August data breach roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

Data breaches featured heavily in the news in August, with plenty of high-profile incidents exposing individuals across the UK.

Police forces were at fault for a number of notable data breaches, while other incidents featured schools and government websites mistakenly exposing highly sensitive personal information.

To find out more about some of the most significant data breaches to take place in August, be sure to continue reading below:

Sensitive information found at former Exeter Heavitree Road Police Station

An investigation has been launched after confidential and highly sensitive personal information was left abandoned at the now-defunct Heavitree Road Police Station in Exeter.

The information, which included folders and documents relating to a case involving a fatal accident that took place nearly 20 years ago, was discovered by a group of urban explorers after they gained access to the station. The same group of explorers then published footage of them accessing the station onto a YouTube channel with over 54.4k subscribers.

Data exposed in the Exeter Heavitree road data breach was said to have explicit details about the details of the fatal accident itself, along with graphic photographs of the deceased and files relating to the deceased’s medical history and next of kin.

Devon and Cornwall Police have confirmed that a data breach investigation will be launched by the Information Commissioner’s Office to help determine why these documents were left behind in the abandoned building.

A spokesperson said: “Due to the content of the videos, Devon and Cornwall Police has made a referral to the Information Commissioner’s Office [the UK’s independent regulator for data protection and information rights law] and will fully support its enquiries. The Office of the Police and Crime Commissioner has taken action to re-secure the former Heavitree Road Police Station site and strengthen security measures.”

Officers at risk following Met Police supplier data breach

The Metropolitan Police were made to launch an investigation after one of their suppliers experienced a data breach, potentially affecting police officers and members of staff.

Details about the breach have not yet been confirmed, meaning that there are still question marks over the type of information that was compromised and exactly who may have been affected.

That said, the supplier responsible for the breach did have access to names, ranks, photos, vetting levels and pay numbers of Met Police staff.

Rick Prior, the vice-chair of the Metropolitan Police Federation said: “Metropolitan police officers are as we speak out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.

“To have their personal details potentially leaked out into the public domain in this manner, for all to possibly see, will cause colleagues incredible concern and anger. We share that sense of fury … this is a staggering security breach that should never have happened.”

Scotland’s People website reveals thousands of adopted children’s names

Privacy fears were raised after it was discovered that the details of thousands of adoptions, dating back more than 100 years, were freely available on Scotland’s People website.

Operated by the National Records of Scotland (NRS), an official arm of the Scottish government, Scotland’s People contains a wide range of government records and archives. The site provides users with access to the statutory registers of births, marriages, deaths and more.

Following a complaint from a concerned mother, the NRS removed information relating to adoptions on the site. The complaint was made on the grounds that the information could put the individual’s adopted child at risk.

The individual who made the complaint, who has requested to remain anonymous, told the BBC: It’s every adoptive parent’s worst nightmare that their child’s adoptive name, which has been carefully shielded through the court process, could be made public.

“There’s also a massive concern for adults who don’t know they’ve been adopted.”

The NRS have claimed that no data breach took place, though Scotland’s Children and Young People Commissioner has warned that the information could have resulted in a significant risk of harm.

10,000 staff affected by Police Service of Northern Ireland data breach

The Police Service of Northern Ireland (PSNI) experienced a catastrophic data breach in August which compromised the details of all its 10,000 members of staff.

The breach was caused when the PSNI responded to a Freedom of Information (FoI) request. In doing so, the PSNI shared the names of all police and civilian personnel, where they were based and what their roles were. The FoI request had only asked the PSNI for a breakdown of all staff rank and grades.

Northern Irish officers have been put at particular risk by the breach, especially as Northern Ireland Police have been the targets of republican paramilitaries. The latest attack took place in February.

Assistant Chief Constable Chris Todd stated: “We operate in an environment, at the moment, where there is a severe threat to our colleagues from Northern Ireland-related terrorism and this is the last thing that anybody in the organisation wants to be hearing this evening.

“I owe it to all of my colleagues to investigate this thoroughly and we’ve initiated that.”

Chairman of The Police Federation Liam Kelly added: “Rigorous safeguards ought to have been in place to protect this valuable information which, if in the wrong hands, could do incalculable damage.

“The men and women I represent are appalled by this breach. They are shocked, dismayed and justifiably angry. Like me, they are demanding action to address this unprecedented disclosure of sensitive information.”

Up to 69 cases affected by South Yorkshire Police data breach

South Yorkshire Police self-reported to the Information Commissioner’s Office after they experienced a significant and unexplained reduction in data. This data included bodycam footage which was recorded by officers between July 2020 and May 2023.

It has been estimated that around 69 cases could have been affected by the data breach.

South Yorkshire Police have confirmed that an internal investigation is now underway, and that the data in question was deleted rather than being moved elsewhere. There is currently no suggestion that their systems were hacked, leading to the breach.

South Yorkshire Police and Crime Commissioner Dr Alan Billings called the data loss “concerning and disappointing”.

He said: “There may be implications for victims and witnesses and the wider criminal justice system as some of this footage may be evidence in upcoming court cases.

“The force is working through the implications and direct contact is being made with those affected.”

High School exposes pupil’s A-level results in email blunder

Students and parents of John Taylor High School in Barton under Needwood, Staffordshire were mistakenly sent an email which contained the A-level results of every student.

This mistake was quickly acknowledged by the school, who then sent a follow-up email requesting that recipients should delete the initial email.

It has been confirmed that the data breach was caused by a human error, with the school then sending an apology to students and parents.

Head Teacher of the school Katie Cochrane said: “This was a case of human error, and the school are deeply distressed about the potential upset that could be caused to our students and parents.

“For this we are truly sorry. We have already completed an internal investigation into this with the support of the data protection officer to ascertain the reasons for this mistake.

“We are aware of these and will put measures in place to ensure that this does not happen again.”

What to do if you or a client needs help with a data breach

If you discover that your data has been compromised in a data breach, you will understandably be concerned about what may happen next. Even if you have not experienced any direct financial losses as a result of a data breach, the situation can still be extremely distressing.

In such situations, making a claim for data breach compensation may be possible. Hayes Connor are one of the largest teams of data breach specialists in the country and have experience in advising individuals in all types of situations.

When instructed, the team at Hayes Connor will take the time to understand your situation in detail and the impact it has had on your life. From there, they can then proceed to advise you on your available options and provide the strongest representation.

If you need any assistance with making a data breach compensation claim, don’t hesitate to get in touch with Hayes Connor today.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation