November Data Breach Roundup
With the festive season drawing closer, November was as busy a month as ever in the world of data breaches, with plenty of high-profile incidents taking place in various industries.
This is our short roundup of the recent work we have been carrying out to support victims of data breaches, as well as a closer look at some of the most significant data breaches that took place in November and important updates to the wider data breach industry.
Have you had your personal data exposed in a data breach? Looking for expert advice and support? Please get in touch today.
Our recent work supporting victims of data breaches
The Salvation Army suffer data breach following cybersecurity incident
The Salvation revealed that they had experienced a cybersecurity incident earlier in 2021, leading to a significant data breach. It has been confirmed that the unauthorised third party responsible for the cyber security attack were able to access personal data, including National Insurance numbers, bank account numbers, sort codes and personnel information.
The Salvation Army claims that there is no evidence the data has been misused or that the third party intends to misuse it in the future. However, there is no guarantee that this will remain true, especially as the data in question is particularly sensitive.
An external cybersecurity firm has been instructed to deal with the aftermath of the incident, while the police and other relevant authorities have also been notified.
Read more about this story here.
Labour Party suffers data breach exposing members’ private data
One of the biggest data breaches of the year saw the Labour Party expose the personal details of a significant number of its members, registered and affiliated supporters, and other individuals.
The breach occurred after the third party responsible for handling the data on the party’s behalf was attacked, meaning the data was inaccessible on their systems. No further details have been revealed regarding exactly what data was compromised.
Richard Forrest, Legal Director at Hayes Connor, said: “This is a real worry for everyone who has contacted us so far. The most important thing the Labour party has to do – immediately – is to let those who have been affected know exactly what has happened. What data has been breached? Is it financial? What steps have been taken to protect any other information?”
Read more about this story here.
The Lister Fertility Clinic experience data breach following ransomware attack
Around 1,700 patients of the Lister Fertility Clinic have been informed that their data has been compromised following a ransomware attack.
Stor-a-File Limited, the third-party responsible for scanning medical records on the clinic’s behalf, was hacked by a cyber-gang, advised that their systems had been compromised by a ransomware cyber-attack. This led to various pieces of personal information such as copies of passports, medical histories, test results and fertility treatment records being exposed.
The gang responsible for the attack made a ransom demand for the data, which was not paid by Stor-a-File. Some of the data was subsequently posted to the dark web.
Read more about this store here.
The biggest data breaches uncovered in November 2021
Hackers leak Kent school files following cyber attack
A limited number of files from a number of county schools in Kent were posted to the dark web in November, according to the Local Democracy Reporting Service (LDRs). Investigations are currently being conducted to establish the precise nature of the impacted data and the identity of any affected users.
The recent development is linked to a cyber-attack that took place in June 2021. The incident targeted Kent Learning Zone, part of an education network run by Cantium.
A spokesman for Cantium said: "We are working closely with the relevant authorities and the Information Commissioner’s Office to establish what happened.
“We will be in touch again with guidance and assistance, as appropriate."
Read more about this story here.
Patient records destroyed after care home data breach
Piles of private documents, which included sensitive patients records, were destroyed in November after they were previously left abandoned at the site of a former care home in Norfolk.
Norfolk County Council were forced to take the unusual step of destroying the records themselves as the care home provider, Diamond Care (UK) Ltd, has shut down.
An Information Commissioner’s Office (ICO) spokesperson has confirmed that, after conducting an investigation, no further action was necessary.
Read more about this story here.
Dorset Council due to be investigated for data breach
Dorset councillors have been informed that a potential data breach has been reported to the ICO. Though the breach is not said to be a ‘major issue’, there is no further information available to explain what data has been compromised and exactly what happened.
The breach is said to be limited to one council department and has been flagged as ‘amber’ in the council’s traffic light risk grading.
However, as Cranbore and Alderholy Cllr David Trooke outlined, the breach should not be taken lightly: “It could be technical or trivial, or it could be very serious. We need to know which end of the stick we are holding.”
Read more about this story here.
The latest data breach news and announcements
ICO calls on Google and other major companies to remove privacy risks posed by adtech
The ICO set out clear data protection standards that companies such as Google should meet to safeguard people’s privacy online when developing advertising technologies (known as adtech).
It acts as a warning to companies that are designing new methods of online advertising, outlining that they must comply with data protection law and stop the excessive collection of people’s data.
Information Commissioner Elizabeth Denham said: “We want to influence current and future commercial proposals on methods for online advertising early on, so that the changes made are not just window dressing, but actually give people meaningful control over their personal data.”
Read more about this story here.
ICO intends to fine Clearview AI Inc over £17 million
The ICO announced its provisional view to impose a potential fine of £17 million on Clearview AI Inc. This is focused on Clearview AI Inc’s use of images and data scraped from the internet and the use of biometrics for facial recognition.
The images in Clearview AI Inc’s database are likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online.
Read more about this story here.
Speak to our legal experts about a data breach
If you have been the victim of a data breach, you may be able to make a compensation claim – even if you have not suffered any specific or financial loss. Any company that handles your data is obligated to keep it secure, and failing to do so may lead to substantial damages.
At Hayes Connor, we have one of the largest dedicated teams of data breach specialists in the country, with a wealth of combined experience representing a wide range of clients with various types of data breaches.
Our expert team can work alongside you to help clarify whether you have a claim, how the claims process works and the level of compensation you may be able to receive.
We aim to ensure that anyone affected by a data breach is able to access the compensation they deserve, making the claims process as straightforward as it can be for our clients.
You can find out more about our expertise and how we handle data breach claims here.
To start a claim, you can use our online claim form.