Home / News & Resources / News & Updates / May Data Breach Roundup

May Data Breach Roundup

  • Posted on

May was as busy a month as ever in the world of data breaches, with the NHS, local councils and a national outsourcing company all being responsible for exposing personal information.

Our brief data breach roundup covers everything that happened in May, including the cases our specialists are currently supporting clients with, along with other data breaches that have taken place across the UK.

If you have been subject to a data breach, our specialist data breach solicitors can support you with the process of making a compensation claim. Please get in touch with a member of our team to discuss the details of your case today.

Our recent work supporting victims of data breaches

NHS trusts share sensitive patient data with Facebook

An investigation has revealed that 20 NHS trusts in England have been sharing intimate patient information with Facebook via a covert tracking tool.

The data gathered and shared through Meta Pixel could reveal ‘special category’ health data, which is considered to be extremely sensitive. The 20 trusts responsible for sharing the data serve a population of more than 22 million people in England.

The Information Commissioner’s Office (ICO) have confirmed that they will be looking into the matter further, with a spokesperson stating: “People have the right to expect that organisations will handle their information securely and that it will only be used for the purpose they are told.”

To read more about this story, click here.

The biggest data breaches uncovered in May 2022

South Lanarkshire Council publish personal details of employees

15,000 South Lanarkshire Council employees have been informed that their personal details have been compromised after they were mistakenly shared online.

Following a Freedom of Information (FOI) request, the data, including salaries and National Insurance numbers, was shared online.

A spokesperson for the council has confirmed that this was the result of a human error, as the response to the FOI was only supposed to include anonymised employee data.

The spokesperson for the council stated: “The error was noticed by the council and we arranged for that data to be removed.

“To the best of our knowledge, the information was not accessed, and we believe the data could not be used in a way that would be harmful to those involved.”

To read more about this story, click here.

Capita cyber attack leaves data unsecured online

After a previous cyber-attack in March, around 90 organisations have reported breaches of personal data held by Capita.

The ICO is now warning that hundreds of thousands of people could be at risk, with the pool of data being left unsecured online.

Organisations which work with Capita are now being encouraged to establish whether the personal data they hold has been affected by the previous attack or the exposed data.

Capita have stated: “Capita continues to work closely with specialist advisers and forensic experts to investigate the cyber incident and we have taken extensive steps to recover and secure the data.”

To read more about this story, click here.

Discord users notified of data breach following security leak

Users of the social platform Discord have been notified that their personal information have been exposed after the account of a third-party support agent was compromised.

It has been reported that the data breach exposed the agent’s support ticket queue. This contained email addresses, any messages exchanged between Discord support, and any attachments sent as part of the tickets.

Discord claims that the issue was immediately addressed, and the breached account was disabled upon discovery of the incident.

The social platform have contacted affected users, warning them that: “While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts.”

To read more about this story, click here.

UK gun owners at risk after NSRA data breach

Members of the National Smallbore Rifle Association (NSRA) have been warned about the potential of follow-up fraud and cybercrime after a recent systems breach.

The NSRA claim that the attack targeted their legacy servers which contain working documents. They are unable to confirm who exactly has been affected as they have no access to the servers.

Members have been urged to at least update the passwords to their account. Data belonging to gun owners can be extremely dangerous if it ever falls into the wrong hands, as it can be used by criminal gangs.

To read more about this story, click here.

The latest data breach news and announcements

ICO publishes new guidance on responding to Subject Access Requests

The ICO has published new guidance for businesses and employers on responding to Subject Access Requests (SARs).

A SAR provides an individual with the right to request a copy of their personal information from an organisation. This typically includes gathering details such as where the organisation got their information from, who they share it with and what they are using it for.

The new guidance provides answers to a wide range of questions which are commonly asked by businesses and employers.

More information regarding the new SRA guidance can be found here.

ICO clarifies how police abide by Data Protection Laws

The ICO have published some insight into the methods the police should use to make informed decisions about how and when to respect individual’s data protection during high-profile investigations.

This matter was brought into the spotlight following Lancashire Police’s decision to disclosure personal information in media statements during the search to find Nicola Bulley.

The tips for the police shared by the ICO can be found here.

Speak to our legal experts about a data breach

Learning that you are the victim of a data breach can be incredibly distressing. This is especially if your sensitive data has fallen into the wrong hands, and you are unsure where to turn next.

Organisations that handle your personal data are legally obligated to keep your data secure. If, for any reason, they fail to uphold this obligation, anyone who is affected may be able to make a compensation claim.

At Hayes Connor, our team of specialist data breach solicitors have a wealth of combined experience and expertise in handling all types of claims. When instructed, we can provide clear, practical support on the steps that you need to take to secure a positive outcome.

Our team will take the time to carefully understand the details of your case, the impact it has caused, the actions to take, and the level of compensation you could be entitled to receive.

For further information on our data breach expertise and how we handle such claims, see here.

To start a data breach claim, you can use our online claim form.