By Legal Futures Associate Hayes Connor Solicitors [1]
January saw several data breaches that took place across the UK and internationally, particularly in the education sector, with three schools affected, two through human error.
One of the notable data breaches in January was information regarding over half a million vulnerable war victims stolen from the humanitarian organisation, International Red Cross. Another significant breach included a cyber attack on Gloucester Council, presumed to be carried out by Russian hackers.
Keep reading to learn more about some of the most significant data breaches in January 2022.
Russian hackers linked to cyber attack on Gloucester Council
It has been widely reported [2] that for the second time in the last 10 years, Gloucester council have been a victim of a cyber attack.
The council became aware of the attack on 20 December 2021 but is thought to have been dormant for a long while prior to the activation of it.
After an investigation with National Crime Agency and the National Cyber Security Centre was made into the attack, it was discovered that the harmful malware made its way to the council through being embedded into an email.
It was made known to Gloucester Council by anonymous sources that Russian hackers were responsible for the attack.
Despite the awareness of the attack, the website has been unable to fully return to normal, with certain services still affected. Terry Pullen, Labour group leader, expressed “What worries me most is that there seems to be no indication as to when IT systems will return to normal and how long this will impact on both the public and local businesses.” It’s expected the problem could take up to six months to fix, with servers and systems needing to be rebuilt.
Several online services have been affected by the cyber attack, including revenue and benefits, planning and customer services.
Parents of students at Liverpool school targeted by scam email
The Whitby High School suspects a data breach [3] after parents and students involved with the school received an email containing a link, thought to be a scam.
The contents of the email pretended to be associated with the school and asked the receivers to open the attached link. Both current and former students’ parents received emails claiming to be from the school. However, upon further investigations, it was found the sender was located in the USA.
Each email was different, with one parent claiming, “I got one that related to an email conversation in 2020!!” parents of current and former students went to Facebook to express their concerns and to prevent other parents from opening the link.
A spokesman from the school confirmed that they are aware of the emails and suspected data breach and are currently investigating the source.
Human error led to Worcestershire school COVID-19 test mix up
The De Montfort School in Evesham, a secondary school and sixth-form college, accidentally sent several students’ COVID-19 test results to the wrong parents [4].
The school in Worcestershire underwent asymptomatic COVID-19 testing following the government advice after the Christmas period, but upon uploading the results, a human error meant a number of students results were sent to other parents.
One parent, Becky Felton, expressed her anger over the situation after her daughter, Amelia, results were sent to another parent, only for her to find out from that parent instead of the school “I’m not very happy. It was another parent that told me she had received my daughter’s result. This is a serious breach of personal data.”
The school is currently looking into the incident following their data protection policy. Ruth Allen, The De Montford School’s headteacher, stated, “The breach has been investigated following the guidance set out in the Four Stones Multi Academy Trust data protection policy, reported to the Information Commissioner’s Office and found to be the result of a human error.”
Year 11 students’ private data released
A teacher at Greensward Academy in Hockley mistakenly released a document [5] onto Google Classroom containing sensitive information concerning year 11 students.
The document that was accessible to both students at the school and their parents or guardians was a mock examination timetable, but in addition also provided personal details concerning specific students, such as their free school meal statuses, addresses, deprivation statuses, exam dispensations and special educational needs.
Many school students have seen the document and have been using it negatively to discuss other students and their needs. One anonymous student explained, “Kids are going around saying other people are on benefits. Some of my friends are on there and they’re not comfortable that other people know their disabilities or if they are getting free meals.”
The teacher was unaware that the document contained this sensitive information. It was available to view for five days until it was finally noticed and removed by school officials.
The school have since made students and parents aware of the data breach by sending a letter home explaining and addressing how the leak was rectified.
The Educational Support Manager, Tom Gibbs-Digby, said, “The information was only visible to Year 11 students and their parents/carers registers with Greensward Academy and was not visible to any other outside parties, companies or organisations.
“The incident was reported immediately and has been logged with our data controller as a data breach. An investigation has taken place and the staff involved have been given training and guidance in an effort to ensure that this does not happen again.”
International Red Cross have half a million vulnerable peoples data stolen
Confidential details in concern to 515,000 people were stolen in a cyber attack on the International Red Cross [6], many of these individuals already vulnerable war victims.
The International Red Cross are a humanitarian organisation that operates all across the world, helping to protect vulnerable individuals and families from conflict and armed violence, in addition to assisting missing people and detainees.
The stolen data came from more than 60 worldwide Red Cross and Red Crescent national societies. It’s presumed that the external data storing company in Switzerland was the target, yet it is not currently known who stole the data or the reason why.
Whilst there is no indication to presume that the stolen data has been leaked, the ICRC’s Director-General expressed his concern over the matter, stating, “This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
What to do if you or a client needs help with a data breach
The team at Hayes Connor are there to support victims of data breaches. Where you have been a victim or are simply looking for legal expertise, the Hayes Connor team will take the time to understand your situation and provide tailored guidance specific to your circumstances.
Hayes Connor takes on cases directly from the client, or where a law firm has a client who needs a bespoke service from data breach experts, the team can take on referrals.
The team at Hayes Connor have a wealth of experience helping clients with a range of data breaches, from the more straightforward claims to ones more complex.
To learn more about the data breach solicitors experience, or to enquiry about a potential claim or client referral, please head to Hayes Connor [7], where the team can assist.