150 competition regulator data breaches

The Competition and Markets Authority (CMA) has recently disclosed figures for the data breaches that have affected the UK government regulator. They reportedly revealed that a total of 150 breaches have occurred over the last two years. The competition regulator data breaches are worrying given the CMA’s role in upholding the law, which requires them to handle a large amount of private information, some of which can be sensitive.

The importance of cybersecurity should now be well known to all businesses and organisations, as many can be prime targets for hackers and fraudsters searching for information to misuse. The malicious intent of cybercriminals should give organisations that sense of the importance of data protection. However, it appears that the CMA may not have been able to adopt the caution required of an organisation with such sensitive data handling responsibilities.

How did the competition regulator data breaches occur?

The 150 competition regulator data breaches that occurred over the course of 2019 and 2020 are said to be comprised largely of individual internal errors, rather than cyberattacks carried out by external hackers.

The CMA has revealed, as part of a freedom of information report, that there were 40 cases of devices being lost or stolen, and 81 cases in which information was disclosed without authorisation.

The implications of the data breaches

As part of its role in enforcing competition law, the CMA conducts many investigations into companies suspected of engaging in non-competitive practices, for which it often requires the disclosure of extensive business information. In cases where the allegations against businesses are severe, identities are sometimes kept confidential to avoid damaging the businesses’ reputations prematurely, before they have been found guilty.

Although there is no evidence that the completion regulator data breaches jeopardised the confidentiality of any of their investigations, there is no doubt that the unauthorised disclosure of information that occurred on 81 occasions could have done just that. In fact, five of the 150 incidents were deemed to be serious enough to be reported to the Information Commissioner’s Office, the UK’s data protection regulator. Three, it is understood, even led to the introduction of new preventative data protection measures.

It is concerning for a government regulator responsible for upholding a key area of law to be subjected to the investigation of a fellow regulator on the basis that they may have breached another area of law. The competition regulator data breaches show that the CMA needs to be aware of the necessity of data security in all areas of its operations if it is to maintain any sense of authority over businesses it is supposed to regulate.

Claiming for a data breach

In accordance with the GDPR, all organisations – from the smallest local business to the most authoritative governmental organisations – are required to sufficiently protect the information that they are entrusted with. There should be no room for missteps or accidents when personal data is at stake, which is why we can support victims of data breaches to claim the compensation that they deserve.

Your Lawyers – as a leading, expert data breach firm – is accustomed to taking on powerful organisations, such as Virgin Media and British Airways. When we believe that an organisation has failed in their data protection duties, we are here to help.

Contact us for free, no-obligation advice if you think you may have a claim to make.

LOQBOX cyberattack – one year on

Shocking research on pension scheme cybersecurity