Unsecured servers and databases – rail passenger data accessible online

Many data breaches occur not because of sophisticated hacks, but because of failures in cybersecurity defences. In such cases, the blame can primarily fall on the head of the data controller, who may have failed in their duty to protect personal information. For example, a potential data breach arose when a configuration issue in the systems of Network Rail left rail passenger data accessible online.

The error is one many companies cite when a data breach occurs, and one which can be indicative of systematic failings within an organisation. It often only takes one mistake or flaw to make a substantial hole in an organisation’s cybersecurity defences. As good cybersecurity is a key tenet of data protection law, data controllers with weak or faulty cybersecurity can be found in breach of the GDPR. The wider defences are only as good as the weakest link.

Where the GDPR is breached, those affected by the exposure of their information may be eligible to make a compensation claim. At Your Lawyers (T/A The Data Leak Lawyers), we represent data breach victims as a leading data breach claims law firm to fight for the justice that they deserve.

Rail passenger data accessible online – a near miss

In March last year, C3UK – the internet provider for UK railway stations – was made aware of a misconfigured database by a security researcher, an error that left rail passenger data accessible online.

About 10,000 travellers who had made use of free Wi-Fi at railway stations were affected, with the exposed information relating to contact data and dates of birth.

Having secured the database immediately after being notified of the issue, C3UK stated that it had only been accessed by their company and the security researcher, which should mean that the error is of minimal risk. However, if action had not been taken so quickly, the outcome may have been very different.

Leaving rail passenger data accessible online is certainly an invitation to fraudsters and cybercriminals who could abuse such information and cause harm to the victims.

Poor cybersecurity and compensation claims

Making rail passenger data accessible online is no small error when personal privacy is at stake. Similar mistakes have had much more severe repercussions. For example, the Virgin Media data breach occurred when a configuration error left a marketing database accessible online for 10 months, consequently exposing the personal data of 900,000 UK consumers. We are currently representing Virgin Media claimants in our group action.

When a cybersecurity error causes a data breach, companies cannot simply blame the breach on technology, or a select few IT employees. It is the responsibility of the company as a whole to implement rigorous procedures and protective measures to ensure that there are no chinks in the armour.

In cases where the company is found to have breached the GDPR, the victims could be eligible to claim compensation for the distress that they have endured, as well as any financial losses or expenses that the breach may have provoked.

Make your claim today

If you believe that you have been adversely affected by the exposure of your personal data, you may be able to claim data leak compensation under the GDPR.

As leading specialists in data protection law, we know how severe the repercussions can be, which is why we aim to help all data breach victims to access the justice they are entitled to.

Call us today for free, no-obligation advice on your potential claim.

Malicious cyberattacks and their repercussions

NurseryCam data breach