A recent data handling error has left thousands of arrest records lost, after they were accidentally deleted from the Police National Computer (PNC).
The mistake represents an extremely severe blow to police operations, which could pose a threat to public safety. While initial statements set the number of lost records at 150,000, it has since been reported that as many as 400,000 crime records could be affected.
As one of our major national institutions, it is worrying to see that the police force has been hit by data loss of this scale. There is no room for such errors in an organisation responsible for protecting so much important information, which is one of its key weapons in detecting and arresting suspects.
A report has revealed that a recent Birmingham City Council data breach incident has taken place after private information was mistakenly published online.
It is alleged that the exposed data included the details of “vulnerable children”, although this has reportedly been disputed by the local authority. The council said that a number of citizens were affected, but has yet to confirm just how many people were affected.
The Birmingham City Council data breach appears to be yet another example of the human error data breaches we have seen occur at local authorities time and time again. As advocates of data security, we believe that there is never an excuse for errors such as this, as everyone has the right to have their private data kept safe. In many cases, victims of data breaches can be eligible to claim compensation for any harm caused. This may also be a possibility for those affected by the breach at Birmingham City Council.
Cyberattacks can be a common reason for the occurrence of data breaches, as criminals often target company databases to gain access to huge swathes of information. There is one type of attack that is particularly malicious in nature: when databases with highly sensitive data are hacked and the victims are held to ransom by cybercriminals, perhaps seeking payment in return for a vow that they will not misuse or publish the information.
These can sometimes be empty promises, placing the victims in danger whether they choose to pay up or reject the ransom. Unfortunately, poor data security of some organisations can often be the reason as to why victims end up in this defenseless position in the first place, as weaknesses in their systems could allow cybercriminals to break through.
If you have been put in a precarious situation due to a ransomware attack, we are here to advise you on your potential right to claim data breach compensation from those responsible for negligence.
In what is continuing to be a common trend for local government authorities, the recent Blackpool Council data leak has seen the exposure of personal data belonging to hundreds of individuals.
The issue has been labelled as a so-called accidental “human error” incident. A data handling mistake reportedly resulted in the details of about 428 people being made public, when the data should have remained private.
Occurring within months of our coverage of the Hackney Council cyberattack and the Bristol City Council data leak, this breach unfortunately comes as no shock to us. It probably comes as no shock to anyone who has become familiar with recurring patterns of council data leaks in general. Inadequate data protection practices at so many local councils means that this is a nationwide problem. We are here to help anyone affected by data breaches like this, striving to win them the compensation they deserve.
For businesses with expanding opportunities and responsibilities, it often becomes necessary to hire external providers and suppliers to ensure the efficiency of company operations. Data leaks from outsourcing can unfortunately occur when these external providers lapse in protecting the information held by the company they work with.
However, when a data leak does arise, it is not acceptable for the affected company to simply shift the blame onto an external supplier or provider. Ultimately, the responsibility to protect the information of customers, members and employees falls on the organisation itself as a result of the legal duties that they must adhere to. Even in cases where an external provider caused the leak, the victims can still be eligible to claim compensation either way.
A constable at Derbyshire Police has recently faced a misconduct hearing over allegations of unlawfully accessing records of a police incident and then sharing a photo of the file with colleagues.
Although the officer’s actions contravened policing standards and data protection law, he has escaped dismissal and will be allowed to continue serving at Derbyshire Police.
Regardless of the verdict of the hearing, a breach such as this should never have occurred at all. Testaments to the officer’s reportedly “excellent” work as an officer do not erase his culpability for what has been regarded as an incredibly reckless action. As an organisation with access to extensive personal data, the police service has a vital duty to be rigorous in data protection and we should all feel safe that our information with them is secure. Our trust in the police should never be abused.
Following a two-year investigation into credit reference agencies, the Information Commissioner’s Office (ICO) has taken enforcement action against Experian. It was ruled that the company must make “fundamental changes to how it handles people’s personal data”, according to the ICO.
The investigation examined three credit agencies, of which Experian is the only one to reportedly face punitive action for data handling they carry out for direct marketing purposes.
Experian is understood to have taken some steps towards improving their data handling, but it was not enough to satisfy the ICO that data protection law was being adhered to. It is reassuring to know that Experian must make changes, and demonstrates to other companies that any sidestepping of the GDPR will not be tolerated by regulators.
If you are ever affected by a data breach or cybersecurity incident caused by a third-party organisation whom you entrusted your information to, it is important that you know what your rights are in the fallout of such an incident. It may feel difficult to stand up to a huge company or local authority, but if a third party has failed to protect personal data, they should be held responsible for their reckless attitude to data protection.
At Your Lawyers – The Data Leak Lawyers – we have been fighting for the rights of data breach victims for many years, aiming to bring justice for the damage that victims have suffered from. Organisations must stand up and take their data protection duties seriously. If they fail to do so, they should be punished as they would be under other areas of the law.
In a serious misstep at East Devon Council, the passwords of 37 council members were reportedly exposed online to other councillors, leaving private email inboxes potentially vulnerable to unauthorised access.
The error was quickly corrected, with affected councillors resetting their passwords. However, the period of vulnerability could have caused leaks of confidential information, which is why this is a serious matter.
Despite local authorities’ important responsibility to their communities and residents, we see data breaches happening far too frequently at local councils, suggesting that many are still failing to take their data protection duties seriously. At Your Lawyers – The Data Leak Lawyers – we believe that failures when it comes to data protection law justifies legal action, as many of these local authorities need to develop more rigorous data protection measures to protect people’s information. Where they fail to do so, we are here to help.
Another travel industry data breach has recently hit the headlines, with the popular airline IT provider SITA suffering a monumental cyberattack. The SITA data breach is thought to have exposed information belonging to hundreds of thousands of passengers.
Among the affected airlines are those owned by Star Alliance, the world’s largest airline group, and British Airways is also affected. Some of the thousands of clients that we represent for the 2018 BA data breaches have already come forward for our assistance.
The travel industry has been plagued by data breaches, with companies such as Marriott and easyJet falling prey to significant hacks in recent years. The wealth of information that is held by airlines and travel companies makes them prime targets for cybercriminals, and the effects can be devastating for those affected.