The head of Manchester City Council has recently reported that the local authority’s IT systems have been subjected to regular cyberattacks in recent times. Richard Leese described how the council has reportedly been hit by concerted attacks recently, and he believes that other councils may be falling victim to the same kinds of issues.
The council chair’s warning to other local authorities highlights the importance of cyberattack prevention and response strategies, particularly in terms of how there is a need for a shared approach. Despite their sometimes small and local scale, councils cannot expect to avoid assaults on their systems and networks. Hackers can be indiscriminate in their targets, seeking to hit as many organisations as possible in the hopes of data theft and financial gain.
With councils facing a significant threat of cybercrime, it is essential that all local authorities comply with data protection law to produce effective methods of protecting the personal information they hold. If they are found to be responsible for data exposure, they may be in breach of the law, and the victims of the breach may be entitled to claim compensation for the harm caused.
A report by The Register has revealed that text messages sent by council agents en masse to UK taxpayers may have been exposing their personal data to unrestricted access. The external agency Telsolutions Ltd reportedly developed the SMS system for the purposes of chasing debts, but allegedly failed to impose basic security measures. This has apparently made it easy for users to manipulate the links sent in the text messages. This example of a council debt chasing data breach could, therefore, be a sign of a fundamentally inadequate approach to data protection.
It is unclear if anyone took advantage of the security loophole, and if so, how many people chose to do so. Nevertheless, its existence can be enough to cause concern for anyone contacted by local councils in this manner, particularly given the vulnerable situations some alleged tax defaulters may be in.
Your Lawyers, as specialists in data protection law, is disappointed to hear that a number of councils may have again failed to take the precautions necessary to protect their residents’ private information. We help data breach victims to claim compensation for the harm caused, so you can contact us for advice if you think you may have a claim to make.
A Chorley Council data breach has recently been reported after it was revealed that thousands of members of the public may have had their details exposed by the local authority. The incident appears to be yet another example of the damage that can be done to information security when employees make misjudgements.
Unfortunately, the incident at Chorley Council is only one in a long list of data breaches to have been caused by human error at local government bodies generally. Councils like Chorley should be striving to break with this trend, but there has unfortunately been little progress in terms of data protection it seems.
In the UK, all third-party data controllers are obliged to comply with the GDPR in their protection of the information that they hold and process. If they fail to do so, they can be held accountable, and those affected may have a right to make a compensation claim.
A former Wiltshire Council social worker has reportedly been taken to court over a “serious breach of trust”, having been found to have accessed sensitive information without reason or authorisation.
As a social worker, the individual in question was granted certain data access privileges. It has been reported by the Gazette and Herald that she abused her position in a way that could have put the privacy and safety of vulnerable people at risk.
Social workers naturally have a high level of trust invested in them, so it is understandable that there is a no-tolerance policy for any employees who breach this trust. Social services data breaches like this can have severe consequences for those affected, particularly where vulnerable minors are involved, as their personal details often must be kept under highly restricted access in order to protect them from abusive adults. We represent people for these kinds of cases quite a lot. As such, it is essential that anyone who threatens to compromise the need for data protection is punished accordingly.
In February last year, it was revealed that Redcar and Cleveland Council had fallen prey to a cyber-attack, bringing many of its online resident services to a standstill for a prolonged period of time. Although systems were eventually repaired and services reinstated, the effects of the cyberattack are still being felt now, over a year after the attack, primarily in the huge financial toll it took on the council.
In fact, the government has been set to intervene to help the council with the funding, after millions of pounds were expended on the effort of rebuilding its systems. The prolonged recovery work raises questions about whether Redcar and Cleveland Council’s systems should have been stronger in order to defend against the attack in the first place, and whether the council had an attack response plan in place before they were hit.
This all shows how costly an attack can be, and why it is always so much better to take preventative action instead of an event taking place.
In the worst cases, data breaches can involve highly sensitive information, compromising the privacy and safety of some of the most vulnerable people in our society. In particular, social services breaches often affect the most vulnerable victims, leaving them open to even more risks than they already face.
Generally run by local councils, social services offer support to their local communities, whether this is providing assistance for people with disabilities, running care homes, or setting up domestic abuse support groups. While social services are absolutely essential to ensuring the safety and well-being of the people under their care, this protection can break down when a data breach occurs.
Anyone who has been let down by a social services data breach may be able to claim compensation for the harm caused.
The cyber threats to local governments has been present for a number of years, but the current coronavirus crisis has also presented a new opportunity for cybercriminals. As the external threat posed by hackers shows no sign of abetting, it is up to the councils themselves to take action to prevent local government cyberattacks.
With a number of extremely costly data breaches hitting local councils in 2020, local government organisations have been alerted to the risk posed by deficient cybersecurity. Unfortunately, the victims of council data breaches were already all too aware of the consequences of data exposure. We have supported victims in relation to council data breaches many times, and we believe that there is still much to be done to improve local government cybersecurity.
If you have been affected by a data breach of any kind, you may be able to claim compensation for the harm caused. Contact us today to receive free, no-obligation advice on your potential claim.
Councils are often in possession of extensive personal information pertaining to their employees and their residents. Often, councils keep sensitive information belonging to residents in receipt of benefit payments, or to those who have made payments to them, whether this is for a parking fine or for council tax. Council payment data breaches can arise when any information relating to payments to or from residents is exposed.
The wealth of information available at councils can make them prime targets for hackers, but it also means that any human error data breaches caused by employees can have severe implications. For the victims, data exposure can provoke an emotional and financial impact, which is why we help those affected to claim compensation for the harm caused to them.
Each and every third-party data controller has a duty to protect the data entrusted to their care, and they can be held accountable under the law when this duty is neglected. Your Lawyers, as leading data protection lawyers, know what it takes to hold organisations to justice.
A report has revealed that a recent Birmingham City Council data breach incident has taken place after private information was mistakenly published online.
It is alleged that the exposed data included the details of “vulnerable children”, although this has reportedly been disputed by the local authority. The council said that a number of citizens were affected, but has yet to confirm just how many people were affected.
The Birmingham City Council data breach appears to be yet another example of the human error data breaches we have seen occur at local authorities time and time again. As advocates of data security, we believe that there is never an excuse for errors such as this, as everyone has the right to have their private data kept safe. In many cases, victims of data breaches can be eligible to claim compensation for any harm caused. This may also be a possibility for those affected by the breach at Birmingham City Council.
In what is continuing to be a common trend for local government authorities, the recent Blackpool Council data leak has seen the exposure of personal data belonging to hundreds of individuals.
The issue has been labelled as a so-called accidental “human error” incident. A data handling mistake reportedly resulted in the details of about 428 people being made public, when the data should have remained private.
Occurring within months of our coverage of the Hackney Council cyberattack and the Bristol City Council data leak, this breach unfortunately comes as no shock to us. It probably comes as no shock to anyone who has become familiar with recurring patterns of council data leaks in general. Inadequate data protection practices at so many local councils means that this is a nationwide problem. We are here to help anyone affected by data breaches like this, striving to win them the compensation they deserve.