Home / News & Resources / News & Updates / September 2022 Data Breach Roundup

September 2022 Data Breach Roundup

  • Posted on

As we head into the colder autumn months of the year towards Christmas, there is no stopping the data breaches, with two incidents affecting the education sector alone.

Here you can find our short roundup of the most significant data breaches that occurred in September 2022, in addition to our recent work in supporting victims of data breaches.

If you have recently been a victim of a data breach, you could be eligible to claim compensation. Our specialist solicitors for data breaches at Hayes Connor can provide the assistance you need.

Our recent work supporting victims of data breaches

Industry-leading recruitment company Acorn Recruitment suffers from cyber attack

A serious cyber attack led to numerous consumers’ sensitive data being leaked, including names, addresses, contact details, national insurance numbers, financial information such as bank details and ID documents, including passports, driving licences and national ID cards.

Once the IT team at Acorn Recruitment became aware of the breach, they were quick to contain it, taking the impacted system offline to prevent a further impact.

The company was able to uncover those responsible for the breach after a thorough investigation into the cyber attack.

The incident has been reported to the Information Commissioner’s Office (ICO).

To read more about this story, click here.

The biggest data breaches uncovered in September 2022

Uber faces cyber attack

One of the largest and most used companies in the world, Uber, faced a cyber attack where their internal systems were accessed.

The hacker, an 18 year old, used social engineering to gain high-level access when he posed as an employee. The targeted employee then gave him a password, where the hacker was able to obtain an internal file, gaining access to almost everything.

The cyber attack was discovered after the hacker gained access to Slack, a communications platform used by Uber employees, and sent out a message informing them that Uber had faced a cyber incident in which internal databases were compromised.

To read more about this story, click here.

A multi-academy trust that runs six schools hit by cyber attack

A multi-academy trust serving six different schools in Hertfordshire with around 4,500 pupils has been subjected to a cyber attack.

The cyber attack meant all six schools were left without access to their digital systems for over a week, affecting the sending and receiving of emails.

The trust issued a public statement on their websites, saying: “Due to a serious IT issue we are currently experiencing difficulty in sending and receiving emails. Please contact the school by telephone should you have an urgent message. Thank you for your patience during this time.”

It is currently unknown whether any sensitive details have been compromised during the cyber attack.

To read more about this story, click here.

List of vulnerable children leaked in school email blunder

Wymondham High Academy in Norfolk accidentally released an email to all school pupils containing confidential mental health details of vulnerable students.

The email was supposed to be sent to staff members at the school but was instead sent to the 1,500 pupils who attend the school.

An Information Commissioner’s Office spokesman confirmed they have not received notification of the data breach.

The Headteacher, Jonathan Rockey, stated: "The senior leadership team within the academy is aware of the breach.

"This was an internal email sent by a member of staff to recipients within the academy community.

"However, the email should not have been distributed in the way that it was, nor should the information have been shared in this way.

"Our data protection officer is investigating the incident and is helping us determine the next steps.

"The academy has already contacted the parents and pupils directly impacted by this, as well as taking action to both recall and limit the distribution of the mail.

"The academy does not intend to make further comment at this point, as an investigation is currently under way."

To read more about this story, click here.

The latest data breach news and announcements

ICO publishes guidance on privacy enhancing technologies

A draft guidance on privacy-enhancing technologies (PETs) has been released by the Information Commissioner’s Office (ICO).

This draft was created by the ICO to assist organisations in sharing and using data they hold in a responsible, lawful and secure way. With this in place, the ICO hopes it will help to reduce the number of data breaches occurring by minimising the use of data and encrypting and anonymising sensitive information.

The UK Information Commissioner, John Edwards, said: “Although the use of PETs is in its early stages, it can unlock safe and lawful data sharing where people can enjoy better services and products without trading their privacy rights. In the UK, one example is the NHS building a system for linking patient data across different organisational domains.

“Today’s draft guidance is part of my office’s strategy for the next three years, where we will be supporting the responsible use and sharing of personal information to drive innovation and economic growth. PETs have the potential to do that, so we look forward to hearing from the industry and other stakeholders on how our guidance can help them achieve this.”

Speak to our legal experts about a data breach

Being involved in a data breach or having reason to believe your sensitive data has been compromised can be concerning, especially as there is no way to immediately tell what the consequences might be. Having your information exposed and stolen can be detrimental and cause considerable disruption to your and your family’s lives.

Under UK GDPR regulations, companies hold a responsibility when customers consent to their sensitive details being recorded and stored. Should there be a failure by a company to keep your data safe and secure, you may be entitled to data breach compensation.

No matter your data breach requirements, the team has exceptional knowledge and experience and is on hand to provide proficient support. Our data breach lawyers will always tailor our advice to ensure that it aligns with your needs.

When you choose to instruct the Hayes Connor data breach specialists, the team will carefully listen to your personal situation and the impact on you and your loved ones. This allows us to attend to you efficiently, delivering advice on the likelihood of success, along with the potential value of compensation.

For further information on our data breach expertise and how we handle such claims, see here.

To start a data breach claim, you can use our online claim form.