We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
Many data breaches occur not because of sophisticated hacks, but because of failures in cybersecurity defences. In such cases, the blame can primarily fall on the head of the data controller, who may have failed in their duty to protect personal information. For example, a potential data breach arose when a configuration issue in the systems of Network Rail left rail passenger data accessible online.
The error is one many companies cite when a data breach occurs, and one which can be indicative of systematic failings within an organisation. It often only takes one mistake or flaw to make a substantial hole in an organisation’s cybersecurity defences. As good cybersecurity is a key tenet of data protection law, data controllers with weak or faulty cybersecurity can be found in breach of the GDPR. The wider defences are only as good as the weakest link.
Where the GDPR is breached, those affected by the exposure of their information may be eligible to make a compensation claim. At Your Lawyers (T/A The Data Leak Lawyers), we represent data breach victims as a leading data breach claims law firm to fight for the justice that they deserve.
The recent COMB breach is being labelled as the biggest data leak of all time, with billions of email addresses and passwords exposed online.
The pairs of emails and passwords are said to amount to 3.2 billion, meaning a huge proportion of internet users may have been affected.
The COMB breach is damning proof of the cybercrime crisis affecting the world, suggesting that data theft appears to be out of control. Although cybercriminals are developing more sophisticated ways of hacking databases, it is also true that some data controllers are not taking their data protection duties as seriously as they need to be. The monumental COMB breach should be a wake-up call to all companies and organisations that hold and process private information, particularly those which do not have the cybersecurity defences that the law requires of them.
In early March last year, it was revealed that LOQBOX, a UK financial services company, had been hit by a cyberattack. In the fallout, it emerged that the LOQBOX cyberattack had exposed customer data, so we began early investigations into the circumstances and consequences of the data breach.
Although news of the breach broke over a year ago, those affected still have time to make a compensation claim for any harm that they have suffered. If LOQBOX is found to have endangered customer information due to poor data protection practices, there must be repercussions.
To find out if you might have a claim to make, you can call us today or request a call-back using our online form.
The Competition and Markets Authority (CMA) has recently disclosed figures for the data breaches that have affected the UK government regulator. They reportedly revealed that a total of 150 breaches have occurred over the last two years. The competition regulator data breaches are worrying given the CMA’s role in upholding the law, which requires them to handle a large amount of private information, some of which can be sensitive.
The importance of cybersecurity should now be well known to all businesses and organisations, as many can be prime targets for hackers and fraudsters searching for information to misuse. The malicious intent of cybercriminals should give organisations that sense of the importance of data protection. However, it appears that the CMA may not have been able to adopt the caution required of an organisation with such sensitive data handling responsibilities.
An employee in the motor industry has reportedly been prosecuted for the unlawful disclosure of accident data, which she illegally recorded and sold on for use by another company.
The ICO (Information Commissioner’s Office) has confirmed that a former employee of the RAC collected road accident data from the car insurance and roadside assistance company. It is then reported that she passed data on to the director of an accident claims firm.
The incident shows how personal data can be a valuable criminal asset and is a disturbing account of how the trust of customers can be broken when criminals decide to misuse data for their own profit. At the same time, it is reassuring that such criminals can be detected and punished under the law.
At Your Lawyers – The Data Leak Lawyers – as leading data breach claims lawyers, we aim to hold those responsible for data breaches to account for their actions. As such, if you have suffered as a result of having your data exposed, we are here to help you claim the compensation that you deserve.
Arup, an international professional services firm, has reportedly suffered a recent data breach, after their third-party payroll provider succumbed to a cybersecurity incident.
The payroll information of current and former employees is understood to have been affected, with Arup contacting those whose details have been compromised. We cannot yet put a number on the scale of the breach but, based on the information disclosed to customers, the Arup data breach may have affected many of the company’s employees.
We have already begun taking on cases for affected claimants, who may be entitled to recover compensation for the exposure of their personal data. If you have been notified of your involvement in the Arup data breach, please do not hesitate to contact us for free, no-obligation advice on your potential compensation claim.
According to an article from HoldtheFrontPage, the Midlands News Association has recently suffered a data security incident that led to the publication of private details belonging to journalists.
This is understood to have included journalists who were employed by the newspaper as far back as 2011. It is believed that an unauthorised third party was able to access the data, and that they chose to post the stolen information online.
All data controllers have a legal responsibility to ensure that the data disclosed to them is stored and processed securely. If they ever fail to uphold this duty, they can be held to account under the law. If it is found to have breached data protection law, the Midlands News Association could be liable to pay compensation to those affected. Anyone who has been notified of their involvement in the data breach can contact us to make an enquiry about their potential compensation claim.
In the penultimate week of March, retail chain Fat Face reportedly sent an email to customers notifying them of a breach that had first been identified in mid-January. Reportedly sent to thousands of affected customers, the email revealed that private data had been accessed by an unauthorised user for a limited period of time. It has also been alleged that customers were told to keep the notification of the Fat Face data breach private, and that the company has allegedly paid a ransom to a cybercrime gang.
These claims have yet to be fully verified, but there are still several issues arising out of the Fat Face data breach. The company’s notification to customers appears to be delayed at best, which raises questions about whether Fat Face followed the correct data breach notification procedures. At this stage, we do not know, and we will need to find out.
In any case, the victims whose private information was exposed could now fall victim to data misuse. If it emerges that Fat Face was at fault, victims may be eligible to make compensation claims, and we are already taking claims forward for this incident.
Amey has joined the growing list of construction companies affected by hacks, after suffering the blow of a ransomware attack in mid-December last year. The Amey cyberattack reportedly exposed extensive company data, including information relating to employees and business transactions.
With much of the data being dumped on the hacker group’s leak site, the cyberattack has produced a substantial breach of company privacy that could significantly affect the operations of the infrastructure support service provider. As a giant of the industry, the Amey breach will likely raise concerns in the UK construction sector, with other companies worrying if they may be the next target.
Data Privacy Day 2021 was marked recently on the 28th January, the fifteenth time the day has been celebrated. Also called Data Protection Day in the UK and Europe, Data Privacy Day commemorates the signing of the first international treaty that was legally binding for governing data protection and privacy, named Convention 108.
After what had been another eventful year of data breaches in 2020, we believe it is important for all individuals and organisations to start 2021 with a positive, proactive approach to data protection. The commemorative day at the start of the year should be valuable in raising awareness about issues relating to data privacy, yet nothing ever seems to change as we continue to see breach after breach after breach.
At Your Lawyers – The Data Leak Lawyers – we aim to empower victims of data breaches to take action against those who have failed to protect their data, to ensure that the consequences of data breaches can be learned. We feel that it is the most proactive way forward given that no amount of legislation or commemorative days appear to be making the difference that is really required.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.