October 2023 data breach roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

Various data breaches took place in October, with organisations from a range of industries being guilty of a number of serious incidents.

Councils, NHS Trusts and Police forces were all guilty of exposing data in October, with information belonging to countless individuals being compromised.

To find out more about some of the most significant data breaches to occur in October, be sure to read on below:

Major data breach hits Southend-on-Sea City Council

The personal details of over 2,000 members of staff at Southend-on-Sea City Council were mistakenly revealed following a response to a Freedom of Information (FOI) request.

The FOI was met with an online spreadsheet which included personal and special category data for all current staff and leavers at the Council (as of 31 March 2023). It was initially believed that the spreadsheet only contained anonymised data for one department.

The personal details included in the breach would have been easily accessible to anyone with a good understanding of how online spreadsheets work.

Tony Cox, the Conservative leader of the council, said: “We have immediately begun an investigation to understand how this happened and I sincerely apologise to those affected on behalf of the organisation.

“It is important to stress that this information did not contain bank details. However, it included details such as National Insurance numbers, pension scheme details, salary, names and addresses and equal opportunities data.

“The spreadsheet has been taken down from the website. We have self-reported this as a data breach to the Information Commissioner’s Office, and councillors, staff and former staff affected are being informed, along with providing advice and support to them.”

The Council will no longer be sending spreadsheets in response to FOI requests.

Data belonging to Dorset NHS Trust exposed in breach

The new address of a victim of abuse was exposed to his alleged abusive ex-partner after a letter was sent by University Hospitals Dorset NHS Foundation Trust.

The system used by the Trust was said to be the main factor in the breach, as it meant that correspondence sent to multiple people would be include all addresses. While it has been confirmed that the data breach happened at one of the trusts which runs Poole, Christchurch and the Royal Bournemouth hospitals, it is not clear which hospital was to blame.

A report from the Information Commissioner’s Office (ICO) stated that the victim of the breach had not advised the trust not to disclose the address, but it would be a reasonable expectation for any personal information not to be sent without permission.

No complaints have been made by the victim, though the report from the ICO notes that there is now a risk of unwanted contact.

University Hospitals Dorset said: “We apologise for this breach of data and accept the findings.

“We also extend a further apology to the individual concerned and recognise the distress the breach may have caused.”

Cumbria Police staff data breach mistakes not to be repeated

Police and crime commissioner (PCC) for Cumbria Police Peter McCall has vowed that the mistakes that resulted in a major data breach will not be repeated.

The incident, which took place earlier in the year, saw the names and salaries of every Cumbria Police officer and staff member accidentally published to the constabulary’s website.

More than 2,000 individuals were said to have been affected by the breach which was not previously publicised. Human error is said to have been the cause of the breach.

In a statement to councillors, Mr McCall said: “Assurance was given, and indeed accepted, that the breach was only a one-off incident and learning from it has been taken onboard and processes put in place to ensure it should not happen again.

“I would reassure the panel that there was no risk to individual personnel as a result of that breach.”

Speak to our legal experts about a data breach

Data breaches have the potential to be extremely devastating, no matter the circumstances. Incidents of this nature can often lead to direct financial losses and distress for victims.

Any organisation that handles personal data is legally obliged to keep it secure. If for any reason they fail to uphold this obligation, any victims could be in a position to make a claim for compensation.

At Hayes Connor, our specialist data breach solicitors have a wealth of combined experience and expertise in handling data breach claims. As such, we are well placed to advise you on how best to proceed.

In every instance, our team will take the time to establish the details of your case, the impact it has had on your life and the level of compensation you may be able to receive.


For further information on our data breach expertise and how we handle such claims, see here.

To start a data breach claim, you can use our online claim form.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation