October 2022 Data Breach Roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

The October European Cyber Security Awareness month, saw a high number of data breach incidents across the UK and internationally, with various sectors being impacted, including two critical government sectors, MI5 and the Home Office.

To learn more about the data breach incidents that occurred in October, keep reading…

Cyber attack impacts South Staffordshire Water

Both current and former employees of South Staffordshire Water have received communications from South Staffordshire PLC, making them aware of a recent cyber attack against their subsidiary company.

The attack initially occurred back in August, with employees having only just been made aware of the incident at the start of October. A statement was released following those responsible claiming accountability for hacking into Thames Water, which was, in fact, South Staffordshire Water’s network.

The criminal group responsible for the cyber attack demanded extortion payments and leaked identification documents they had obtained in the hack to prove their involvement. It is since understood that this sensitive data has been released onto the dark web.

After an investigation was made into the attack, it was found that payroll information was compromised, including full names, bank account details and driving licences. Matters are currently still under investigation by South Staffordshire Water.

Home Office sensitive documents left unattended

The Home Office’s Home Secretary, Suella Braverman, has received a formal warning following sensitive documents left unattended in a public venue in London.

The envelope was labelled “official sensitive”, and the enclosed documents included two Extremism Analysis Unit Home Office reports and a Counter Terrorism Policing report. Within these documents were personal details, including two Metropolitan police staff and a visa applicant.

The reprimand was given due to the Home Office not having an official sign-out process for removing documents off the premises, in addition to failing to report the incident to the ICO within 72 hours, instead reporting it seven months later.

The UK’s Information Commissioner, John Edwards, said, “Government officials are expected to work with sensitive documents in order to run the country.

“There is an expectation, both in law and from the people the Government serves, that this information will be treated respectfully and securely.

“In this instance that did not happen, and I expect the department to take steps to avoid similar mistakes in the future.”

MI5 website taken offline through cyber attack

MI5 or otherwise known as The Security Service, who are responsible for the UK’s domestic counter-intelligence and security body, recently faced a cyber attack on its public website. The attack was conducted by the Pro-Russian hacker group Anonymous Russia.

Those responsible made MI5 aware of the incident after releasing on Telegram, a messaging app.

The attack resulted in the website being down, with Anonymous Russia flooding the website with web traffic.

However, the incident had no impact on the services MI5 carry out, nor was any information compromised as a result of the attack. The incident lasted for an hour before being quickly resolved.

John Edwards, the UK Information Commissioner, expressed, “Government officials are expected to work with sensitive documents in order to run the country. There is an expectation, both in law and from the people the government serves, that this information will be treated respectfully and securely. In this instance that did not happen, and I expect the department to take steps to avoid similar mistakes in the future.”

Lloyd’s of London affected by potential cyber attack

International insurance marketplace Llyod’s of London became aware of unusual activity on their systems on the 5 of October 2022.

After concerns that they had been the target of a cyber attack, all internal systems were reset, along with external systems being disconnected.

The international insurance marketplace hired Mandiant and NTT, a cybersecurity company that launched a full security investigation to determine how the incident unfolded.

“As a precautionary measure, we are resetting the Lloyd’s network and systems. All external connectivity has been turned off, including Lloyd’s delegated authority platforms,

“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded.”

There is no confirmation as to whether the incident was a ransomware attack or who was responsible.

Cyber Criminal steals two million Binance coins

Binance, a cryptocurrency exchange registered in the Cayman Islands faced a security incident on the 6 of Ocober 2022 after a hacker conducted a cyber attack and stole two million BNB tokens valued at $566 million.

The cyber attack led to a temporary network shut down until an investigation had been carried out. Security firm SlowMist initiated an investigation, and it has been determined that $110 million had been moved to another blockchain, while the network shutdown prevented the remaining $430 million from being moved.

Content Lead for BNB Chain Din (Dardania) Havolli explained, “A total of two million BNB was withdrawn. The exploit was through a sophisticated forging of the low level proof into one common library.”

The incident has since been resolved, and Binance’s CEO Changpeng Zhao has confirmed via Twitter that user’s funds are secure.

Binance isn’t the first blockchain bridge to be affected, with others being impacted, including Nomad, Ronin Bridge, Qubit Bridge, Wormhole Bridge, Meter.io Bridge and Poly Network Bridge.

What to do if you or a client needs help with a data breach

If you have experienced a data breach we know it can be a distressing period. Obtaining legal advice and guidance from a legal professional is crucial. The Hayes Connor team can provide  advice and support and help you acquire the compensation you rightfully deserve.

If you need assistance or you are a law firm looking to refer a client to a data breach specialist, the Hayes Connor team can provide the helping hand required.

The team at Hayes Connor are one of the largest data breach firms across the UK, with years of collective expertise supporting clients in all levels of data breach incidents, and will provide pragmatic advice and hands-on experience.

If you choose to instruct Hayes Connor for your data breach claim, the team will provide a bespoke service from devoted lawyers. They will take the time to carefully understand the assistance you require by looking at the facts of your individual case and the impact on you.

If you need expert assistance with a data breach compensation claim, wish to refer a client or want to learn more about Hayes Connor’s specialist experience, knowledge and skill, please don’t hesitate to contact Hayes Connor, where their specialist team can assist.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation