June 2022 data breach roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

The month of June saw several data breach incidents across a range of sectors, from the food industry to a German energy provider.

The vast majority of this month’s data breaches were due to cyber attacks made by cyber criminals, with three different sectors impacted.

To find out more information on the various data breaches that happened in the month of June, keep reading.

Deutsche Windtechnik Suffers Cyber Attack Leaving UK Employee Data at Risk

A wind turbine maintenance and repair company based in Germany was subject to a ransomware attack on its systems between the 11 and 12 of April.

Those responsible for the cyber incident were later discovered to be professionals after a forensic analysis was conducted. During the attack, they left an electronic ransom note making demands to the company in order to restore the systems. Deutsche Windtechnik isn’t the first to suffer, with a string of attacks on similar businesses, including Nordex.

In a statement posted, Deutsche Windtechnik shared, “As we previously reported, we were able to reactivate the remote data monitoring connections to the wind turbines after 1-2 days, which had been switched off for security reasons,

“We are very happy that the wind turbines that we look after did not suffer any damage and were never in danger. Deutsche Windtechnik’s operational maintenance activities for our clients resumed again on April 14 and are running with only minor restrictions.”

The incident has since been reported to the German Federal Office for Information Security (BSI).

Ready meal business experiences cyber attack leaving systems impacted

Parent company Apetito and its child company Wiltshire Farm Foods, a supplier of ready meals, suffered from a cyber incident at the weekend of the 26 of June.

Those responsible were able to enter the company’s security systems, leading to the IT systems being impacted and causing disruptions, particularly with the supplier’s food deliveries. The company provides ready meals for Meals on Wheels, in addition to care homes, nurseries, hospitals, independent schools, local authorities and charities in the local area.

The company have confirmed that they do not hold debit or credit card details on their system.

The chief executive, Paul Freeton, expressed: “Our Crisis Management and IT teams (assisted by specialist externals partners) are working all hours to bring critical systems back into operation as soon as possible. However, we expect significant disruption in the coming days while we address these issues.

“We appreciate that this situation will cause substantial inconvenience for our customers. We are doing everything we can to resolve the situation and will have a clearer understanding of timescales involved as our recovery work progress.

“We are seeking to establish whether any identifiable information (PII) has been compromised. We will make any required communications to customers and with the Information Commissioner’s Office (ICO). We are confident that credit/debit card data has not been compromised as we do not hold this on our systems.”

DVLA violates data protection laws after passing personal details to private parking firms

The UK’s data watchdog conducted an investigation into how the Driving and Vehicle Licensing Agency (DVLA) were passing on motorists’ personal details to private parking firms when issuing parking fines after numerous complaints had been made and found they had been breaching UK data protection laws.

Despite the ICO claiming that the DVLA “was not using the correct lawful basis to disclose vehicle keeper information”, no fine has been issued to the government agency after confirming that while it was a breach, they are still allowed to pass on motorist details for unpaid parking fines where there is a reasonable cause to do so, but only through the correct lawful process.

The ICO will not award compensation for this matter, but it is, however, expected that previous methods could leave the DVLA liable for receiving compensation claims.

Scott Dixon, a parking expert and author, expressed: “By using the wrong lawful basis, it cannot be disputed that the DVLA has breached the UK GDPR Data Protection Act 2018.

“Motorists have suffered a serious detriment by the DVLA’s unlawful actions … This is not a technical infringement. This ruling contradicts what the ICO says within their own guidelines for organisations to adhere to.

“I believe motorists are entitled to compensation from the DVLA, as they have suffered detriment as a result of the DVLA using the wrong lawful basis and wrongly using their powers within the scope of the UK GDPR Data Protection Act 2018.”

A DVLA spokesperson said: “There is no doubt, as confirmed by the ICO in its published opinion, that the release of data to private parking firms is lawful.

“The ICO’s opinion reflects a legal technicality around processing conditions, and also acknowledges it will make no difference to the outcome of data sharing. This has no bearing on the release of data nor does it affect customers in any way.”

The DVLA insisted that it took its data protection responsibilities seriously and has robust safeguards in place around the release of data to private parking companies. This includes the requirement for a parking firm to be a member of an accredited trade association.

UK deliveries impacted after cyber incident suffered by Yodel

Well known delivery service company Yodel has been targeted in what is presumed to be a ransomware attack over the weekend of the 18 and 19 of June.

The cyber incident has meant the company has been unable to carry out certain deliveries due to distribution delays, in addition to the tracking software being down.

There is confirmation from Yodel that no debit or credit card details have been stolen. This is due to the company not holding or processing such sensitive information on their systems.

While no official statement has been released by Yodel, on the FAQ section of their website, a response to a question confirmed the cyber incident suffered by them: “As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by a digital forensics group,” it said. “We are deploying all efforts to resolve the situation as quickly as possible and continue to work closely with authorities and law enforcement.”

A spokesperson from Yodel said the business has “made significant progress in restoring a number of essential IT functions following the cyber incident.

“Tracking services for clients and customers are once again ‘live’ and this will support the recovery of our regular operations and allow the business to begin to urgently tackle any delayed deliveries. We continue to monitor the tracking systems and expect to see further improvements as we return to normal,” the spokesperson added.

“This remains a complex situation, but rest assured all of Yodel’s management and people continue to work with clients and customers to meet their expectations and standards. Yodel is sincerely sorry for any disruption and inconvenience that may have been caused to clients and customers alike.”

What to do if you or a client needs help with a data breach

If your data has been compromised in a data breach incident, it’s important to immediately seek legal advice from a professional.

The specialist team at Hayes Connor can assist no matter who you are or your circumstances. Whether you’re an individual whose data has been compromised or are a law firm looking to refer a client, the Hayes Connor solicitors are on hand to help.

Hayes Connor has one of the largest teams of data breach solicitors across the UK and are experts in the field, having years of collective experience assisting a wide range of clients. When you instruct the team at Hayes Connor, they will carefully listen to the situation you have experienced and how it has impacted you, and from this, they can provide advice and practical guidance tailored specifically for you and your needs.

If you are interested in learning more about Hayes Connor’s data breach expertise or wish to enquire about a potential claim or client referral, please don’t hesitate to contact Hayes Connor, where the team can assist.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation