- Legal Futures - https://www.legalfutures.co.uk -

February 2021 Data Breach Roundup

HayesBy Legal Futures’ Associates Hayes Connor Solicitors [1]

We’re well into the swing of 2021 and the number of data breaches continues to mount, all of which have significant consequences for the members of the public who have been affected, and the data breach industry as a whole.

The data breaches uncovered in February include accusations made against Facebook for losing control of data belonging to around a million users and a hack which led to the removal of an app belonging to one of the UK’s leading energy providers.

Read on to learn more about some of the biggest data breaches to hit the UK in February 2021.

Npower forced to shut down app following data breach

One of the UK’s leading energy providers, Npower, was forced to close down its app after hackers were able to access customers’ accounts, which included partial bank account details. Npower have confirmed that there are no plans to reopen the app.

MoneySavingExpert [2] reported the incident, saying that Npower found customer accounts had been accessed by hackers using login data obtained from other websites – a hacking technique known as ‘credential stuffing’.

Npower will not confirm how many accounts were affected by the data breach, but they have disclosed that anyone affected has been contacted. The hack is currently being investigated by the Information Commissioner’s Office (ICO), which will be making its own separate enquiries.

A spokesperson for Npower commented on the incident, saying: “We immediately locked any online accounts that were affected, blocked suspicious IP addresses and deactivated the Npower app. We’ve also notified the Information Commissioner’s Office and Action Fraud. Protecting customers’ security and data is our top priority.”

Facebook face lawsuit for ‘losing control’ of data belonging to around a million users

Facebook is being sued for ‘losing’ control of data belonging to around a million users in England and Wales. The allegations come in the wake of the Cambridge Analytica scandal, where harvested data was used for advertising during elections.

The action is being led by journalist Peter Jukes, who claims that his data was compromised by Facebook. Facebook spoke to the BBC [3], arguing that there was no evidence that UK or EU users’ data was ever transferred to Cambridge Analytica.

A Facebook spokesman said: “The Information Commissioner’s Office investigation into these issues, which included seizing and interrogating Cambridge Analytica’s servers, found no evidence that any UK or EU users’ data was transferred by [app developer] Dr [Aleksandr] Kogan to Cambridge Analytica.”

The case being brought forward against Facebook will put forward the point that a loss of control of users’ data will warrant individual compensation.

Scottish Borders Council accidently exposes personal data in group email

Scottish Borders Council was forced to apologise for a data beach which affected around 600 customers. The council emailed over 1,000 residents about their eligibility for a payment due to their receipt of free school meals, only to send three emails with all recipient email addresses visible.

The BBC [4] report revealed that the council has ‘apologised unreservedly’ for the breach and the distress that it has caused for those affected. The payments have not been altered and the individuals affected will still receive them as planned.

Anyone who was affected by the breach with additional concerns has been urged to get in touch with the council’s data breach protection team.

Hackers responsible for British Mensa hack publish private messages on public forums

The hackers responsible for the British Mensa data breach have published private messages between members of the group on to public forums. The Mensa website was briefly inaccessible following the initial attack, as the board investigated a security issues that led to the resignation of two of its members.

The Times [5] reported that former technology officer Eugene Hopkinson and his partner Emily Shovlar both quit Mensa, claiming that the organisation was not willing to share the details of the attack with them.

In February, 700 private messages between members were made public. Mensa have been approached to comment on the recent development, but a spokeswoman refused to comment, stating that Mensa did not wish to compromise an investigation by the ICO.

Foxtons customer data exposed on dark web

Customers of the UK estate agency Foxtons have had their financial details exposed on the dark web following a malware attack that took place in October. Foxtons assured its customers that no sensitive data had been stolen at the time.

As per a report in ITPro [6], anyone with access to the dark web can view 16,000 card details, addresses and private correspondence belonging to Foxton Group customers prior to 2010. The details have been available since October 2020 and, since then, the files have been viewed over 15,000 times.

It is said that around 20% of the analysed cards details stolen in the attack are still active, which means anyone affected by the breach needs to be informed so that they can take appropriate action. Foxtons reported the breach to the ICO in 2020, but it is still likely that they will face a fine for failing to keep these sensitive details secure.

A spokesperson for Foxtons has claimed that the company has carefully been through the stolen data, noting that they are not usable by third parties and will not cause financial loss or harm to affected customers.

What to do if you or a client need help with a data breach

If you require expertise in the field of data breaches, or you are concerned that you may be a victim, the team at Hayes Connor are on hand to provide all the expert advice you need.

Hayes Connor take on cases directly from clients, as well as taking on referrals from other law firms, where specific expertise in handling data breach claims is required to bring forward an effective case.

With a wealth of combined experience across our team, we know exactly how to handle all manner of data breach claims, no matter how big or small, reaching the best possible outcome for our clients.

To find out more about the team’s expertise, or to get in touch about a potential claim or client referral, please head to www.hayesconnor.co.uk [7].