We represent people for police-related data incidents, and with this in mind, here’s a number of reasons as to why the recent Eurofins data breach is a worrying one.
In case you’ve not heard of this one, this relates to an organisation that the police outsource forensic work to. Eurofins reportedly process more than 70,000 cases per year, and deal with DNA analysis, toxicology, ballistics and computer forensics. As such, they can be at the heart of investigations into serious crimes, including murder, sexual offences and terrorism.
Worryingly, they were recently hit by a ransomware attack. This has led to a number of concerns about the security and quality of the work they carry out, and has caused significant disruption to police investigations.
Concerns following Eurofins data breach
The concerns in the wake of the Eurofins data breach are serious. Although the organisation has stated that there’s no evidence that data has been copied or stolen, how can anyone be fully sure?
If data that’s needed for serious criminal investigations falls into the wrong hands, it could seriously hamper the progress and outcome of a trial. Data belonging to victims that could end up in the wrong hands could include DNA, and news of this comes at an already traumatic time as well.
The delays that can be caused by this breach could have a serious impact on those involved in investigations.
Disruption caused by the ransomware attack
The Eurofins data breach incident has caused significant disruption with all work carried out by the forensics firm suspended in June 2019.
It’s understood that Eurofins – the largest forensics provider in the UK – deal with more than half of outsourced work for the police. There’s now a serious backlog which will no doubt cause undue stress for the alleged victims awaiting outcomes of investigations.
Could the Eurofins data breach lead to a GDPR fine?
The Eurofins data breach could lead to a GDPR fine issued by the UK’s data regulator, the Information Commissioner’s Office (ICO).
If the ICO considers that more could and should have been done to have prevented the ransomware attack, they may be held in breach of GDPR. If the issues caused by the breach are widespread and serious, this could mean a significant fine being issued.
Organisations can now be fined up to 4% of their global annual turnover. British Airways were recently hit with a provisional record-setting fine of £183m, which reportedly equates to 1.5% of their 2017 annual turnover.