By Legal Futures Associate Hayes Connor Solicitors [1]
There were plenty of data breaches that took place in August, with various organisations falling victim to cyber-attacks that jeopardised valuable personal data.
In August, some of the most notable data breaches included a data encryption attack on a number of Isle of Wight schools, yet another incident involving T-Mobile and a vulnerability in the app-building tool, Microsoft Building apps which jeopardised personal data belonging to 38 million people.
Read on to learn more about some of the biggest data breaches that took place in August 2021.
Multiple Isle of Wight schools hit by ransomware attack
Six schools on the Isle of Wight were forced to take their websites offline in August after their data was encrypted following a cyber-attack. The attack also affected the Isle of Wight Education Federation.
As reported by Computing.co.uk [2], the Isle of Wight Federation claimed that they were liaising with the relevant authorities to pursue the individuals responsible for the attack.
A spokesperson for the Federation said: “As you can imagine, the team now have hours, days, and months of work ahead of them to recreate the information that has been lost. In order to assist with this painstaking process, the Trustees have approved the school to close for 3 extra days at the end of the summer holidays.
“This means the children will not be returning to school until Monday 6 September 2021. We ask that you are patient with the team during this period,”
The incident follows a growing trend of attacks being carried out against schools, universities and other public sector organisations. A similar attack was carried out against five schools in Anglesey in June, while Newcastle University was one of a number of higher education establishments which were badly affected by ransomware in 2020.
T-Mobile experience yet another data breach
The mobile network T-Mobile was hit by yet another cyber-attack, compromising the personal data of more than 7.8 million customers. Not only this, but 40 million records belonging to both former and prospective clients were also compromised in the attack.
As per IT Governance [3], the stolen data is said to include full names, dates of birth, social security numbers and various other ID information. The incident itself was only discovered after reports emerged claiming that criminals were attempting to sell a large database containing T-Mobile customer data.
Because the incident was only discovered as a result of these reports, it has been concluded that the criminals responsible for the attack were able to infiltrate T-Mobile’s site without being detected.
“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” T-Mobile said.
“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”
Criminals target trusted websites for text message fraud scam
An investigation carried out by Telegraph Money [4] in August revealed that various high-profile and trusted business websites have been hacked, with malicious pages being planted to steal the personal data of anyone using them.
The report claims that consumers have been receiving waves of text messages containing links to pages which aim to harvest personal details in order to steal from unsuspecting victims. Target websites have included a British car servicing company and a consultancy in the United Arab Emirates.
Hacking legitimate websites has given criminals a cheap way to get the data they need to target consumers, but it also poses a huge risk to businesses unwittingly hosting the criminals as they face having their sites taken down.
A spokesperson for Protyre, one of the websites which has been affected by the scam, said: “Protyre is dedicated to protecting customers in every way possible, and we are alarmed at the possibility that anything connected to us may be used for non-genuine purposes or cause concern for consumers.”
Microsoft Power Apps leak data belonging to 38 million people
The security research team Upguard, uncovered an issue with the default permission settings in the app-building tool Microsoft Power Apps, leaking data belonging to 38 million people.
Silicon [5] report that the exposed data is said to include names, email addresses, phone numbers, social security numbers and COVID-19 vaccination status. Microsoft responded by releasing a tool for checking Power Apps portals and planned changes to the product so that table permissions will be enforced by default.
As of yet, there is no evidence to suggest that the breached data has been exploited, but
Upguard stated: “While we understand (and agree with) Microsoft’s position that the issue here is not strictly a software vulnerability, it is a platform issue that requires code changes to the product, and thus should go in the same workstream as vulnerabilities,”
Housing association residents hit by phishing emails following cyber attack
Residents of London housing associations were sent phishing emails by fraudsters in August after a cyber-attack was carried out against a repair’s provider. This led to email addresses being accessed by unauthorised third parties.
Inside Housing [6] revealed residents living in homes belonging to L&Q, Notting Hill Genesis, Peabody and Penge Churches Housing Association (PCHA) received messages that attempted to defraud them of money by posing as repairs platform, Plentific.
Plentific said it could not disclose how many tenants were affected but confirmed that not all client or tenant data had been impacted.
L&Q released a statement on the matter, saying: “We have contacted every household whose data is held by them [Plentific] to make them aware of the possible risk and provide them with advice and guidance to protect them against potential fraud and minimise any inconvenience or concern that the breach may have caused them.”
“We will continue to keep residents updated as we receive more information.”
What to do if you or a client need help with a data breach
If you need support and guidance in relation to a data breach, or you believe that you have fallen victim to a data breach, the team at Hayes Connor are on hand to provide you with the tailored advice you need.
Hayes Connor take on cases directly from clients, as well as taking on referrals from other law firms, where specific expertise in handling data breach claims is required to bring forward an effective case.
With a wealth of combined experience across our team, we know exactly how to handle all manner of data breach claims, no matter how big or small, reaching the best possible outcome for our clients.
To find out more about the team’s expertise, or to get in touch about a potential claim or client referral, please head to Hayes Connor [7].