Somerset Council email data breach
A number of people who have tested positive for COVID-19 have had their identities shared without their consent following an error by Somerset Council.
The Director of Public Health for Somerset recently contacted an unconnected group of people who had tested positive for COVID-19 via email. However, every recipient was copied into a single email, meaning each person’s email identity was revealed.
Somerset Council have admitted responsibility for the breach, though they are yet to make an official statement regarding the incident.
How Common are data breaches of this nature?
It is possible for anyone to commit a data breach, regardless of their position within an organisation. This was proven to be true in this instance, as a director appears to be responsible for the breach.
Breaches could simply be down to human error, or due to more malicious activity, such as cybercriminals accessing a company’s systems.
We recently commissioned a study of UK office workers to investigate how companies have been dealing with data protection issues while working from how during the COVID-19 pandemic. The study looked closer at how frequently data breaches have been occurring and what companies are doing to prevent them.
To find out more, read the results of the survey here.
What to do if you are worried about the Somerset Council data breach
If you have been affected by the Somerset Council email data breach, then you should have already been contacted. If you have not been contacted by Somerset Council, then you should speak to them directly to confirm whether you have been affected and what steps they will be taking next.
Although the scope of this data breach is relatively contained, it is still possible for the data to fall into the hands of people who could use it for fraudulent purposes.
It’s therefore important to be vigilant of any emails, phone calls or communication you receive, particularly from people who claim to be representing Somerset Council. These could be ‘phishing’ attacks which are aimed at extracting further personal information from you.
There are a number of steps you can take to minimise the risk of your data being used by cybercriminals. For further information, take a look at our guide to what to do if your data has been stolen in a data breach to find out more.
You may also want to consider whether you are entitled to compensation following the Somerset Council data breach. This is something the team at Hayes Connor can discuss further with you.
How can Hayes Connor help you?
Any organisation that holds your personal data has an obligation to keep it secure. That will mean the organisation is required to have clear processes and checks in place that prevent breaches such as the accidental sharing of private information.
Hayes Connor have one of the largest teams of data breach claims specialists in the country, who have a wealth of combined experience advising victims of cybercrime and data breaches.
If you are a victim of the Somerset Council data breach, we will be able to advise on what steps you need to take, whether you are entitled to make a claim and the level of compensation you could receive.
Our goal is to ensure that victims of data breaches are able to get the compensation they deserve, while keeping the claims process as simple and stress free as possible. To find out more, you can learn about our expertise and how we handle data breaches here.