Following a data breach in early 2021, Ardagh “engaged leading industry specialists to conduct a forensic investigation” into the incident. This page explains how the Ardagh data breach happened.
In May 2021, Ardagh confirmed that it had experienced a cyberattack. In response, the company was forced to shut down some of its systems as a precautionary measure.
In October 2021, the company became aware that stolen data taken from its systems had been placed on the dark web. And, in February 2022, nine months after the security breach, Ardagh wrote to employees to warn them that their personal information might have been exposed in the attack.
The following employee data was accessed in the breach (although not every employee had the same information stolen and this might not be a comprehensive list):
This is a significant amount of personal information and the delay in notifying those affected meant that employees were not given the chance to secure their personal data for many months.
As information stolen in breaches is often used by cybercriminals, the delay in reporting the incident meant that Ardagh employees were left vulnerable to cyber fraud and scams. And, while Ardagh informed its employees that the dark web is “only accessible by means of special software” and “unlikely to be accessible by the general public” this did not lessen the risk.
The dark web is commonly used by hackers to sell data to other criminals. Similar data breaches have resulted in fraud, blackmail, and identity theft, so Ardagh employees were at high risk of being targeted by cybercriminals.
See our answers to the FAQs we get asked about the Ardagh Data Breach.
In May 2021, Ardagh experienced a cyberattack. Following investigations, personal employee data extracted during this attack was found on the dark web.
The stolen information included:
This might not be a comprehensive list.
If you were an Ardagh employee on (or potentially before) May 2021, you could have been affected by this breach. Ardagh has a legal obligation to tell you if your information is compromised. However, it is not clear if Ardagh has told everyone affected by this breach.
Ardagh claims the delay was justified because, while it became aware in October 2021 that personal data had been placed on the dark web, it was only after further review that it became known to the business that employee data was implicated.
Absolutely not. An employer cannot fire you or harm your career in any way if you make a claim.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.
