In June 2018, the Shurgard data breach came to our attention, and we began to advise those affected by the incident. It was found that an internal error had led to personal information about employees being mistakenly shared, allegedly with all employees in the company.
It may seem that internal company data breaches are not as severe as those that provoke widespread public data exposure but, in fact, incidents such as these can be highly serious for those affected. Data protection errors must be avoided in all circumstances, as even the most basic of mistakes can have harmful implications.
All businesses and organisations in possession of personal data have a legal obligation to protect this information to the best of their abilities. Where they fail to meet this obligation, it can constitute a breach of data protection law. Those affected by the Shurgard data breach, or any other incident like this, may have a right to recover compensation for a data breach incident. To hear more about your potential right to claim, contact our specialist data breach team for free, no-obligation advice.
The Shurgard data breach – what happened?
The Shurgard data breach arose in June three years ago, after a mistake was made when an employee sent an email. Instead of the intended recipients, the employee sent the email to employees who should never have seen its contents, namely the spreadsheet attachments that contained sensitive employee data.
It is believed that the email was meant to be sent to HR and managerial staff, who are typically the only members of a business with the right to access private data.
Instead of being completely open about the error made, it is understood that the recipients of the email were sent a follow-up message asking them to urgently delete the message, explaining that it was caused by an “IT system error”. The email also reportedly suggested to employees that the attachments could be dangerous, stating that opening them “may cause issues with your system”.
What information was leaked?
The personal data leaked in the Shurgard data breach was highly private, including details relating to disciplinary action and absences. The spreadsheets included information on the following subjects:
- attendance;
- grievances;
- attitudes;
- competencies;
- health problems;
- employees’ potential for progression;
- concerns over skills;
- health problems;
- suspensions;
- investigations into employees;
- probationary periods.
It is easy to understand why those affected by the incident may have become distressed. Nobody wants their colleagues to learn of such sensitive and private matters, and this is the kind of information that ought to remain strictly confidential.
Compensation claims for the victims
The Shurgard data breach may have been caused by a genuine mistake, but this does not exempt the company from its responsibilities or its duties. We believe that Shurgard failed to do enough to protect employees’ information, which is why those affected could be eligible to claim compensation.
Your Lawyers – The Data Leak Lawyers – as leading, specialist privacy compensation solicitors, were contacted for representation in the immediate aftermath of the breach. We want to enable those who have yet to claim to access the justice they deserve.
With our years of experience in data breach claims, we have the expertise to recover fair pay-outs for our clients. Contact our team for further guidance on your potential data breach compensation claim.