October Data Breach Roundup

  • Posted on

October was another busy in the data breach industry, with plenty of high-profile incidents taking place in a number of different sectors.

This is our short roundup of the most significant data breaches that hit the news in October, as well as some notable updates related to the wider data breach industry.

Have you had your personal data exposed in a data breach? Looking for expert advice and support? Please get in touch today.

The biggest data breaches uncovered in October 2021

Former Tesco employee awarded compensation after supermarket loses medical records

A former Tesco employee was awarded £3000 in compensation after the supermarket was found guilty of losing 15 years of her employment records - including sensitive medical information.

Jacqueline Ogborne, who had previously worked for Tesco for over 30 years, claimed that the data breach left her feeling ‘violated’. The lost data included counselling notes and personal medical information about her post-natal depression.

Ben Brown, a litigation executive here at Hayes Connor, successfully took on the case, saying: “Employers need to do more to keep the information they hold about employees safe and secure.

“We are seeing more and more cases like this, where employees are discovering that private information has been misplaced or lost.”

Read more about this story here

Streaming platform Twitch experiences catastrophic data breach

Streaming platform Twitch confirmed that they were the victim of a major data breach in October, where more than 100GB of data was posted online.

The data was said to include both company information and streamers’ earnings. Acknowledging the breach, Twitch said that it was caused by a “server configuration change” that exposed some data. The platform has not, however, confirmed whether all of the data posted online is genuine.

Twitch’s statement on the matter simply read: “As the investigation is ongoing, we are still in the process of understanding the impact in detail.”

Read more about this story here

Hundreds of professional footballers threaten legal action Over data misuse

Hundreds of professional footballers have grouped together, threatening to take legal action against the data collection industry for the unsolicited trading of their performance data.

The players are said to receive no legal payment for the unlicensed use of their data which their legal team say contravenes General Data Protection Regulations (GDPR).

Russell Slade, a former professional manager, is leading the group. He said of the matter: “It's incredible where it's used. On one player, and I'm not talking about a Premier League player or even a Championship player, there was some 7,000 pieces of information on one individual player at a lower league football club.

“There are companies that are taking that data and processing that data without the individual consent of that player.”

Read more about this story here

HIV charity hit with heavy penalty for data breach

The Information Commissioner’s Office (ICO) dealt HIV Scotland with a £10,000 fine in October after the charity sent out an email containing the personal information of 105 people.

All of the email addresses were visible to recipients, with 65 of those addresses identifying people by name. The ICO claimed that an assumption could then be made about individuals’ HIV status.

The new interim chief executive for HIV Scotland, Alastair Hudson, said that the charity took full responsibility for the breach, and apologised to anyone who had been affected by the incident.

Read more about this story here

The latest data breach news and announcements

Information Commissioner discusses data breach guidance for the media sector

Information Commissioner Elizabeth Denham published a blog post in October, discussing data protection guidance and how this relates to the media sector.

The blog linked back to the ICO consultation on the draft journalism code of practice, which centres around processing personal data for the purposes of journalism. The code itself provides practical guidance to help individuals get a better understanding of data protection law so that they can comply effectively with its requirements.

In the blog, Denham claimed that journalists can be reassured data protection law and the code will not step them from doing their job of informing the public and holding others to account.

Read more about this story here.

Joint statement released on global privacy expectations of Video Teleconferencing companies

Back in July 2020, six data protection and privacy authorities from Australia, Canada, Gibraltar, Hong Kong SAR, China, Switzerland and the UK signed an open letter addressed to video teleconferencing companies.

The letter raised concerns about whether privacy safeguards were up to scratch, especially as the rise of video teleconferencing services were on the rise.

It’s claimed that the dialogue resulting from this open letter have proven to be effective and mutually beneficial, indicating that this particular model of engagement will be replicable in other similar situations.

Read more about this story here.

Speak to our legal experts about a data breach

If you are unfortunate to have been the victim of a data breach, it may be possible to make a claim for compensation – even if you have not suffered any specific or financial loss. Any company that handles your data is legally obliged to keep it secure and failure to do so may led to substantial damages.

At Hayes Connor, we have one of the largest dedicated teams of data breach specialists in the country, with a wealth of combined experience representing a wide range of clients with various types of data breaches.

Our expert team can work alongside you to help clarify whether you have a claim, how the claims process works and the level of compensation you may be able to receive.

We aim to ensure that anyone affected by a data breach is able to access the compensation they deserve, making the claims process as straightforward as it can be for our clients.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form.