fbpx

Data Breach
Year in Review 2022

A message from Kingsley Hayes

This year has been a big year for data protection. In July, the Data Protection and Digital Information Bill 2022-23 was introduced in the House of Commons. The Bill aims to “update and simplify the UK’s data protection framework to reduce burdens on organisations while maintaining high data protection standards”.

However, there are genuine concerns that by removing the current obligations on businesses – including ending the need for mandatory data protection impact assessments (DPIAs) – individuals could find themselves worse off. Nevertheless, there are positive proposals in the Bill, such as strengthening the Information Commissioner’s Office (ICO) and empowering the data protection regulator to take a more proactive approach to help organisations comply with the UK’s data protection laws. The Bill was due to have its second reading in September, but this has been pushed back and no new date has yet been set for this to take place.

As the pace of technological advancement continues, our data is used and shared with ever more organisations. As such, the risk of data breaches increases, especially as too many organisations are failing to take data protection seriously. Holding those who fail to meet their regulatory requirements to account, we are pursuing several group actions. And, in 2022, we were delighted to settle our Ticketmaster group action claim and make significant progress in other cases, including in our action against the Police Federation of England and Wales.

In our 2022 year in review report, our expert data protection lawyers take a look at some of the key cases and developments that occurred in the world of data breach law over the last 12 months.

Kingsley Hayes bio image

Kingsley Hayes

HEAD OF DATA BREACH

January 2022

We were shortlisted for 'Law Firm of the Year' at the LexisNexis Legal Awards

We were extremely pleased to announce that our firm was shortlisted for Law Firm of the Year at the 2022 LexisNexis Legal Awards. The Awards recognise and celebrate excellence and innovation across the legal sector.  

Vision Direct data breach exposed customer’s financial information

Vision Direct customers were informed that their financial information might have been compromised in a data security incident. The breach occurred after hackers accessed the Vision Direct website. Anyone who made a purchase online during the breach period could be at risk. Our Data Breach team launched an action to help those involved in the Vision Direct data security failure. 

Vision Direct header

We launched a Zoosk dating site data breach action

In 2020, dating website and app Zoosk was the subject of a cyber-attack resulting in the exfiltration of 30 million user records. This data was then posted for sale on the dark web. In January 2022, we launched a group action claim to help users in England & Wales claim compensation. 

Zoosk Dating

February 2022

We settled our Ticketmaster group action claim

We were delighted to announce that claimants represented by our firm had settled their High Court action against Ticketmaster.  

The claims for compensation were brought by in excess of 1,000 customers who claimed their data was compromised as a result of a cyberattack perpetrated on software supplied to Ticketmaster by a third party and operated on that third party’s systems and servers. Ticketmaster denied liability for the claims and the settlement was made on a no admission basis. 

The terms of the settlement are otherwise confidential.  

Ticketmaster App

We launched a Parasol data breach action

In January 2022, Parasol Group shut down some of its systems after it discovered “malicious activity” on its network. Parasol later admitted that personal data was accessed by cybercriminals. Some of this data has been shared online. In February 2022, we launched a group action claim to help users in England & Wales claim compensation.  

Speaking about the Parasol data breach in which cybercriminals accessed the personal information of contractors and employees. Kingsley Hayes, Head of Data Breach, said: 

“Going on what we’ve seen, there is data there that goes back as far as 2011 and 2009, so anyone who has used Parasol in the last 10 years – at least – could have some data on that [leaked] database.” 

Kingsley’s comments were published in Computer Weekly, 15 February 2022, and can be found here. This article was also republished in Techonnews and Knowledia, 16 February 2022. 

We launched an Ardagh data breach action

In May 2021, Ardagh experienced a cyberattack. In October 2021, the company became aware that stolen data taken from its systems had been placed on the dark web. And, in February 2022, nine months after the security breach, Ardagh wrote to employees to warn them that their personal information might have been exposed in the attack. We launched an action to help those involved in the Ardagh data security failure claim compensation for any distress or financial losses experienced because of this breach.   

Our firm took part in industry roundtable

We participated in the virtual Modern Law roundtable on the Role of Technology alongside senior representatives from Cripps Pemberton Greenish, Nexa Law, Spencer West, Ring Rose Law, Loch Associates and Millar & Bryce. 

March 2022

We celebrated IWD

Committed to fostering a culture of equality and diversity, we are passionate about supporting women in the workplace. Some of the ways we do this are through career progression, representation, and by celebrating the achievements of the outstanding women in our firm. 

To mark International Women’s Day (IWD) 2022, we shone a spotlight on some of the women who make our firm what it is. We were also proud to take part in an International Women’s Day Panel Event. 

Our firm was shortlisted for three categories at the Modern Law Awards 2022

We were extremely pleased to announce that our firm was shortlisted in three categories at the Modern Law Awards. 

The categories were Business Growth Award, Innovation of the Year, and Boutique Law Firm of the Year.  

