News

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches that occurred over the last few months.   

Southern Water

Earlier this year, Southern Water revealed that some of its data had been breached. The security violation happened following an “illegal intrusion” into the company’s IT systems. In other words, a cyber-attack.   Data belonging to 5-10% of customers has been stolen in the cyber-attack. However, Southern Water provides essential water services to 2.5 million customers and wastewater services to more than 4.7 million customers, so this has the potential to be a far-reaching data breach. 

Our data protection lawyers are investigating this incident. If we believe poor security processes at Southern Water led to this data breach, we will launch a no-win, no-fee compensation claim. 

FIND OUT MORE 

23andMe

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach with the Office of the Privacy Commissioner of Canada (OPC).   The news of the joint investigation into the data breach implies that weaknesses in 23andMe’s data security processes did exist. In our opinion, the ICO is notoriously under resourced and is unlikely to launch an investigation into a hack without cause to do so.   

FIND OUT MORE 

2Plan

In May 2023, 2plan discovered a cyberattack. The firm alerted the FCA, the Information Commissioner’s Office, advisors, and some clients about the breach. In March 2024, 2plan contacted more clients to warn them that their data may also have been stolen in the ‘cyber incident’. 

Ministry of Defence

Earlier this year, the personal information of serving UK military personnel was accessed in a significant data breach. The hack targeted a payroll system used by the Ministry of Defence (MoD). The Chinese state is reported to be behind the attack.   

In 2023, payroll provider Zellis was hacked after cybercriminals – believed to be part of a Russian crime group – exploited a security flaw in the MOVEit software.    

Lewisham Council

In May 2024, the BBC revealed that Lewisham Council published personal resident data on its website for almost a year. The information related to people who had commented on a planning application. The names, addresses and contact details of 156 people were publicly available online for 11 months.  

NHS Dumfries and Galloway

A hacker group gained possession of some patient data after a cyber-attack against NHS Dumfries and Galloway. A darknet post by Inc Ransom alleged that it had stolen three terabytes of data from NHS Scotland. The hackers posted a “proof pack” of some of the data, which has been confirmed as genuine. 

Deborah Stuttard

Share
Published by
Deborah Stuttard
6 months ago

Recent Posts

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

6 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

6 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

6 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

6 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

6 months ago

Which pension firms are involved in the Capita data breach?

The following blog contains a list of some of the pension schemes and firms potentially… Read More

6 months ago