In our regular update, we provide a roundup of some of the data breaches that occurred over the last few months.
Earlier this year, Southern Water revealed that some of its data had been breached. The security violation happened following an “illegal intrusion” into the company’s IT systems. In other words, a cyber-attack. Data belonging to 5-10% of customers has been stolen in the cyber-attack. However, Southern Water provides essential water services to 2.5 million customers and wastewater services to more than 4.7 million customers, so this has the potential to be a far-reaching data breach.
Our data protection lawyers are investigating this incident. If we believe poor security processes at Southern Water led to this data breach, we will launch a no-win, no-fee compensation claim.
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach with the Office of the Privacy Commissioner of Canada (OPC). The news of the joint investigation into the data breach implies that weaknesses in 23andMe’s data security processes did exist. In our opinion, the ICO is notoriously under resourced and is unlikely to launch an investigation into a hack without cause to do so.
In May 2023, 2plan discovered a cyberattack. The firm alerted the FCA, the Information Commissioner’s Office, advisors, and some clients about the breach. In March 2024, 2plan contacted more clients to warn them that their data may also have been stolen in the ‘cyber incident’.
Earlier this year, the personal information of serving UK military personnel was accessed in a significant data breach. The hack targeted a payroll system used by the Ministry of Defence (MoD). The Chinese state is reported to be behind the attack.
In 2023, payroll provider Zellis was hacked after cybercriminals – believed to be part of a Russian crime group – exploited a security flaw in the MOVEit software.
In May 2024, the BBC revealed that Lewisham Council published personal resident data on its website for almost a year. The information related to people who had commented on a planning application. The names, addresses and contact details of 156 people were publicly available online for 11 months.
A hacker group gained possession of some patient data after a cyber-attack against NHS Dumfries and Galloway. A darknet post by Inc Ransom alleged that it had stolen three terabytes of data from NHS Scotland. The hackers posted a “proof pack” of some of the data, which has been confirmed as genuine.
We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More
The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More
We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More
We have launched a group action against Capita. Group actions can be a powerful tool… Read More
The following blog contains a list of some of the pension schemes and firms potentially… Read More