By Legal Futures Associate Hayes Connor Solicitors
There were no shortages of data breaches in July, with a number of different cases cropping up in a variety of different sectors.
In July, significant data breaches included an online learning provider who exposed account information to unauthorised sources, a council exposing rent payments to the general public and the National Lottery Community Fund putting around six years’ worth of data at risk.
Read on to learn more about some of the biggest data breaches to hit the UK in July 2021.
New Skills Academy data breach
New Skills Academy, a major online learning provider based in Hertford, suffered a data breach in July which resulted in account information of its customers being exposed to unauthorised sources.
As per a report from Hackread, the number of users who have been affected by the breach are still unknown, but it has been revealed that the information accessed includes usernames, email addresses and encrypted passwords.
The company is maintaining that physical addresses or financial data such as credit or debit card records were not accessed in the breach.
In a notification sent out to New Skills Academy users, the learning provider stated: “We are writing to inform you of an issue which may involve some of our New Skills Academy customers’ account information.
“We have been notified that online education providers have been targeted by sources looking to acquire user data in recent weeks and, upon investigating our own systems, we discovered that some customer account information may have been exposed to unauthorized sources.”
Oxford City Council expose rent statements to the public
Oxford City Council had to apologise to residents after a ‘computer error’ caused a potential data breach over rent statements. The council was only made aware of the damaging breach when locals raised the alarm that they had received the incorrect rent statement in the post.
Oxford Mail reported that the issue occurred when a new computer system supporting the council’s landlord services to its 7,800 council homes was recently installed. Errors in the system meant that data being transferred from the old system to the new one resulted in a ‘small proportion’ of rent statements being sent to the wrong address.
The council believes that around 80 homes in the area have been affected, however they are still looking to verify that number.
A resident who was affected by the data breach spoke to Oxford Mail, saying: “I received a letter that was addressed to my address but not with my name. I mistakenly did not read the name just opened it and it was a ‘Statement of Main Rent Account’.
“It had another person’s name on it, their reference, their payments and dates, and their addresses.”
The resident was asked by the council to destroy the letter and confirm that he had not shown it to anyone.
National Lottery Community Fund put six years’ worth of data at risk
More than six years’ worth of contact and bank details were exposed following a data breach at the National Lottery Community Fund (NLFC). The data in question is said to include contact details, dates of birth, bank details and applicant organisation’s address and website details.
According to Third Sector, the number of individuals or organisations that have been affected is not yet clear, although it has been confirmed that customers in Northern Ireland, Scotland and Wales have been left unaffected.
The NLCF has stated that, as this is still an ongoing investigation, there is a chance that other personal data might be affected, and it would update its website once it has confirmation.
In an official statement, the NLCF said: “We are looking into the matter fully to understand what has happened, but we need to make any UK Portfolio, England funding or Building Better Opportunities customers who supplied this type of information to us during this date range aware that their data could be at risk.
“We are sorry for the worry and inconvenience this may cause and want to assure all our grant-holders, past, present and future, that we take your personal data seriously.”
Northern Ireland forced into temporary suspension of vaccine passport
Northern Ireland’s Department of Health (DoH) were forced to temporarily halt its COVID-19 vaccine certification online service in response to a ‘data exposure incident’.
BBC News reported that the system was taken offline for several days at the end of July as multiple reports indicated that users were able to see other people’s information. The data breach was reported to the Information Commissioner’s Office (ICO), who stated that it was launching an investigation into exactly what happened.
When asked about the security problems, Dr Eddie O’Neill of the Department of Health said: “The problem wasn’t actually in anything that we built.”
“It (the IT system) was never built for the scale of applications that we’ve been getting – thousands and thousands – and as a result of that just one of the components in the back end just failed.”
“It’s not a failure – I would actually say that we’ve done really well to get something over the line.”
What to do if you or a client need help with a data breach
If you need support and guidance in relation to a data breach, or you believe that you have fallen victim to a data breach, the team at Hayes Connor are on hand to provide you with the tailored advice you need.
Hayes Connor take on cases directly from clients, as well as taking on referrals from other law firms, where specific expertise in handling data breach claims is required to bring forward an effective case.
With a wealth of combined experience across our team, we know exactly how to handle all manner of data breach claims, no matter how big or small, reaching the best possible outcome for our clients.
To find out more about the team’s expertise, or to get in touch about a potential claim or client referral, please head to Hayes Connor.