News & Resources

Flagship Group Data Breach – customer and staff data compromised

  • Posted on

Social housing provider Flagship Group has been hit by a cyber attack with customer and staff data being compromised.

The attack took place on Sunday 1 November 2020 and resulted in most of the group’s systems being taken offline. Flagship Group said it believed the incident caused by a piece of ransomware called Sodinokibi in a suspect phishing attack.

Flagship Group has closed down its online systems while carrying out an internal investigation into how the attack occurred and what data may have been compromised. The police, the Information Commissioner’s Office (ICO), Action Fraud and the Regulator of Social Housing have all been notified.

A statement on the company’s website said: "We have continued to proactively take steps to contain the spread of the ransomware, which have been successful. However, we can confirm that despite our quick action, there has been some data encryption and some personal customer and staff data has been compromised, but we do not yet have a complete picture of all the data that has been encrypted."

Flagship group owns around 31,000 homes in the East of England, with tenants in Cambridge, Essex, Norfolk and Suffolk. It also builds and sells homes privately and had an annual turnover of £133.7 million in 2017-2018. The company employs 1,200 people across in roles including facilities, repairs, maintenance and heating.

David McQuade, Chief Executive of Flagship Group, said: “We take the privacy and security of our customer and staff data very seriously, and we’re very sorry it has been compromised.”

He added: “Our teams are working tirelessly around the clock to bring our systems back online, and we apologise for any inconvenience this may have caused.”

While is currently unclear exactly what data may have been compromised, the impact on customers and staff of Flagship Group could be significant, especially if financial information has been exposed. Potential consequences include financial fraud, as well as significant distress and embarrassment should personally sensitive data have fallen into the wrong hands.

Wondering if you may be entitled to compensation for the Flagship Group data breach? Please get in touch.

What to do if you are worried about the Flagship data breach

If your data has potentially be exposed in the Flagship data breach, the organisation should have contacted you to inform you of this. If you are a customer or employee of Flagship Group and have not been contacted, you should contact them directly to find out if your data is at risk.

You may also want to check whether your email address has been exposed using a website such as haveibeenpwned.com. This will tell you whether your data has been breached and what data may have been included in any breaches you are affected by.

To protect yourself again the risk of fraud, you should be wary of any emails, phone calls or other communications you receive, especially from people claiming to represent Flagship Group. These could be ‘phishing’ attacks aimed at extracting more personal information from you or scams intended to get you to transfer money to the scammers.

Do not share any personal information with, or make any payment to, anyone who contacts you unless you are absolutely sure that they are legitimate and there is a valid reason to do so.

There are also various steps you can take to minimise the risk of your data being used by cybercriminals. Take a look at our guide to what to do if your data has been stolen in a data breach to find out more.

It is also worth considering whether you may be entitled to compensation as a result of the Flagship data breach. This is something the team at Hayes Connor will be happy to discuss with you.

Are you owed compensation for the Flagship Group data breach?

When you share your personal data with an organisation, that organisation has a legal duty to protect that data. This includes having in place robust cyber security measures to prevent cyber attacks and clear processes to prevent data being exposed due to human error.

It is too early to yet say how the Flagship Group breach occurred and whether they failed in their legal duty to protect their staff and customers personal data. However, the Information Commissioner's Office (ICO) will carry out an investigation and, if ICO finds that Flagship Group did fail in its data protection obligations, anyone affected will be entitled to compensation.

A key point to realise is that compensation may be available even where there is no proof of harm caused. However, where a victim has suffered financial losses or emotional distress due to the breach, more substantial damages may be available.

How Hayes Connor can help you claim Flagship Group data breach compensation

Hayes Connor has one of the largest teams of data breach claims specialists in the country, with decades of combined experience. If you are a victim of the Flagship Group data breach, we can advise you on whether you are likely to have grounds for a claim, the level of compensation you may be entitled to and what you need to do to start a claim.

Our goal is to ensure that anyone who is affected by a data breach is able to get the compensation they deserve, while making the claims process as simple and stress-free as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form.

To speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135.

Find out how our experts can help you with your claim

Make a claim