Home / News & Resources / News & Updates / February Data Breach Roundup

February Data Breach Roundup

  • Posted on

As we make our way towards the end of winter and into spring, there seems to be no stopping data breach incidents from occurring across the UK.

Here you will find our short roundup of the most significant data breaches uncovered in February 2022, many of which were caused through human error of employees.

Are you a victim of having your sensitive information leaked in a data breach? Should you be looking for expert advice and support, please get in touch with the team at Hayes Connor today.

The biggest data breaches uncovered in February 2022

4,000 files stolen from the Scottish Environmental Protection Agency

Scotland’s auditor general recently, in February 2022, made it known that back in December 2020 on Christmas Eve, 4,000 files were stolen, the equivalent of 1.2GB of data, from the Scottish Environmental Protection Agency. The incident is believed to have cost £1.2 million. It’s presumed that the systems were accessed by cybercriminals due to human error.

Stephen Boyle, the auditor general, expressed, “Sepa had to recreate accounting records from bank and HMRC records. This made it difficult for the auditor to gain sufficient evidence to substantiate around £42m of its income from contracts.”

After an investigation into the incident, it was concluded that the expected culprit is an international, serious organised crime group.

To read more about the story, click here.

Isle of Man kettle safety control firm face cyber attack

Strix Group, who make kettle safety controls on the Isle of Man, confirmed that they had been targeted in a cyber attack, presumed to be carried out from a Russian origin.

Whilst the business certified that there was no impact on their customer’s orders or the business’s sales, they did verify that their systems were affected by the cyber attack. This meant during an immediate investigation into establishing the extent of the attack, the businesses systems had to be taken offline.

An investigation was made into the incident, but there is not yet any update. However, Strix stated it would “provide further updates as and when appropriate”.

To read more about the story, click here.

Four serious breaches reported by Redcar and Cleveland Borough Council

Recent reports clarify that Redcar and Cleveland Borough Council had to report four serious breaches to the Information Commissioner’s Office (ICO) during 2021.

In total, the council faced 60 data breaches in 2021, but only four were serious enough to be reported to the ICO. The first two breaches were documents that were disclosed to the incorrect people. The third reported breach was a sensitive document that went missing whilst on route to its intended destination, and the final breach was an “unauthorised access” with a subsequent disclosure of information.

To read more about the story, click here.

Vaccine trial in Corby resulted in participant’s sensitive information in email blunder

Research company Lakeside Healthcare Research had been operating trials of a new vaccine, called Valneva, across 27 different sites in the UK, with Corby being one of them. During the trial, an email blunder occurred, meaning a number of participants involved had sensitive details released.

The research company have since released a statement apologising for the accidental sharing of details.

To read more about the story, click here.

NHS data breach led to patient’s private medical information mistakenly shared

Tens of thousands of NHS patients’ confidential details were released in a leak. The leak was done through human error by a consultancy firm hired by the NHS, known as PSL Print Management.

The victims of the data breach had personal data shared through the release of confidential files, including hospital appointment letters for who women suffered from miscarriages, cervical screening test results and letters for surgery scheduled at Alder Hey Children’s Hospital, Liverpool.

To read more about the story, click here.

The latest data breach news and announcements

ICO disapproves Scottish Government and NHS National Services Scotland over failure to provide clear information of personal information storing

During the COVID-19 pandemic and the release of the COVID status app, the ICO worked alongside governments across the UK to ensure users’ personal data was protected.

Before the release of the NHS Scotland COVID status app, the ICO voiced their concerns about how the app was going to use people’s information, particularly the facial recognition technology.

Despite originally agreeing with the advice to halt the app release until matters were sorted, the Scottish Government and NHS National Services Scotland went ahead without addressing the ISO’s concerns over how the app didn’t comply with data protection law.

An investigation was launched into the matter, and a public reprimand was made. The ICO is currently waiting on action to be taken to address the concerns originally made before deciding whether additional regulatory actions are necessary.

The ICO Deputy Commissioner expressed, “The law enables responsible data sharing to protect public health. But public trust is key to making that work. When governments brought in COVID status schemes across the UK last year, it was vital that they were upfront with people about how their information was being used. The Scottish Government and NHS National Services Scotland have failed to do this with the NHS Scotland COVID Status app.”

Speak to our legal experts about a data breach

Being a victim of a data breach can be a daunting realisation, especially the concern of whether your private details are in the wrong hands. Even if you do not face a loss due to the breach, you could still be eligible to bring forward a compensation claim.

Businesses are legally required to rigorously follow the guidelines set out under GDPR to protect sensitive data, and if they fail to do so, you could be faced with substantial damages.

Our team of data breach solicitors at Hayes Connor have a wealth of combined experience and are specialists in the field. We take pride in having one of the largest data breach teams across the UK. No matter the extent of the data breach you have been a victim of, our team are here to provide personal support and practical guidance to overcome the situation.

We will carefully listen to your situation and establish whether you have a data breach compensation claim. Where we believe you do, we will clearly explain the claims process and the potential compensation you could be eligible for.

For further information on our data breach expertise and how we handle such claims, see here.

To start a data breach claim, you can use our online claim form.