We launched two new Data Breach group actions

Greencore

In December 2021, Greencore began to experience some IT disruption. Following the security failure, Greencore investigated the incident and uncovered that some HR data had been accessed. In February 2022, Greencore warned employees that their personal information might have been exposed. In March 2022, we launched an action to help those involved in the Greencore data security failure claim compensation for any distress or financial losses experienced because of the breach.      

Lister

As a result of a huge cyberattack, thousands of people had their confidential medical data breached and posted online. In total, 13 organisations were affected, six of which are healthcare related. Following the breach, in March 2022, we launched an action against The Lister Fertility Clinic. 

April 2022

We helped to establish the Collective Redress Lawyers Association

In March 2022, we were delighted to be one of the Collective Redress Lawyers Association (CORLA) founding members, alongside UK group litigation firms Edwin Coe, Hausfeld & Co, Leigh Day, Milberg London, and PGMBM.  

CORLA was established to promote and facilitate reforms and practice that provide effective and ever improving access to justice for claimants by way of collective redress.  

Further details about CORLA can be found here.  

We issued a notice of potential claim against Optionis Group Limited following the Parasol data breach

We launched an action to help those involved in the Parasol data security failure to claim compensation. And taking our case to the Courts, in March we issued a notice of potential claim against Optionis Group Limited. 

May 2022

News of our Parasol data breach claim was published in Computer Weekly

In May, news of our Parasol data breach claim published in Computer Weekly. You can read what we had to say about the Parasol data breach here. 

Kingsley Hayes highlighted the pitfalls of automated decision making

In May 2022, Partner and Head of Data Breach, Kingsley Hayes, highlighted the pitfalls of automated decision making and explained the importance of GDPR compliance when relying on algorithms to make decisions. Kingsley’s article was published in ITNow and can be found here. 

June 2022

We continued working to get justice for our clients

As we entered the summer months, our team continued to pursue several large group actions on behalf of our clients.  

Find out more about our current group action cases

When it comes to winning cases against big players, understanding the law is only half the battle. You also need experience. Our expert data protection lawyers have the legal expertise necessary to take on corporate giants and large organisations. And, in addition to our own legal know-how, where required, we also work with expert barristers to help us win our group action cases. So, we are confident that our team will get the results you deserve.

July 2022

Keller Lenkner UK became Keller Postman UK

On 4 July 2022, Keller Lenkner UK changed its name to Keller Postman UK.  

This change came as Warren Postman – one of Lawdragon’s 500 Leading Lawyers in America – stepped into a new role as Managing Partner in our US office. 

Keller Lenkner UK built an enviable reputation for taking on corporate giants. As Keller Postman UK, our work in group actions and mass litigation continues. We will also carry on representing individual clients seeking redress for violations of their legal rights. 

FIND OUT MORE 

We alerted people to a data breach at Airedale NHS Foundation Trust

In July 2022, we warned people about a data breach at Airedale NHS Foundation Trust. The breach involves ‘special category data’. Special category data is personal data that needs more protection because it is sensitive. As such, victims of this breach are likely to be extremely worried about this data security failure.  

August 2022

We launched two new data breach actions

Mainspring

In July 2022, Mainspring wrote to clients to alert them to a data breach. The security failure happened when hackers gained access to Mainstream’s systems and data and carried out a ransomware attack. In August, we launched a group action to help those involved in the Mainspring data security failure claim compensation for any distress or financial losses experienced because of this breach. Mainspring has contacted those affected, and we strongly urge anyone who has received this email to register with us. 

Nelsons

On 30 May 2022, Nelsons – a Derby-based law firm with branches in Leicester and Nottingham – experienced a cyber-attack.  The incident happened when an unauthorised third party gained access to part of Nelson’s systems and successfully copied a quantity of data. The stolen information includes client identity verification documents.  This action is now closed. 

We raised awareness of the GoDaddy data breach

Last year, web host GoDaddy discovered that it had breached some of its customer data. The GoDaddy data breach happened when hackers accessed one of the company’s databases. The affected databased held the credentials of 1.2 million managed WordPress customers. With more details coming to light about this breach, in August, we urged anyone who had received a notification about the privacy violation to get in touch with us to discuss a potential claim.  

September 2022

We were shortlisted for ‘Boutique Law Firm of the Year’ at The British Legal Awards

In September 2022, we were delighted to announce that we had been shortlisted for ‘Boutique Law Firm of the Year’ at the prestigious British Legal Awards 2022. The honours are “the premier legal awards in the UK” and represent the best of the best within the UK’s legal community.   

October 2022

We were ranked Band 1 for Group Litigation in Chambers and Partners UK 2023

In October 2022, we were ranked Band 1 for its Group Litigation expertise in the Chambers and Partners UK Guide 2023.  

Access our Chambers & Partners UK 2023 profiles, rankings and quotes here. 

