By Legal Futures Associate Hayes Connor [1]
June was as busy a month as ever in the world of cybercrime and data breaches, with a number of different cases cropping up in a variety of sectors.
In June, there were a number of significant data breaches, including schools who were forced to close following cyber-attacks, sensitive patient data being left in an abandoned care home and a major video games developer admitting that data belonging to their users is freely circulating on the internet.
Read on to learn more about some of the biggest data breaches to hit the UK in June 2021.
GP’s mistakenly given online access to colleagues’ pensions data
A number of GPs were mistakenly given access to other people’s sensitive pensions data, despite logging into their own account on the new Primary Care Support England (PCSE) portal.
Pulse [2] reported that, when GP’s would look at their own accounts, the system would bring up a list of other people and their pension numbers. With this information, it would be possible to access someone’s complete payment details.
PCSE claim that they cannot find any record of complaints from GPs about the issue, though this is in contrast to multiple reports. This includes an account from Hampshire GP and information governance lead DR Neil Bhatia, who said that he reported the issue directly to PCSE.
A spokesperson for the British Medical Association (BMA) said: “It’s vital that the new system is fully secure and compliant with data protection legislation, and that only relevant staff with appropriate permissions are able to access employees’ pension details when necessary.
“We would welcome assurances from PCSE and NHSEI that this is the case, but if there are instances where it is not we would urge any GPs or practices to contact the BMA with details.”
Anglesey cyber attack affects island’s five secondary schools
All five of the secondary schools on the Isle of Anglesey were hit by a cyber attack in June, which meant that sensitive personal data was potentially compromised, including emails.
As reported by BBC News [3], The County Council were forced to shut off IT systems at all five of the schools to contain the incident, but it was warned that the schools were all likely to see disruptions.
Anglesey Council chief Annwen Morgan stated: “We discovered the cyber-attack on Wednesday and moved quickly to bring in a team of specialised cyber-technology consultants to investigate. The National Cyber Security Centre will also be providing us with support to resolve matters.
“There is likely to be some disruption at the schools over the coming weeks as systems may need to be restored and others remain offline.
“We are working closely with other partners to support our secondary schools. Although we are not currently able to confirm that there has been a data breach, the Information Commissioner’s Office has also been made aware of the incident.”
Confidential patient records left in abandoned care home
Boxes of confidential patient records, staff notes and sensitive files have been found in a derelict Norfolk care home, constituting a serious data breach.
The Eastern Daily Press [4] reported that Pine Heath nursing home in High Kealing, which closed in 2017 and has since been left abandoned, was a cause for concern among locals. A reporter for the publication was able to easily gain access to the site where they then found piles of discarded private data.
This included one room where boxes of nursing records dating back more than a decade, with photographs of former residents also stuck to the front. In another part of the building, an unlocked cabinet containing dozens of staff records, such as holiday forms and p45s.
A spokesperson for Norfolk City Council said: “Everyone has a right to expect their personal information to be stored securely, and the failure of the former care provider at Pine Heath to do so is a serious breach of both Data Protection legislation and their contractual obligations to Norfolk County Council.”
Schools in Kent forced to close after data breach
Two schools in Kent were forced to temporarily close after it was reported that hackers had broken into their servers, stealing data including encrypted pupil information.
As described by BBC News [5], officials at Skinners’ Kent Academy and Skinners’ Kent Primary School are unsure exactly what information hackers were able to access, but they have urged parents to let their banks know that their personal details could have been compromised.
The relevant authorities, such as Action Fraud and the National Cyber Centre, are said to be investigating the incident. This is alongside the police, who are currently carrying out their own enquiries into the incident.
A spokesperson for Skinners Kent Academy Trust said: “The trust is working incredibly hard to ensure that our students and pupils are back in our schools…..as soon as it is possible to do so.”
Video game developer CD Projekt admit user data is circulating online
CD Projekt, the video games developer behind Cyberpunk 2077 and The Witcher series, had confirmed that company data was obtained during a ransomware attack earlier this year and is now being circulated online.
As reported by ITPro [6], the developer had a portion of its internal systems compromised by the ‘HelloKitty’ hacker group, who obtained company data as well as encrypting a number of developer devices.
The stolen data has reportedly been auctioned off on the Dark Web in a ‘charity fundraising’ even organised by the hackers.
The developer announced: “We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.”
What to do if you or a client need help with a data breach
If you are looking for expert advice in relation to data breaches or you think you may have fallen victim to a data breach, the team at Hayes Connor will be on hand to provide you with the tailored advice you need.
Hayes Connor take on cases directly from clients, as well as taking on referrals from other law firms, where specific expertise in handling data breach claims is required to bring forward an effective case.
With a wealth of combined experience across our team, we know exactly how to handle all manner of data breach claims, no matter how big or small, reaching the best possible outcome for our clients.
To find out more about the team’s expertise, or to get in touch about a potential claim or client referral, please head to Hayes Connor [7].