November 2021 Data Breach Roundup

Hayes Connor SolicitorsBy Legal Futures Associate Hayes Connor Solicitors

There was a wide range of data breaches in November that took place across various sectors, both locally and internationally.

In November, some of the most notable data breaches included data from county schools in Kent being leaked to the dark web, patient records having to be destroyed after being abandoned at a former care home and the high-profile data breach involving the Labour Party.

Read on to learn more about some of the biggest data breaches that took place in November 2021.

Labour Party members see their data exposed in breach

The Labour Party experienced a significant data breach in November after the third party responsible for handling membership data on their behalf was hit by a cyber-security incident. Said incident rendered data inaccessible on the party’s systems.

The BBC News report on the breach outlined that a ‘significant quantity’ of data had been compromised, affecting members, registered and affiliated and supporters, and other individuals. However, it has not been clarified exactly how the breach occurred, nor what the data includes.

Richard Forrest, Legal Director at specialist data breach legal experts Hayes Connor, which is helping some Labour members potentially affected by the breach, said: “This is a real worry for everyone who has contacted us so far. The most important thing the Labour party has to do – immediately – is to let those who have been affected know exactly what has happened. What data has been breached? Is it financial? What steps have been taken to protect any other information?

“People need to know. If it is financial information, then they need to be able to take steps to protect their bank accounts. If it is other personal information, then they need to know so they can take the necessary steps to protect themselves.”

GoDaddy data breach exposes 1.2 million customer details

Hosting company GoDaddy has confirmed that around 1.2 million users have been affected by a data breach on its WordPress hosting service.

As per ITPro, GoDaddy was subject to a hack that exposed email addresses, customer numbers, administrative login credentials and SSL private keys. The original administrative passwords for the managed WordPress accounts might have also been available to the hacker responsible for the attack, putting these accounts at risk if the credentials were still in use.

GoDaddy also discovered that the intruder had been inside the system since September, meaning they had access to the data for over two months. In response to the incident, GoDaddy has worked with a forensic company and taken steps to safeguard its systems.

“We are sincerely sorry for this incident and the concern it causes for our customers,” the company said in a statement.

“We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

Hackers leak Kent school files following cyber attack

Various limited files containing data related to county schools in Kent were posted to the dark web in November. Currently, investigations are still being carried out the establish what the data relates to and whether any affected users could be identified.

As per Kent Online,  The recent development is linked to a cyber-attack that took place in June 2021. The incident targeted Kent Learning Zone, part of an education network run by Cantium.

A spokesman for Cantium said: “We are working closely with the relevant authorities and the Information Commissioner’s Office to establish what happened.

“We would like to reassure customers that we take the safety and security of their data very seriously and are working hard to protect and inform all stakeholders at this time.

“Cantium has retained the services of legal counsel to advise on regulatory and reporting obligations.

“We will be in touch again with guidance and assistance, as appropriate.”

Patient records destroyed after care home data breach

Norfolk County Council were forced to destroy a number of sensitive records after they had previously been left abandoned at the sight of a former care home. The company responsible for running the care home, Diamond Care (UK) Ltd, has since shut down, meaning they were unable to deal with the records themselves.

North Norfolk News reported that the records left behind at the site of the former care home included confidential patient records, staff notes and other sensitive files. The Information Commissioner’s Office (ICO) was drafted in to conduct an investigation into the breach when it was initially discovered.

An ICO spokesperson confirmed this, saying: “Norfolk County Council made us aware of an incident where personal data was left unsecured by Diamond Care (UK) Ltd at the former Pine Heath care home.

“As Pine Heath has ceased trading, the council confirmed it has secured the data and has arranged its destruction. After considering the information provided, we concluded no further action was necessary.”

Dorset Council due to be investigated for data breach

Dorset councillors have been informed that a potential data breach has been reported to the ICO. Though the breach is not said to be a ‘major issue’, there is no further information available to explain what data has been compromised and exactly what happened.

The Dorset Echo reported that the breach is said to be limited to one council department and has been flagged as ‘amber’ in the council’s traffic light risk grading. The Local Democracy Reporting Service (LDRS) have noted that the breach was first identified in September.

Cranbore and Alderholy Cllr David Trooke expressed his concern over the breach, noting that it should not be taken lightly: “It could be technical or trivial, or it could be very serious. We need to know which end of the stick we are holding.”

He also called for clarification on why there were 11 data breaches involving Dorset Council, which were investigated last year, but so far this year, the Council were only looking at three.

What to do if you or a client need help with a data breach

If you are a victim of a data breach or you need some further guidance, the team at Hayes Connor are able to offer the tailored advice you need.

Hayes Connor are able to take on cases directly from clients, in addition to taking on referrals from other law firms who think that specific expertise is required to bring forward an effective case.

With a wealth of combined experience across our team, we know exactly how to handle all manner of data breach claims, no matter how big or small, reaching the best possible outcome for our clients.

To find out more about the team’s expertise or to get in touch about a potential claim or client referral, please head to Hayes Connor.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation