Welcome To The Data Leak Lawyers Blog
We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
Some 5 million HMRC voice ID records are to be deleted after regulators ruled that a “significant” breach of data protection law had taken place over the use of the “my voice is my password” system.
The UK’s data watchdog, the ICO (Information Commissioner’s Office), has given the government until next month to remove data collected without proper content from millions of taxpayers. Although some people have since opted in for the system, the data for those collected and retained without proper consent is to be removed.
The issue has raised concerns over the government’s own ability to adhere to important data protection laws, with the ICO critical of HMRC’s behaviour.
The Windrush data breach incident that happened on 7th April 2019 has forced changes to be adopted by the Home Office following the leak of information surrounding the compensation scheme.
Earlier this month, mass emails were sent out to people taking part in the Windrush compensation scheme, as well as other interested parties. Emails were reportedly sent out in batches of 100, and the first five batches are understood to have resulted in a data breach. Yet again, this was another case where recipients of the email could see each other’s information.
This kind of incident has happened so many times before, and it triggered one of the more severe compensation actions we’re involved ion; the 56 Dean Street Clinic leak. Changes are now set to be made.
The Information Commissioner’s Office (ICO) has issued a fine of £400,000.00 having concluded their investigations into the significant Bounty data breach.
We’ve already been contacted for help and taken claims for data breach compensation forward on a No Win, No Fee basis since news of the fine broke in the media. As many as 14 million individuals may have had their personal data shared, including new mothers and infants by extension.
The ICO has established that Bounty failed to properly inform users that their data would be shared for marketing purposes. The findings also confirmed that no one was able to give proper and informed consent as well.
The Hollybrook Medical Centre data breach is another example of an employee (or former employee in this case) who has abused their rights of access to data.
In this case, former GP Practice Manager, Shamim Sadiq, was suspended and dismissed on unrelated matters from the Hollybrook Medical Centre in November 2017. The day after the suspension came into force, Sadiq reportedly accessed her work email account and committed a data breach by sending information to her personal email address.
The reason she was able to still access the account was because she was also employed as an advisor for the Care Quality Commission. She therefore still had access to her NHS email account.
A recent prosecution has taken place over the V12 Sports and Classics data breach incident where a former employee of the company has been found guilty of breaking the law.
In this case, the former employee (32-year-old Jayana Morgan Davies) reportedly forwarded work emails that contained the data of customers and colleagues to her personal account. She resigned from her position a few weeks later, which suggests a specific motive for the illegal processing of the data she misused.
The incident is said to have taken place in August 2017. It has led to a successful prosecution from the ICO (the Information Commissioner’s Office).
There has been a Heart of England NHS data breach incident, and it’s yet another case of an NHS employee snooping on the personal data of people they know.
We’ve spoken out about the issue of NHS employees abusing their rights to access medical data a lot recently. The Information Commissioner’s Office (ICO) – the UK’s data watchdog – has prosecuted a number of offenders for such actions. They’ve also had to send out warnings to staff about their responsibilities and the punishments they can face when it comes to this kind of behaviour.
A large volume of the cases we represent people for are NHS data breach compensation claims, so hearing of these kinds of incidents isn’t surprising.
There has been a prosecution for a worrying Nuneaton and Bedworth Council data breach that’s an example of how employees can exploit the data they can access.
In this incident, former head of building control at the council, Kevin Bunsell, shared personal information about job applications with his partner. His partner had applied for the same job that the candidates whose data was shared had applied for, and she won the position.
Although we can only speculate as to the motives, we can assume that the reasons for sharing the data were to assist his partner in securing the position which she was eventually awarded.
NHS England has ruled in an investigation into a Worcester GP data breach after previous findings suggested that the law had not been broken.
In this unusual case, the Severn Valley Medical Practice reportedly posted information online about a patient. Initially, the Practice is understood to have disputed that any data protection breach had occurred. Since then, NHS England and the Information Commissioner’s Office (ICO) both agree that the incident was a failure to comply with data protection obligations.
Another element that makes this case unusual is about allegations made surrounding the Data Protection Officer (DPO) who reportedly claimed there wasn’t a breach in the first place.
A Deliveroo data breach “incident” is said to have been reported to the ICO who have confirmed that they’re making inquiries.
Back in 2016, the food delivery company faced scrutiny after customers complained of fraudulent transactions on their accounts. In some cases, it appeared the issues were down to people’s credentials being stolen in hacks completely separate to Deliveroo. Criminals had used stolen credentials to access accounts in cases where credentials were reused.
Deliveroo were subsequently criticised over what some customers felt was a failure to spot and stop fraudulent transactions. In this latest incident, it appears that history may be repeating itself.
A hefty fine has been issued over the 2016 Uber cyber attack as a result of security flaws that could have prevented the breach in the first place.
The data for some 2.7m Uber customers in the UK was compromised, as were the records for over 80,000 drivers. The fine, issued by the ICO (Information Commissioner’s Office), is small in comparison to potential GDPR fines. This is because the cyber attack took place in 2016 before the new rules came into force.
Had the cyber attack have happened this year, Uber could have faced fines in the millions.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
