By Legal Futures Associate Hayes Connor Solicitors [1]
The month of May was fortunate to see fewer data breaches across the UK than any other month this year. However, they didn’t come to a halt, with three human error blunders and a cyber attack on a worldwide used NFT marketplace discord.
The education sector was hit the hardest, with University of Essex students being impacted, alongside primary and secondary school children, including those with special educational needs (SEN).
To find out more about the human error data breaches and NFT cyberattack incident that occurred in May 2022, keep reading below.
University of Essex student’s personal details exposed in data breach
Four hundred plus students that are studying with the University of Essex, which has campuses in three locations, Colchester, Southend and Loughton, have had their personal details exposed through a human error data breach [2].
The data breach occurred on 23 March when a facilities management delivery partner, who was supposed to only send an email requesting payment for a broken door on an accommodation block, accidentally attached a spreadsheet containing exactly 412 students’ personal details.
The personal details that were accidentally shared in the breach contained student IDs, dates of birth and contact details.
A University of Essex spokesperson has expressed: “We are taking this issue very seriously and ensuring our delivery partners understand our high expectations about the management of data. We’ve contacted all individuals involved to offer advice and support.”
Central Bedfordshire Council human error exposes vulnerable children’s personal information
Central Bedfordshire Council were caught in a human error blunder after accidentally exposing personal information concerning special educational needs (SEND) children [3] in the local area.
The data breach occurred when the council were responding to a Freedom of Information (FOI) request about the number of children without school places from Central Bedfordshire SEND Action Group on 9 May. The personal details, including full names, were then published on a public website, whatdotheyknow.com, for a period of time, where anyone could have downloaded the document containing the exposed information.
A Central Bedfordshire Council spokesperson expressed: “Central Bedfordshire Council takes its responsibility of looking after people’s personal data extremely seriously and our employees receive regular training and reminders around protecting personal and sensitive information.
“Regrettably we were made aware of data being accidentally released to a public website on Monday afternoon, but our officers worked swiftly to get the information removed.
“We are extremely sorry to all of those affected and we are in the process of contacting all of the families affected to apologise directly. We have reported the incident to the Information Commissioner’s Office and we will be working positively with them. We have already made changes to our procedures in response to this incident and will quickly act on any feedback from the ICO to make our data protection systems even more robust.”
School children’s personal details exposed following Cornwall Council error
Children and parents’ personal data were publicly shared after Cornwall council made an error [4] when uploading documents for an appeal committee meeting.
Details shared in the data breach included children’s full names, place of school, home addresses, dates of birth, a teenager’s personal email address and mobile phone number, along with parents’ full names, email addresses and mobile phone numbers. Other private and sensitive information was on the document, such as an Education Health and Care Plan (EHCP) for a SEN child and a court document concerning one of the impacted families.
Cornwall council released an official statement saying: “As soon as the council became aware, the information was removed from the website and the families concerned were informed and offered a full apology. The council has notified the Information Commissioner’s Office and will fully cooperate with any formal investigation.
“Cornwall Council takes its compliance with data protection requirements extremely seriously. No loss of control of data is acceptable and the council is clear that when this happens staff must immediately report it.
“Every incident of data loss is treated extremely seriously and thoroughly investigated to minimise any possible harm and to find ways of preventing it happening again. Procedures are regularly reviewed and changed in order to reduce the risk of data loss.”
NFT marketplace, OpenSea’s discord channel hacked
A popular non-fungible token (NFT) marketplace, OpenSea, which is used by users across the world, had one of its main discord channels hacked on 6 May, which as a result led to 13 NFTs being compromised and stolen from user’s wallets [5].
Once the hackers accessed the discord posing at OpenSea, they proceeded to post fake announcements across the discord, one of which directly linked to a phishing site that resembled YouTube. From this, several NFTs were stolen, valued at just under $20,000.
OpenSea were unable to access the discord for a number of days and instead warned their users via Twitter not to click on any links posted.
What to do if you or a client needs help with a data breach
Seeking professional legal advice and support is crucial if you are a victim of a data breach. The specialist data breach solicitors at Hayes Connor will be able to provide assistance in making a compensation claim, helping to cover any losses incurred.
The team at Hayes Connor are on hand to provide expertise whether you are an individual needing tailored advice and practical guidance or are a law firm looking to refer a client.
With the help of Hayes Connor, you can be confident in receiving expert advice, with them being one of the largest data breach firms across the entire UK. The team have years of collective experience and knowledge and will take a sensitive approach to your situation, listening carefully to your personal experience and the impact it has had. From this, they will provide a bespoke service to suit your needs, always aiming to find the best outcome.
If you need assistance in making a data breach claim, wish to refer a client or want to learn more about the Hayes Connor’s teams experience, please don’t hesitate to contact Hayes Connor [6], where their specialist team can assist.