When it comes to GDPR failures and abuses, it is not just about data breaches. Today, too many organisations are failing to uphold our individual data rights in other ways. For example, at Keller Postman UK, we have seen an increase in cases involving a loss of control of data; typically following a ransomware or other form of cyberattack.
A ransomware attack happens when criminals access an organisation’s systems and prevent or limit access unless a ransom is paid. Ransom may also be requested to stop the criminals releasing sensitive data into the public domain.
High-profile examples of cyberattacks leading to a loss of data control include the Police Federation of England & Wales (PFEW) breach, The Hackney Council data breach, and more recently, the Simplify conveyancing security incident.
What happened in these GDPR data incidents?
The Police Federation of England & Wales (PFEW) data breach
In 2019, the PFEW suffered a severe data breach across several of its databases. This data privacy violation happened because of a ransomware cyber-attack. As a result of this attack, the PFEW suffered severe disruption to services. Backup data was also deleted. The names, email addresses, NI numbers, ranks and serving forces of around 120,000 police officers were compromised.
Despite this incident happening two years ago, the PFEW still has not admitted to its members why criminals were able to access its systems. By locking the PFEW out of its own systems and holding its members’ information to ransom, the breach resulted in a total loss of data control. This is a clear infringement of data protection laws.
The Hackney Council data breach
In October 2020, Hackney Council was hit by a serious cyberattack. The attack affected many of the council’s services and IT systems. Online services such as One Account and payments went down.
Local authorities handle some of our most sensitive personal data, so a data breach can be disastrous. Unfortunately, in our experience, reliance on unsecured legacy software and a lack of preparation for dealing with cyber-attacks has made the sector vulnerable.
The Simplify conveyancing data security incident
In November 2021, Simplify Group, a company that provides conveyancing services to several leading agencies experienced a ‘major security breach’ thought to be a cyber-attack. Multiple conveyancing firms were affected by the incident, including Premier Property Lawyers, JS Law, DC Law, and Advantage Property Lawyers.
Simplify was forced to take down many of its online systems, and, as a result, sellers and buyers across the UK were left in conveyancing chaos as they could not proceed or complete their transactions. Because they were unable to proceed with their sale/purchase, many of those affected had to find unexpected storage for possessions and temporary accommodation. As a result, they have lost out financially.
Get justice for a GDPR data rights failure
In our experience, in most cases, data security incidents of this scale usually uncover a catalogue of security errors within an organisation.
Finding out that an organisation lost control of your data can be extremely distressing. To make matters worse, if this information is eventually breached, it may be used to commit further crimes against you. So it’s no wonder that people commonly suffer emotional anguish, anxiety, and stress after such data security incidents.
With data hacks, ransomware attacks and breaches happening more and more often, something must be done to make organisations accountable for their failures to implement adequate data security measures.
At Keller Postman UK, we help people make successful loss of data claims to compensate them for any financial damage and/or distress experienced.