a quick summary to let you know what happened in this case:

  • The attack impacted several PFEW databases. These include:
    • A database that holds the names, email addresses, NI numbers, ranks and serving forces of  120,000 police officers
    • A booking system for the PFEW conference and hotel facilities in Leatherhead. Any guests who stayed at the facilities between 1 September 2018 and 9 March 2019 may have had their personal and financial details put at risk
    • The PFEW claims case management system. Members who requested PFEW assistance for an investigation, inquiry or complaint could have had their name, address, National Insurance number, and bank details accessed
  • A ransomware attack caused the breach. Ransomware is a type of malicious software. Typically ransomware is used by cybercriminals to threaten to publish data, Or to block access to it unless a ransom is paid
  • There is no evidence that any data was extracted from PFEW’s systems. Although this cannot be discounted at this stage
  • Local Federation branches have not been affected.

Follow the advice given by the PFEW

The Federation has said that any officers concerned about fraud or lost data should contact Action Fraud. You can also get advice from the National Cyber Security Centre.

A PFEW helpline is also available on 0800 358 0714. Opening hours are Monday to Friday 8am to 6pm, and Saturday and Sunday 9am to 3pm.

The PFEW website has the latest information and FAQs regarding this breach.

Take steps to protect yourself

Those affected by the PFEW data breach should consider the following steps:

  • Informing the Information Commissioner’s Office (ICO) about your concerns
  • If you are concerned that your financial details have been compromised contact your bank/credit card provider immediately
  • Implementing a credit freeze until you are confident that your details are safe
  • Reporting the scam to the police
  • Contacting Action Fraud for advice on what to do next
  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Looking out for any bills or emails showing goods or services you haven’t ordered
  • Letting the credit reference agencies know of any activity that was not down to you
  • Registering with the Cifas protective registration service. This will slow down credit applications made in your name
  • Beware of fraudsters who attempt to gather additional personal information (phishing)
  • Changing your passwords on all your accounts.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Understand the possible impact the data breach could have on you

Unfortunately, while The Federation claims that the risk to data is low, in many data breach cases, it can take months for the full impact and losses to become apparent.

We have seen instances where the financial losses only start to occur three to six months later. This is often because the data stolen is used in batches over time.

What’s more, merely knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. Experiencing a data breach can result in adverse life events. For example,  having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. For police officers, knowing that criminals could have their personal information is even more distressing.

So, as well as taking steps to keep your information and finances safe from further attack, it’s also worth keeping an eye on your state of mind and seeking help if you are distressed or worried about the data privacy violation.

Claim for compensation

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. It is the only way organisations will be persuaded to take their responsibilities seriously, and make the necessary improvements.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, we are now considering launching a no-win, no-fee group action to compensate victims of the PFEW data breach and cyberattack.

Fill in our quick form to ensure that you are fully informed and up-to-date about this action. We will then notify you about the investigation and your legal rights when making a claim.