Interserve Group Limited data breach matters: ICO fine

The Interserve Group Limited data breach that occurred in 2020 has resulted in a significant multi-million-pound fine being issued by the UK’s data watchdog, the ICO.

Your Lawyers, as leading privacy claims specialists, are used to helping people whose information has been misused or exposed. Having read information from the report issued by the ICO, it is clear that more could, and should, have been done to have prevented this incident from taking place.

Anybody who has lost control of their personal information through no fault of their own could be entitled to pursue a No Win, No Fee claim for compensation. Our team is available for free, no-obligation legal advice here now.

About the Interserve Group Limited data breach matters

The Interserve Group Limited data breach involved a phishing email that was sent to an accounts team mailbox on the 30th of March 2020. The phishing email in question was designed to look like it was a matter that required urgent review, and the email was subsequently forwarded to an employee responsible for invoicing the following day. Unfortunately, on the 1st of April 2020, the phishing email was opened and the attachment was downloaded, and a zip file was extracted. The attached file executed the installation of malware and resulted in the device used by the employee in question being compromised.

It is understood that one of the issues as to how the cyberattack managed to bypass security measures was due to the employee in question working from home.

It is understood that, following the compromise of the device, the attacker used various tools to compromise 283 systems and 16 accounts, including 12 privileged accounts, according to the ICO. Unfortunately, this included sensitive HR databases that contained the personal details of some 113,000 individuals, and included special category information.

The discovery of the Interserve Group Limited data breach resulted in investigations and regulatory reporting taking place.

Regulatory action from the ICO

The UK’s data watchdog, the Information Commissioner’s Office (ICO), has published its report into the Interserve Group Limited data breach. In that report, they have decided to impose a penalty on the company in the sum of £4,400,000 as a result of the incident.

This is a considerable penalty, and demonstrates the power of the GDPR that has significantly increased the previous cap of £500,000 to allow the regulator to issue multi-million-pound fines where appropriate. Fines of this kind of level are not issued lightly, and will often arise having considered the nature of the breach, how it happened, and what more should have been done to have prevented it from taking place.

The monetary penalty issued by the ICO is punishment for what has happened, and is not designed to compensate the victims whose personal information has been exposed. For victims to pursue compensation, they must instruct a solicitor privately and pursue a claim for damages.

Compensation for a breach of the Data Protection Act by an employer

Victims of a breach of the Data Protection Act by an employer can be eligible to use the law to pursue compensation for any distress caused by the loss of control of their personal information.

As with any organisation, an employer has an important duty to protect the information of its employees. There will be sensitive and special category data in some cases, from banking information for the payment of salaries, to potentially sensitive medical data for equality monitoring and supporting staff.

If we consider that you have been the victim of a breach caused by your employer, you could be entitled to pursue a case on a No Win, No Fee basis. The best thing to do is contact our team for free, no-obligation legal advice here now.

What is a distress compensation claim for a data breach?

Privacy compensation experts – claim now