Welcome To The Data Leak Lawyers Blog

We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.

unsecured database compensation claims
August 03, 2021

NHS cyber-skills shortages reduced

According to recent data analysis by Redscan, Trusts have begun to deal with and address NHS cyber-skills shortages in the past two years, although there is still a lot of ground to cover to tackle the problem of data breaches within the health service. In 2018, it was reportedly revealed by Redscan that around a quarter of NHS Trusts did not have security professionals, whereas now, the figure has dropped to 15% of Trusts.

Despite an average decline in the number of NHS data breaches reported to the ICO, it is still clear that personal information is still not being granted the full security it deserves. In our view, there is still a lot of work to be done to ensure all NHS Trusts have the appropriate cybersecurity and data protection breaches needed to keep data safe.

We have represented many clients for a number of NHS data breach cases over several years, so we have seen just how devastating the effects can be when sensitive medical information is compromised. In accordance with UK data protection law, every citizen has a right to strong data protection, which is why we can help victims of data breaches to assert their rights by making compensation claims.

read more

By Author
new report uncovers councils lack of cybersecurity systems
August 02, 2021

Wiltshire Council social worker sentenced over breach of trust

A former Wiltshire Council social worker has reportedly been taken to court over a “serious breach of trust”, having been found to have accessed sensitive information without reason or authorisation.

As a social worker, the individual in question was granted certain data access privileges. It has been reported by the Gazette and Herald that she abused her position in a way that could have put the privacy and safety of vulnerable people at risk.

Social workers naturally have a high level of trust invested in them, so it is understandable that there is a no-tolerance policy for any employees who breach this trust. Social services data breaches like this can have severe consequences for those affected, particularly where vulnerable minors are involved, as their personal details often must be kept under highly restricted access in order to protect them from abusive adults. We represent people for these kinds of cases quite a lot. As such, it is essential that anyone who threatens to compromise the need for data protection is punished accordingly.

read more

By Author
Dyfed-Powys Police enforcement notice
July 30, 2021

Hampshire police officer barred from service for accessing private data without authorisation

It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the police service again after it was found that he accessed private records without a valid policing reason. The Special Constable in question is understood to have resigned from his position before superiors could dismiss him for his data snooping.

While police officers are granted information access to records and details that are needed for casework, they are not authorised to view or use information outside of their policing workload without any good reason. Campbell violated his professional duty by accessing information without a legitimate reason, reportedly only browsing the records due to “curiosity”.

Regardless of the motives of the Hampshire police officer, there is no excuse for breaching data protection law. We trust the police service to maintain strict control over personal information, so it is important that any officers who breach the duty they owe to the public are held accountable for their actions.

read more

By Author
prevent data breaches
July 28, 2021

Are employees responsible for cybersecurity errors and data protection breaches?

In many cases, data protection breaches arise as a result of human error. A CybSafe analysis of data breaches reported to the ICO found that 90% of UK data breaches in 2019 were caused by user mistakes. The employees responsible for cybersecurity would, therefore, seem to be failing to adhere to data protection law, but there is much more to it than that.

Despite the high incidence of human error, it is employers who bear the ultimate responsibility for upholding data protection at their companies. This can mean that, when a data breach occurs, organisations may be liable to pay compensation. If you have been affected by a data breach caused by an employee, you can still have every right to make a claim and recover compensation from the organisation as a whole.

read more

By Author
letter is sent to the wrong address
July 27, 2021

Postbox theft causes data breach at Hellesdon Medical Practice

A recent postbox theft at a GP surgery in Norwich has demonstrated the sometimes unexpected forms that data crime can come in. In late May, Hellesdon Medical Practice is understood to have informed its patients that a postbox had been stolen by an unknown person, causing a severe data breach due to the private correspondence it contained.

Data security incidents like this may be relatively small in scale compared to the huge cyberattacks affecting large companies in the digital age, but they still have the potential to severely impact the victims. The Hellesdon Medical Practice data breach also raises questions about how we can ensure the security of documents sent in the post, particularly when we don’t have the benefit of firewalls and encryption, as we often do in digital data transfer.

Any data exposure incidents involving physical records should be treated with the seriousness they deserve, as they can still constitute a breach of data protection law. Where a third-party data controller fails to effectively protect your information, you could be eligible to claim compensation for the harm caused.

read more

By Author
Have I Been Pwned
July 26, 2021

Redcar and Cleveland Council cyberattack

In February last year, it was revealed that Redcar and Cleveland Council had fallen prey to a cyber-attack, bringing many of its online resident services to a standstill for a prolonged period of time. Although systems were eventually repaired and services reinstated, the effects of the cyberattack are still being felt now, over a year after the attack, primarily in the huge financial toll it took on the council.

In fact, the government has been set to intervene to help the council with the funding, after millions of pounds were expended on the effort of rebuilding its systems. The prolonged recovery work raises questions about whether Redcar and Cleveland Council’s systems should have been stronger in order to defend against the attack in the first place, and whether the council had an attack response plan in place before they were hit.

This all shows how costly an attack can be, and why it is always so much better to take preventative action instead of an event taking place.

read more

By Author
police data breach
July 23, 2021

Northamptonshire detective data breach

Despite looking up private police records without authorisation, a Detective Sergeant has recently evaded dismissal following a misconduct hearing. In the Northamptonshire detective data breach case, the Detective Sergeant reportedly looked up the details of a woman with whom he was engaging in an extra-marital relationship with at the time, who was involved in a case he was working on.

His actions reportedly amounted to misconduct, so the Northamptonshire Police appear to be sending mixed messages by not taking the matter any further. The police can, and often do, dismiss officers for similar offences, but this officer’s acceptance of the accusations against him, and his standing in the force, seem to have allowed him to avoid further consequences.

Police data breaches like this should be treated with the severity that they merit, taking account of the potential damage such actions can cause. Police services cannot afford to let employees off lightly for breaching data access regulations, as doing so could risk compromising the force’s reputation and its overall data security and integrity.

read more

By Author
police data breach claims
July 21, 2021

Claims for Police Federation of England and Wales data breach

Around two years ago, the Police Federation of England and Wales was hit by a cyberattack, and we began taking claims forward soon after the data breach incident occurred. Although it was initially believed that no personal information affected, it was nevertheless a possibility that employee data may have been exposed to unauthorised access.

The case against the Police Federation is one of many data breach group actions we are pursuing. As leading specialists in data breach claims, we are fighting for justice in a number of high-profile actions, including those against Equifax, Virgin Media and British Airways.

As with all our data breach group actions, we are offering No Win, No Fee representation to eligible victims of the Police Federation data breach. You can contact us today if you are considering starting a claim.

read more

By Author
unlawful disclosure of accident data
July 20, 2021

AX data breach (Accident Exchange) – make your compensation claim

We have been approached for help following the Accident Exchange – AX data breach – which is understood to have occurred earlier this year in January. The company is said to have suffered a cyberattack which led to the exposure of client information, with an external third-party accessing the company’s systems.

Those affected by the breach have recently been notified by AX (formerly Accident Exchange) that their personal information might have been affected, though it is still unclear exactly what details may have been exposed in all cases.

We have already begun taking on claims for those affected, who could be in line to receive compensation for the exposure of their private data. All companies are legally obliged to protect the data in their possession and, when they fail to do so, they can be liable to pay damages for a breach of data protection law.

read more

By Author
data breach
July 19, 2021

NHS CCTV cameras associated with worldwide hack

NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.

Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.

It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.

read more

By Author

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon