June Data Breach Roundup

  • Posted on

If you can believe it, we are already halfway through 2021! It’s been a busier year than ever with regards to data breaches, with the trend continuing in June.

This is our short roundup of the recent work we have been carrying out to support victims of data breaches, as well as a closer look at some of the most notable data breaches that took place across June and updates related to the wider data breach industry.

Have you had your personal data exposed in a data breach? Looking for expert advice and support? Please get in touch today.

Our recent work supporting victims of data breaches

Current and former employees’ data put at risk in Beaumont Morgan data breach

All current and former employees of the property construction and design specialists Beaumont Morgan Developments Ltd have had personal and financial data exposed following a cyber-attack on the company’s servers.

The data stolen in the attack is said to potentially include:

  • Names
  • Address
  • National insurance numbers
  • Dates of birth
  • Bank details

Read more about this story here.

Grosvenor Casinos suffer cyber attack putting over 1000 members’ personal data at risk

Over a thousand members of the casino chain Grosvenor Casinos have been notified after their personal data was breached in a recent cyber attack.

In confirming the breach, Grosvenor Casinos have claimed that the attack involved criminals using email addresses already in their possession to access the casino business’s systems. Member data that was exposed is said to include names, addresses and dates of birth.

It has not been made explicitly clear what email addresses the attackers had access to and how they were able to access them in the first instance.

Read more about this story here.

Flamingo Horticulture suffer data breach following ransomware attack

Flamingo Horticulture, a core agricultural supplier to a number of leading UK retailers suffered a significant data breach following a ransomware attack.

The company sent out a letter to affected customers, some five months after the incident initially occurred. Flamingo have not made a public statement regarding the exact nature and how many customers have been affected.

It has been reported that personal data has appeared on the Dark Web, and includes names, addresses, NI numbers and Bank Account details.

Read more about this story here.

LSH Auto UK contact current and former employees to report data breach

LSH Auto UK have sent out a letter to current and former employees, reporting a security incident which led to the unauthorised access of personal data.

The company’s IT services provider reported a cyberattack on 3 June 2021 which disrupted access to their information systems and availability of information. It is also the incident which led to LSH’s servers being accessed.

The data stored on those servers included information stored in their HR systems, which means a wide range of sensitive information fell into the hands of cybercriminals.

Read more about this story here.

French Connection UK experiences ransomware attack leading to data breach

French Connection UK (FCUK) were hit by a ransomware attack in June which led to a significant breach of private internal data.

The cybercriminals responsible for the attack, said to be affiliated with the REvil hacker group, exploited a security vulnerability and stole internal company data before demanding a ransom for its return.

It is not clear exactly what type of data has been breached, but FCUK have stated outright that the breach does not relate to customers. The same assurances have not been made for current and former employees.

Read more about this story here.

The biggest data breaches uncovered in June 2021

GP’s mistakenly given online access to pensions data belonging to colleagues

A number of GP’s were mistakenly given access to other people’s sensitive pensions data, despite logging into their own account on the new Primary Care Support England (PCSE) portal.

When GP’s would look at their own accounts, the system would bring up a list of other people and their pension numbers. With this information, it would be possible to access someone’s complete payment details.

A spokesperson for the British Medical Association (BMA) said: “It’s vital that the new system is fully secure and compliant with data protection legislation, and that only relevant staff with appropriate permissions are able to access employees’ pension details when necessary.”

Read more about this story here.

Anglesey cyber-attack affects island’s five secondary schools

All five of the secondary schools on the Isle of Anglesey were hit by a cyber attack, which means that personal data was potentially compromised, including emails.

The County Council were forced to shut off IT systems at all five of the schools to contain the incident.

Anglesey Council chief Annwen Morgan stated: “We are working closely with other partners to support our secondary schools. Although we are not currently able to confirm that there has been a data breach, the Information Commissioner’s Office has also been made aware of the incident.”

Read more about this story here.

Confidential patient records left in abandoned care home

Boxes of confidential patient records, staff notes and sensitive files have been found in a derelict Norfolk care home.

Pine Heath nursing home in High Kealing close in 2017 and has since been abandoned and left to decay. After concerns were raised by members of the public, a local reporter was able to gain access to the site where they found piles of discarded private data.

A spokesperson for Norfolk City Council said: “Everyone has a right to expect their personal information to be stored securely, and the failure of the former care provider at Pine Heath to do so is a serious breach of both Data Protection legislation and their contractual obligations to Norfolk County Council.”

Read more about this story here.

The latest data breach news and announcements

Home improvements company hit with £130,000 fine by ICO

The ICO fined a home improvement company £130,000 for making more than 900,000 nuisance marketing calls which resulted in more than 50 complaints from members of the public.

Colour Coat Ltd of St Leonards on Sea, East Sussex made the calls over an eight-month period. The calls were made so numbers which were registered on the Telephone Preference Service (TPS) and Corporate Telephone Service (CTPS) which is for businesses.

Natasha Longson, ICO Investigations Manager, said: “This company had no regard for the law or for the people they were calling. Businesses employing these tactics are very likely to come to our attention. The catalogue of contraventions we uncovered, as well as the manner in which calls were made in this case, resulted in a fine and a legal notice to stop.”

Read more about this story here.

ICO Fines Conservative Party £10,000 for unlawful emails

The Conservative Party was fined £10,000 for sending 51 unlawful marketing emails to people who did not want to receive them.

This decision follows on from an ICO investigation relating to emails sent from the Conservative Party after Boris Johnson was initially elected as Prime Minister.

The ICO found the Conservative Party failed to retain clear records of the basis upon which people had consented to receive marketing emails, as required by law.

Read more about this story here.

ICO welcomes delay to launch of GPDPR

Information Commissioner Elizabeth Denham welcomed the decision to delay the launch of The General Practice Data for Planning and Research (GPDPR) data collection scheme.

Her statement read: “The appropriate use of health data is an important part of health and care research and planning in England, and better sharing of health data could offer substantial benefits. However, it is clear that there remains considerable confusion regarding the scope and nature of the GPDPR.

“It is sensible for NHS Digital to take more time to engage with its stakeholders, and consider the feedback it is receiving about its plans.”

Read more about this story here.

Speak to our legal experts about a data breach

If you are a victim of a data breach, you may be owed compensation. Regardless of whether you have suffered specific harm such as a financial loss, if your data has been exposed due to the negligence of others, you may be able to access substantial damages.

At Hayes Connor, we have one of the largest data breach claims specialists in the country, with a wealth of combined experience representing a wide range of clients on data breach cases.

Our expert team can work alongside you to help clarify whether you have a claim, how the general claims process works and the level of compensation you can expect to receive.

We ensure that anyone who is affected by a data breach is able to access the compensation they deserve, as well making the claims process as straightforward as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form.