There has been a major Go-Ahead cyberattack that was reported at the start of this month, causing disruption to some of the company’s services and systems.
We have been contacted by concerned employees who are worried about whether their information has been misused or exposed as a result of the incident. We have received reports that there have been notifications issued to some employees, although it remains unclear as to whether any information has actually been exposed in the attack or not. As things stand, we are awaiting further information.
About the Go-Ahead cyberattack
It is understood that the Go-Ahead cyberattack, news of which emerged early this month, has caused disruption to the services and impacted the software used by the company for scheduling drivers. It is understood that the impact of the cyberattack also spread and may have affected the company’s payroll systems.
The major UK transport company said that it was working with expert IT specialists to try to maintain services as much as possible, and assured the public that they would keep people informed about any developments. The UK’s data protection watchdog, the Information Commissioner’s Office (ICO), has been made aware of the incident.
Concerns raised by employees
As a result of the Go-Ahead cyberattack, we have been approached for legal advice from people who are concerned that they may have been impacted. It has been reported to us that some people may have received notifications about the data breach, and there are concerns as to whether any information has been exposed or misused as a result of the incident.
As things stand, it remains unclear as to whether information has been misused or exposed. The company has been working quickly with IT experts to try to manage the incident, and we can only hope that they will be able to resolve the situation without information being exposed.
What happens if confidential information is leaked?
If you want to know what happens if confidential information is leaked following the Go-Ahead cyberattack, we can advise given our expertise in this area of law.
If the cyberattack results in personal information being leaked or exposed, those who are affected could be eligible to claim compensation in accordance with the GDPR. The GDPR can entitle the victim of a breach to recover damages for any distress caused by the loss of control of their personal information. If losses and expenses have been incurred then these can also be considered, but they are not essential to be able to pursue a case. In the vast majority of claims, victims are pursuing damages for the distress that has been caused.
Whilst it can be worrying when you are in the period of not knowing whether your information has been leaked or not, we normally pursue claims on the basis where information control has been lost. If data has been exported, copied, viewed, or otherwise misused as a result of a cyberattack, that is when a person could be eligible to pursue a case.
When it comes to cyberattacks, we must still prove that the company affected has been negligent in some way. Proving this usually comes down to whether there was more that the company could – and should – have done to have prevented the cyberattack. If this is the case, that is when people could be eligible to claim. To give you a simple example, the Equifax cyberattack of 2017 stemmed from the company failing to patch a known security vulnerability, so that, in our view, is clear negligence.
If you have been told that your personal information has been exposed or misused as a result of this incident or any other cyberattack or data breach, please do not hesitate to contact our team here now for free, no-obligation legal advice.