An employee error has recently brought about the Now: Pensions data breach, leading to the online exposure of customers’ personal details.
Now: Pensions, one of the UK’s largest pension providers, was involved in a breach of data protection duties through this leak. The result of the incident left the names, dates of birth, home addresses, and National Insurance numbers of trusting customers vulnerable to misuse.
The firm has accounted for the breach by explaining that a contractor from an external partner inadvertently uploaded the data to a public forum. Although the data was only public for a brief period of time and was removed as soon as the error was identified, the idea that the company’s procedures and systems could not protect against such a mistake is worrying.
The effects of the Now: Pensions data breach
Although the company appears to be reluctant to accept the potential gravity of an incident like this, the Now: Pensions data breach made customer details public for long enough for unknown persons to potentially copy the data. Indeed, Now: Pensions appeared to downplay the risks in an email to customers, stating that the potential for malicious misuse of the data was “the worst case scenario”.
Unfortunately, the chances of data misuse are not necessarily slim. It only takes one cybercriminal, for whom such details would represent potent fuel for blackmail and fraud, to seriously endanger the affected customers.
Besides the immediate data security risks, there could be emotional and psychological effects for those affected by a leak such as the Now: Pensions data breach. At The Data Leak Lawyers, we have witnessed the stress and anxiety provoked by a data leak as troubled victims are left in limbo as they wait to know for sure whether they could be targeted for fraud and/or theft.
Inadequate safety measures
In an attempt to appease customers, Now: Pensions offered a year’s free access to Experian Identity Plus. A subscription with the well-known credit company can track potentially fraudulent activity conducted in the user’s name, notifying them of any potential security issues.
However, the violation of data protection procedures cannot be perceived as just a mistake, and it should be investigated thoroughly to identify any underlying operational issues. As the leak arose from an error of a partner company’s employee, Now: Pensions should feel obligated to review their business relationships and determine whether their practices and procedures need to be changed.
Time and time again, we see ‘human error’ named as the culprit for data leaks, which seems to dismiss the fact that computer systems can be programmed to set up a defence against operator mistakes. For example, if the operator had received a warning alert before the data was published, they could have stopped in their tracks.
Claiming compensation for data leaks
If you have been affected by the Now: Pensions data breach, or a similar leak, you may be entitled to compensation. If a company has contravened the General Data Protection Regulation, either intentionally or unintentionally, they can be in breach of their data protection duties.
At The Data Leak Lawyers, we have been representing people in data protection claims for many years. We are experts and pioneers in data breach actions, having launched over 50 group and multi-party actions in this area.
You can trust us to give you no-obligation advice about your compensation claim, and we will support you through every step of the claims process.
YOUR LAWYERS FEATURED IN THE MEDIA:
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Author on February 01, 2021
Posted in the following categories: Claims Data Employee Data Breach Group Action Latest Security Technology and tagged with compensation | data breach | data controllers | data leak | database security | gdpr | Group Action | online security | personal data