Tag: database security
It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the police service again after it was found that he accessed private records without a valid policing reason. The Special Constable in question is understood to have resigned from his position before superiors could dismiss him for his data snooping.
While police officers are granted information access to records and details that are needed for casework, they are not authorised to view or use information outside of their policing workload without any good reason. Campbell violated his professional duty by accessing information without a legitimate reason, reportedly only browsing the records due to “curiosity”.
Regardless of the motives of the Hampshire police officer, there is no excuse for breaching data protection law. We trust the police service to maintain strict control over personal information, so it is important that any officers who breach the duty they owe to the public are held accountable for their actions.
Despite looking up private police records without authorisation, a Detective Sergeant has recently evaded dismissal following a misconduct hearing. In the Northamptonshire detective data breach case, the Detective Sergeant reportedly looked up the details of a woman with whom he was engaging in an extra-marital relationship with at the time, who was involved in a case he was working on.
His actions reportedly amounted to misconduct, so the Northamptonshire Police appear to be sending mixed messages by not taking the matter any further. The police can, and often do, dismiss officers for similar offences, but this officer’s acceptance of the accusations against him, and his standing in the force, seem to have allowed him to avoid further consequences.
Police data breaches like this should be treated with the severity that they merit, taking account of the potential damage such actions can cause. Police services cannot afford to let employees off lightly for breaching data access regulations, as doing so could risk compromising the force’s reputation and its overall data security and integrity.
Around two years ago, the Police Federation of England and Wales was hit by a cyberattack, and we began taking claims forward soon after the data breach incident occurred. Although it was initially believed that no personal information affected, it was nevertheless a possibility that employee data may have been exposed to unauthorised access.
The case against the Police Federation is one of many data breach group actions we are pursuing. As leading specialists in data breach claims, we are fighting for justice in a number of high-profile actions, including those against Equifax, Virgin Media and British Airways.
As with all our data breach group actions, we are offering No Win, No Fee representation to eligible victims of the Police Federation data breach. You can contact us today if you are considering starting a claim.
NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.
Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.
It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.
Recent coverage has revealed that action taken by bank employees and police prevented some £45m of fraud in 2020, saving customers from the loss of an average of almost £6,000 each. The figure is a testament to the success of the Banking Protocol scheme that encourages banks and the police to work together to protect consumers.
However, the huge £45m sum is also a sign of the scale of fraud in the UK. As leading, specialists in data protection law, we believe that the link between data breaches and fraud is a problem that needs to be addressed. When a third-party organisation fails to protect your personal information, it may be leaked into the hands of cybercriminals, who may attempt to steal from you via various kinds of manipulative scams.
We believe that it is essential that all data controllers are held to account when they fail to observe their legal duties. We have helped thousands of consumers to recover the compensation that they deserve, so we encourage any data breach victims to come forward for free, no-obligation advice on their potential claims.
In June 2018, the Shurgard data breach came to our attention, and we began to advise those affected by the incident. It was found that an internal error had led to personal information about employees being mistakenly shared, allegedly with all employees in the company.
It may seem that internal company data breaches are not as severe as those that provoke widespread public data exposure but, in fact, incidents such as these can be highly serious for those affected. Data protection errors must be avoided in all circumstances, as even the most basic of mistakes can have harmful implications.
All businesses and organisations in possession of personal data have a legal obligation to protect this information to the best of their abilities. Where they fail to meet this obligation, it can constitute a breach of data protection law. Those affected by the Shurgard data breach, or any other incident like this, may have a right to recover compensation for a data breach incident. To hear more about your potential right to claim, contact our specialist data breach team for free, no-obligation advice.
In June 2018, it was revealed that survey company Typeform had suffered a data breach. The company reportedly became aware of the issue on 27th June, identifying that an attack had led to hackers downloading what was described to be a “partial backup” of its customer data. When we learned of the breach, we offered advice to those affected, and victims may still be able to make a Typeform data breach claim as part of the action that we are pursuing.
In accordance with UK data protection law, all those who disclose their information to third parties have a right to the protection of their personal information. Typeform’s customers, therefore, justifiably expected that they could trust Typeform with their data. Unfortunately, instead, some were greeted with the news that their information had been exposed.
As leading specialists in data breach claims, Your Lawyers (t/a The Data Leak Lawyers) helps those affected by data exposure to claim the compensation that they deserve. Although three years have passed since the Typeform data breach was revealed, more victims may still have a chance to make a claim, so contact our team for more advice if you were affected. We are already helping others on a No Win, No Fee basis.
As a standard recommendation of IT professionals and security specialists, many of us will be aware that it is advisable to use a range of passwords, but we believe that the importance of this advice cannot be understated. Many studies have shown that people continue to risk their data security by reusing passwords across their online accounts, and this is dangerous.
There is now a whole subsection of cybercrime built around the theft and misuse of account credentials, so it is vital that consumers do not put themselves at greater risk by reusing passwords.
Personal information is a highly valuable resource to cybercriminals, and passwords can be particularly profitable, given that they can sometimes unlock private accounts containing further personal information. A password is meant to be a key form of protection, so why are we compromising this security technique by reusing passwords?
In June 2018, Ticketmaster revealed that a security incident had affected its website, causing the personal information of customers to be exposed. Discovered on 23rd June, the information was exposed due to the actions of an external hacker, but questions were raised regarding how far the incident had been caused by Ticketmaster’s own alleged negligence. We began taking on claims soon after the breach was announced, and we are now running our Ticketmaster data group action to ensure that those affected can receive the compensation that they deserve.
The breach has potentially demonstrated how insufficient cybersecurity could be responsible for mass information exposure. Thousands of customers had sensitive payment details exposed as a result of what we understand to be a system vulnerability, so we believe that Ticketmaster must answer for what has happened.
If you have been affected by this data breach, you can contact our team to find out if you have a compensation claim to make.
A woman has recently reported receiving the coronavirus test result of another unknown woman, reportedly sent in a text message by the NHS. Not only did the text reveal the negative test status of the unknown woman, it is understood that it also listed her full name, birth date and the result of her test. The recipient of the message has expressed concern that such a data breach was allowed to occur, particularly given that she took a coronavirus test in early January.
Concerns about data privacy have been linked to the Test and Trace system since its beginnings, with several data breach incidents linked to the scheme, including a major error by Public Health Wales. It is concerning that data privacy has fallen short on occasions in the effort to control the Covid-19 outbreak, especially given that mistakes such as misdirected texts can be so easily avoided.
The Test and Trace system may be designed to protect public health, but that does not mean data breaches like this can go unnoticed.