March 2022 data breach roundup

Hayes Connor SolicitorsBy Legal Futures Associate Hayes Connor Solicitors

The month of March saw several data breaches occur in the UK and internationally. The breaches happened through a collection of human errors alongside a number of cyber attacks.

The Isle of Wight seemed to be hit hardest with two data breaches, one of which revealed sensitive details concerning children.

Read on to learn more about the variety of significant data breaches that happened in March 2022.

Cyber attack on UK ferry operator compromises customer and staff personal data

Wightlink, a ferry operator, was a victim of a cyber attack, with a number of customer and staff’s personal details potentially compromised.

The ferry operator based in the UK transports more than 4.6 million customers between Hampshire and The Isle of Wight, with 100 daily sailings.

According to the business, their back-office IT systems were affected in the breach. The business expressed, “Unfortunately, despite Wightlink taking appropriate security measures, some of its back-office IT systems were affected by a cyber-attack last month.

“However, this criminal action has not affected Wightlink’s ferries and FastCats, which have continued to operate normally during and following the attack, nor were its booking system and website affected.”

Once Wightlink was made aware of the breach, they were quick to appoint a third party to investigate the cyber attack. All customers who are believed to have been affected by the cyber attack have been made aware

In addition to appointing a third party to investigate and assess, the South East Regional Organised Crime Unit is looking into the matter.

The Isle of Wight council accidentally share personal data identifying children

An employee working for The Isle of Wight Council unintentionally sent personal details of 90 home-schooled year 11 students to parents.

The human error data breach revealed various personal information concerning the affected children, including their addresses, gender status (including transitioning gender) and details regarding special educational needs.

The email was intended to be related to further education plans but instead attached an additional document including these details.

The Isle of Wight Council spokesperson explained, “In line with the council’s protocols, the email was recalled twenty minutes after sending and a follow up email was also sent to recipients asking them to delete the original email without opening it.

“The email was sent to around eighty addresses and the council would like to apologise to all of the families listed in the document that was incorrectly attached and would be grateful for their support in deleting the original email sent in error.”

Scottish mental health charity SAMH targeted in cyber attack

A mental health charity based in Glasgow that supports young people and adults across 60 Scottish communities was involved in a cyber attack on the 19th of March.

The impacted charity is known as the Scottish Association for Mental Health (SAMH). The cyber attack threatened the company’s national and local offices, including their email systems and some of their phone lines.

It’s been uncovered that the RansomExx ransomware group were responsible for the cyber attack on the charity after they claimed credit for the incident. They explained how they had stolen around 12 GB worth of data from the charity.

Since the attack happened, the SAMH confirmed that they are working with third parties across Scotland to investigate the matter and how best to assist those unfortunately affected, including Police Scotland.

The chief executive of SAMH, Billy Watson said, “My thanks to our staff team who, under difficult circumstances, are finding ways to keep our support services running to ensure those they support experience as little disruption as possible. We are working closely with various agencies including Police Scotland – this is an active investigation. We will continue to take the best expert advice to assist us in effectively dealing with this situation.”

Sensitive documents blown into gardens and gutters after falling off truck

Seven hundred sensitive documents belonging to Brent Council were scattered across the streets of North London into resident’s gardens and gutters after they fell off a bin collection truck belonging to Veolia when on the way to a depot in Croydon.

The documents contained personal information, including full names, addresses, and confidential matters of residents located in Brent.

A spokesperson for Brent Council expressed their apologies “We sincerely apologise to the Brent residents affected by the data breach by our waste contractor Veolia. As soon as we were made aware of the error we took immediate steps, together with our contractor, to recover the information.”

Once the data breach was made apparent, the council attempted to swiftly resolve matters by collecting the scattered documents and directly contacting the Information Commissioner, making them aware of the situation at large. The matter is currently being investigated to discover how the breach occurred and how it can be prevented from ever occurring again in the future.

The council’s confidential collection arrangement with Veolia has been suspended, with no confirmation as to when or if it will resume.

In addition to Brent Council’s apology, Veolia has issued its regret “We would like to apologise to all residents who have been affected by this unacceptable incident and have taken immediate action to recover and secure any confidential waste. We take this matter extremely seriously and are conducting an urgent investigation into the circumstances of this incident and will continue to work closely with Brent Council in order to limit any impact.”

Crypto hack leads to $615 million being stolen from customers

A cyber heist that occurred on the 23 March resulted in almost $615 million stolen from a blockchain network.

The original amount stolen was $540 million but due to current exchange rates is now worth $615 million. The cryptocurrency theft is reported as the second-largest theft on record to have happened.

The blockchain network Ronin is well-known for allowing players of one of the world’s most popular online games Axie Infinity, that launched in 2018, to exchange digital coins earned in the game for cryptocurrencies. The funds were stolen from a digital wallet that stores the crypto and the “bridge”, which moves the crypto in and out of the game.

The cyber attack happened when a hacker used stolen passwords to access the funds. It’s not yet known who is responsible for the hack, but investigations are being made in hopes to catch the criminal(s).

What to do if you or a client needs help with a data breach

Where you are a victim of a data breach, it’s essential to seek specialist legal expertise. Our team of data breach solicitors at Hayes Connor are available to assist you in making a compensation claim.

At Hayes Connor, we are ready to assist whether you are a law firm looking to refer a client needing expert data breach assistance or are an individual needing guidance.

The team at Hayes Connor are one of the largest data breach teams in the UK. They will take the time to carefully understand your situation and the impact it has on your wellbeing and general life. From this, they can provide tailored advice and assistance to obtain the outcome you desire.

If you are interested in learning more about Hayes Connor’s data breach expertise or wish to enquire about a potential claim or client referral, please don’t hesitate to contact Hayes Connor, where the team can assist.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation