fbpx

Police Federation Data Breach

We are helping PFEW members fight for justice following the 2019 data breaches

In March 2019, The Police Federation of England and Wales (PFEW) suffered two ransomware cyber-attacks. During the attacks, the hackers accessed the PFEW’s systems and encrypted several of its databases, making them inaccessible to the PFEW. The attacks also gave cybercriminals access to the same databases, which contained the personal information of around 130,000 police officers at all levels.

In March 2022, three years after the incident, the PFEW finally admitted liability for unlawfully processing police officers’ personal data by not having the appropriate technical and organisational measures in place. PFEW claims there is no evidence that data was actually taken. Nevertheless, PFEW members affected by the data breaches still haven’t been told exactly what happened.  

Many members have experienced lasting distress following these cyberattacks and have contacted us to help establish the facts and make a compensation claim.

The action that KP Law has launched against the PFEW is proceeding for in excess of 19,000 officers by way of a lead claimant group that will go to trial in the coming 18 months. As the 6-year anniversary of the breaches now approaches, KP Law has closed the group and there is now no further acceptance of new claimants to this action by KP Law.

Any affected member of the PFEW who wishes to make a claim for any losses caused by these breaches should ensure that they do so by filing claims with the Court before the 6 year anniversary of the breaches on 9 March 2025. 

New Data Breach Alert: Metropolitan Police

If you have received notification of your involvement in this breach, please sign up to our group action compensation claim. 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.