November 2023 data breach roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

With the year almost at a close, there are no signs to suggest that we will be leaving data breaches behind in 2023.

Major global companies and the Royal Family were among those at the centre of data breach incidents in November, with plenty of victims being compromised as a result.

To find out more about some of the most significant data breaches to take place in November, be sure to read on below:

Hackers expose British Library data to dark web

The British Library has confirmed that, following a ransomware attack, user data has been exposed and offered for sale on the dark web.

The notorious ransomware group Rhysida claim to be responsible for the attack, which is still said to be affecting its website, online systems and some onsite services. An image shared to Rhysida’s leak site on the dark web showing various documents, some of which appear to be HMRC employment contracts and passports.

The cyber gang claimed that the price for data was set at 20 Bitcoin (£596,459).

The British Library posted on X to confirm the news, stating: “Following last week’s confirmation that this was a ransomware attack, we now have evidence that indicates the attackers might have copied some user data, and additional data appears to have been published on the dark web.

“We will continue to work with cybersecurity specialists to examine what this material is and we will be contacting our users to advise them of the practical steps they may need to take.

“If you have a password for British Library services that you use on other websites, we recommend you change it elsewhere as a precaution.”

Samsung UK customers’ details leaked

The personal contact details of some of Samsung’s UK customers have been leaked online after being they were unlawfully obtained in a data breach. This occurred after an unauthorised individual exploited a vulnerability in a third-party business application used by the tech giant.

The customer data involved in the breach includes names, phone numbers, addresses and email addresses of customers of Samsung UK’s online store. The number of customers that have been affected has not been disclosed.

The affected individuals include certain customers who made purchases on Samsung’s e-commerce site between July 1st 2019 and June 30th 2020.

A statement from Samsung read: “We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained.

“No financial data, such as bank or credit card details, or customer passwords, were impacted.

“We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.”

The ICO have responded to the incident, with a spokesperson stating: “Samsung has made us aware of an incident and we will be making inquiries.”

Royal family medical data at risk of exposure

Medical data belonging to members of the UK royal family is at risk of exposure following a threat from ransomware group Rhysida. This threat comes after the computer systems of King Edward VII’s Hospital were breached.

In the wake of the incident, a ransom demand was made by the group, which saw them post images of what they claim to be stolen files from the Hospital. This included X-rays, consultant letters, registration forms, handwritten clinical notes and pathology firms.

The attackers say that they intend to release the information unless they are paid £300,000 in bitcoin.

A spokesperson for the Hospital, which has previously treated royals such as the Process of Wales and Prince Phillip said that a “limited amount of data was copied” in the incident which primarily affected “benign hospital systems” data. “We took immediate steps to mitigate its impact and continued to offer patient care, largely as normal.” they added.

The UK National Cyber Security Centre (NCSC) has confirmed that it is engaging with the hospital to understand the impact of the incident.

Speak to our legal experts about a data breach

The impact of a data breach cannot be underestimated. In many cases, they can be the cause of widespread disruption and distress, leading to direct financial losses in some cases.

Organisations that handle personal data are legally obligated to keep it secure. If for any reason they fail to uphold this obligation, victims may be entitled to make a claim for compensation.

At Hayes Connor, our specialist data breach solicitors have a wealth of combined experience and expertise which they use to help victims of data breaches. As such, we are in the strongest position to advise you on how best to proceed.

In every instance, our team will take the time to clearly establish the details of your case, the impact it has had on your life and the level of compensation you may be able to receive.

For further information on our data breach expertise and how we handle such claims, see here.

To start a data breach claim, you can use our online claim form.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation