By Legal Futures Associate Hayes Connor Solicitors
July saw a number of data breach incidents, with the education sector being hit particularly hard, including an email blunder incident and another where cyber criminals released sensitive information on the dark web after no compliance to their ransom requests.
To find out more about the impact on the UK education sector and the errors of two councils that happened in July 2022, keep reading to find out more.
Personal data of City College Norwich applicants released in email blunder
It has been revealed that the City College Norwich is responsible for a data breach that happened back in August 2021 after one of their college’s customer service team made a human error.
When the incident occurred, the team member was exchanging communication when they mistakenly attached a spreadsheet called “P2E links for scheduled applicants” which enclosed sensitive data about the college’s applicant for the next schooling year.
The spreadsheet included important and private details such as full names, telephone numbers, postal addresses, email addresses and other information which identifies the applicants. The parent of the applicant expects her child’s details were also included in the spreadsheet.
The customer service team asked the parent to delete the attachment but has revealed she heard nothing more about the data breach incident.
The Norwich Evening News notified the college, who has since revealed a thorough investigation will be made into the data breach incident. The college’s principal, Corrienne Peasgood, stated, “I can confirm that we take any reports of data breaches very seriously and as data controller, I will investigate this historic incident as best I can.”
Sensitive details accessed during a major cyber attack on Gloucester Council
A councillor has disclosed that, following a cyber attack on Gloucester Council’s IT systems in December 2021, residents living in Gloucester have had their personal data accessed by those responsible for the cyber attack.
It is thought those responsible for the data breach are connected to hackers operating out of the former Soviet Union.
While the council has not explicitly spoken about the incident, councillor Alastair Chambers (Independent, Matson, Robinswood and White City) further mentioned that details exposed included signatures, home addresses, national insurance numbers, bank account details and driving licences.
Before these details were revealed, the deputy leader Hannah Norman (C, Quedgeley Fieldcourt) stated, “At the moment we are working with ICO when we are able to respond more fully we will. This is currently subject to an active investigation. No conclusions have been taken.”
Children at risk of grooming gangs after sensitive information is leaked to the dark web
Vice Society, a criminal group who have recently hacked five schools and a sixth form college across the UK and accessed and stole sensitive details, has leaked the taken sensitive details onto their page on the dark web.
The schools affected include Pilton Community College, The De Monfort School, St Paul’s Catholic College, Carmel College and Mossbourne Federation. It’s thought the reason for this leak onto the dark web was due to these schools not paying the ransom money requested by those responsible.
Some of the personal data that was leaked onto their website include photocopies of passports, disciplinary records and reports about child protection for students who are vulnerable.
A retired colonel, Philip Ingram, who worked for military intelligence, expressed, “The dark web is used increasingly by serious and organised criminals for a variety of purposes. They look for vulnerability in kids when grooming them for things like running drugs along county lines, for exploitation in paedophile rings or recruitment by terrorist and extremist groups. Any advantage they can get where they can access schoolkids’ information, especially if it highlights vulnerability, would be a benefit to them.”
Letters addressed incorrectly sent to thousands of homes across Liverpool
Ten thousand letters were incorrectly addressed and sent out by the Liverpool council before the mistake was rectified.
The letters were concerning the council tax energy rebates, containing information on how to claim the £150 rebate for those who do not pay by direct debit. The data breach occureed as they were addressed to the wrong people.
Once the blunder was realised by the council, they confirmed they would be sending out a new letter with the same information on claiming as before and added details about destroying the original letter.
The data breach has additionally been investigated by the Information Comissioner’s Office (ICO), but after taking a look into the situation, a decision was made by the UK watchdog to close the case and take no further action against the council.
An ICO spokeswoman said, “After carefully reviewing the information provided, we gave data protection advice and recommendations to the council and closed the case with no further action.”
What to do if you or a client needs help with a data breach
If you have unfortunately suffered from a data breach, it can be a concerning time, so it is crucial to acquire legal advice and guidance from a professional. The solicitors at Hayes Connor can ensure your financial and mental suffering is compensated for through a data breach compensation claim.
Whether you or a client you wish to refer needs assistance with a compensation claim, the team at Hayes Connor can deliver advice aligned with the data breach situation.
Should you need assistance from the Hayes Connor specialists, you can be confident in receiving a personalised and skilful service. The team are one of the largest firms across the UK and has decades of collective expertise assisting clients in all types of data breach scenarios.
When you choose to instruct the lawyers at Hayes Connor, they will take the time to carefully and sensitively understand your circumstances, allowing them to provide a service that reflects your position and achieve the best result.
If you need assistance in making a data breach claim, wish to refer a client or want to learn more about the Hayes Connor’s teams experience, please don’t hesitate to contact Hayes Connor, where their specialist team can assist.