We filed for a Group Litigation Order against PFEW

In October, we applied for a Group Litigation Order against the Police Federation of England & Wales over a 2019 data breach and ransomware attack which targeted its headquarters. 

Our firm currently represents over 12,500 officers across all ranks and service areas of the Police Force in relation to the severe data breach and ransomware attack targeting the Police Federation of England & Wales (PFEW) headquarters in 2019.  

News of this has been published in MLex, 25 October 2022, and can be found here. 

We signed the Greener Litigation Pledge

We recognise that our functions and operations have an impact on the environment. In response, we seek not only to reduce the environmental footprint of our own activities, but also the wider impact of dispute resolution. To help advance this aim, in September 2022, we signed the Greener Litigation Pledge 

The Greener Litigation Pledge is a commitment to action by solicitors’ firms, barristers’ chambers, lawtech companies, and other dispute professionals. In signing the Greener Litigation Pledge, we committed to taking active steps to reduce, with a view to minimising, the environmental impact of our practice in England and Wales, and to the reduction of our emissions in line with the objective of restricting global warming to 1.5°C. 

Kingsley Hayes discussed the government’s plans to publish a White Paper on regulating Artificial Intelligence

Head of Data and Privacy Litigation, Kingsley Hayes, discussed the Department for Work and Pensions, algorithms, and universal credit in relation to the UK government’s plan to publish a White Paper on regulating Artificial Intelligence.  Kingsley’s article was published by the British Computer Society, and can be found here. 

Eleanor Leedham was nominated for the Rising Star category at the inaugural Women and Diversity in Law Awards 2022

Eleanor Leedham bio image

In October, we were delighted that Legal Director, Eleanor Leedham was nominated for the Rising Star category at the inaugural Women and Diversity in Law Awards 2022. The awards, hosted by The Global Legal Post, celebrate equity and inclusion in the legal profession, and recognise outstanding individuals and teams making the UK legal profession more diverse. 

Eleanor Leedham commented on the Molly Russell inquest in the Daily Mail

Commenting on the Molly Russell inquest, Eleanor Leedham, explored whether a group action can be built against social media companies for failing to prevent users from viewing harmful content. Eleanor’s comments were published in the Daily Mail print edition, 1 October 2022. 

November 2022

We launched a group action claim against Suffolk Police

Highly sensitive personal information involving victims of sexual assault has been exposed following a data privacy leak at Suffolk Police. The information exposed in this data breach includes:   

  • The names, addresses, and dates of birth of victims  
  • Details of the alleged sexual offences committed. 

According to Suffolk Police, the privacy violation relates to inquiries into sexual offences and offences that occurred in schools which were reported between 1 April 2015 and 31 March 2019. 

We launched a group action to help those involved in the Suffolk Police data security failure claim compensation for any distress or harm experienced because of this breach.  

If you are involved in the Suffolk Police data breach, or suspect that you might be, contact us immediately. We can help you to make a no-win, no-fee compensation claim for the negligent treatment of your data and the breach of your right to privacy.   

December 2022

We launched a group action claim against South Staffordshire Water

In July 2022, South Staffordshire PLC, the parent company of South Staffordshire Water discovered that it had experienced a cyber-attack. When the water company first announced the cyberattack in August 2022, it was reported that the criminals had accessed the personal data of current and former South Staffordshire Water employees.   

Since then, South Staffordshire Water has been “working with leading forensic experts to investigate fully what happened”, and in a subsequent statement, the company confirmed that the “incident resulted in unauthorised access to some of the personal data we hold for a subset of our customers.” The affected details are believed to include:   

  • Customer names  
  • Customer addresses 
  • Account numbers and sort codes (if used to set up direct debit payments). 

In December, we launched a group action to help those involved in the South Staffordshire Water data security failure claim compensation for any distress or losses experienced because of this breach. 

Kingsley Hayes commented on the gap in data breach enforcement in Global Data Review

Partner and Head of Data and Privacy Litigation, Kingsley Hayes, commented on how a recent children’s data breach has revealed potential enforcement gaps in the UK, in Global Data Review. 

Kingsley’s full comments were published in Global Data Review, 11 November 2022, and can be read here

About Us

When it comes to legal support, large organisations are smarter and better resourced than ever before. And it can be difficult for some law firms to stand up to such strength when representing clients after a data breach.

Our data breach team has the legal expertise and resources necessary to take on the corporate giants. We have supported thousands of multi-claimant and group-action data breach clients, and we can do the same for you.

We are one of the most experienced multi-claimant law firms in the UK.

We represent clients in group actions with innovation, resources, and expertise.

We work with expert barristers to ensure you get the very best level of legal support available.

We have all the resources and global expertise necessary to take on complicated cases and win.

We have offices in London, Liverpool, Manchester, and Birmingham, and the technology to provide a nationwide service to clients across England & Wales.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.