May 2023 data breach roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor

We’re almost halfway through the year already, and the number of data breaches taking place in the UK continues to mount.

The past month saw data breaches in a variety of sectors, including the NHS, local councils, Discord and the National Smallbore Rifle Association.

To find out more about the some of the most significant data breaches to take place in May, be sure to read on below…

NHS trust patients exposed to widespread data breach

It has been revealed that 20 NHS trusts in England, serving a collective population of more than 22 million people, have collected and shared patient information with Facebook without prior consent. The independent investigation noted that the NHS trusts in question used a covert tracking tool, Meta Pixel, to gather and share the information.

The information is likely to include special category health data, which is considered to be extremely sensitive data. While it cannot be determined exactly how the data has been used by Facebook, if at all, it raises a number of very pertinent issues concerning the way the NHS trusts handled the information of their patients.

NHS England have stated that individual trusts are responsible for adhering to data protection laws, with a spokesperson saying: “The NHS is looking into this issue and will take further action if necessary.”

One of the NHS trusts found to have been using the Meta Pixel, Buckinghamshire Healthcare NHS trust, apologised in a statement to patients which read: “It [the Meta Pixel] was installed in relation to a recruitment campaign, and we were not aware that Meta was using this information for marketing purposes. Immediate action has been taken to remove it.”

South Lanarkshire Council reveal personal details of workers

The personal details of up to 15,000 employees of South Lanarkshire Council have been mistakenly shared online in response to a Freedom of Information (FOI) request.

The information leaked by the local authority is said to have included salaries and National Insurance numbers.

The FOI application requested details of staff pay grades, with the response intending to include anonymised data. Details on the second page of the response were not anonymised, due to a human error.

A spokesperson for the Council said: “Unfortunately as a result of human error, the spreadsheet contained a second page of personal data that had not been anonymised. The error was noticed by the council and we arranged for that data to be removed.

“To the best of our knowledge the information was not accessed, and we believe the data could not be used in a way that would be harmful to those involved.”

Capita data breach leaves multiple organisations in the lurch

A substantial cyber attack against Capita in March has caused widespread disruption, with around 90 organisations having subsequently filed data breach reports to the ICO.

Capita, which is used by a large number of public and private organisations, handle the personal information of millions of people. Based on the reports that have been filed, it’s been estimated that hundreds of thousands of people are now being warned that they could have been affected by the attack.

The ICO is now encouraging any organisations who work with Capita to see whether any personal data they hold has been affected by either the initial cyber attack, or the exposed data.

Capita have commented on the situation, stating: “Capita continues to work closely with specialist advisers and forensic experts to investigate the cyber incident and we have taken extensive steps to recover and secure the data.”

Data belonging to discord users exposed in data breach

After the account of a third-party support agent was compromised, Discord users have been notified of a data breach affecting their personal details.

The support agent’s ticket queue was hit by the breach, meaning user’s email addresses, any messages exchanged with Discord support, and any attachments sent as part of the tickets.

In response to the breach, Discord has claimed that the issue was addressed immediately and the support account in question was disabled.

“As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine.” A statement read.

“While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts.”

NSRA data breach puts UK gun owners at risk

The National Smallbore Rifle Association (NSRA) have revealed that they were the victim of a cyber-attack which targeted their ‘legacy’ servers which contained working documents.

The NSRA claim to be unable to reach the servers, meaning they cannot currently confirm who has been affected by the attack and what information may have been compromised.

Data breaches involving firearm users can be particularly significant, as this type of information can be very valuable to criminal gangs.

In a statement on their website, the NSRA confirmed that they are speaking to the relevant authorities in an attempt to find a swift resolution to the matter: “We have engaged with the National Crime Agency (NCA) and National Police Firearms Licensing to assess and mitigate any additional firearms risk around the data which has been compromised.”

What to do if you or a client needs help with a data breach

Discovering that your personal information has been misused or exposed via a data breach can be incredibly distressing. Even in situations where you have not suffered a direct financial loss, you could still be within you rights to make a claim for compensation. This is something the team at Hayes Connor can advise you on.

Hayes Connor are one of the largest teams of dedicated data breach specialists in the UK, with years of collective expertise in advising clients on all types of data breaches. They will be in the best possible position to offer you pragmatic advice that is tailored to your circumstances.

When instructed, the team will take the time to understand your situation in detail and the impact that a data breach has had on your life. From here, they can then proceed to advise you on the available options and provide the strongest possible representation.

If you need any assistance with making a data breach compensation claim, don’t hesitate to get in touch with Hayes Connor today.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation