September 2022 Data Breach Roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

The month of September saw a variety of data breach incidents, ranging from a well known world wide taxi company to several schools.

While this month’s data breaches were mainly caused by cyber attack incidents, one was a human error impacting vulnerable school children.

To learn more about the data breaches that happened in September 2022, keep reading below.

Industry-leading recruitment company Acorn Recruitment suffers from cyber attack

Acorn Recruitment, one of the UK’s industry-leading recruitment businesses, faced a cyber attack incident earlier this year.

The attack on the recruitment company meant that their consumer’s important details were potentially compromised, including both financial and identification information such as names, addresses, contact details, national insurance numbers, financial information such as bank details and ID documents such as passports, driving licenses or national ID cards.

The cyber attack was discovered after the company’s IT team became aware of the third-party activity on one of their systems, and an investigation was launched by external forensic specialists. Once becoming aware of the incident, Acorn Recruitment took steps to ensure that no other systems would be affected. They did this by taking the system offline.

In an attempt to discover those responsible for the breach, online sources were monitored closely for any mentions of Acorn Recruitment and cyber attack. This led to those responsible for the incident being uncovered.

Since the breach, the recruitment organisation has reported the incident to the Information Commissioner’s Office (ICO) as well as stating that they will be implementing further safety precautions, such as IT security enhancements and reviewing their current security methods to prevent future cyber incidents from impacting their systems.

Uber faces cyber attack

On September 15th, the popular taxi company Uber, which is used across 10,000 cities worldwide, reported that their online systems had been breached by an 18 year old hacker. They claimed the systems were easy to hack due to the weak security impleneted by Uber.

The attack on Uber’s systems resulted in several of their internal communications and engineering systems being offline, including Slack. Slack is the employee communications platform where Uber was able to become aware of the security breach through a message the hacker sent “I announce I am a hacker and Uber has suffered a data breach”. The message also listed a number of other internal databases to which they had access and were compromised.

The hacker responsible was able to gain entry into their communications platform through social engineering, where they sent a text to an employee claiming to represent the company as a tech employee. The targeted individual handed over a password which enabled the hacker to enter Uber’s network.

Screenshots shared by the hacker suggested they had high-level access to Uber’s systems, with one of these screenshots containing an internal information page for employees.

Once Uber became aware of the breach, they proceeded to take the slack system offline and encouraged employees not to use other internal company systems.

A multi-academy trust that runs six schools hit by cyber attack

The Scholars’ Education Trust, which runs six schools in Hertfordshire, including Buntingford First School, Harpenden Academy, Priory Academy, Robert Barclay Academy, Samuel Ryder Academy and Sir John Lawes School, with around 4,500 students in total, suffered a cyber attack.

There are currently no details as to whether any of the student’s or staff member’s private information had been compromised. There have also been no reports of any ransom demands.

Once made aware of the issue, the Trust’s internal systems were taken offline, which lasted for over a week. Their email system was one of the internal systems taken offline, preventing staff from being able to send and receive emails. Parents of students were encouraged to contact the school directly by telephone.

The Trust made parents and pupils at the six schools aware of the cyber attack incident through public statements on each of the school’s websites stating, “Due to a serious IT issue we are currently experiencing difficulty in sending and receiving emails. Please contact the school by telephone should you have an urgent message. Thank you for your patience during this time.”

List of vulnerable children leaked in school email blunder

Wymondham High Academy, located in Norfolk, were involved in a data breach incident after a leaked a list of the school’s vulnerable students to all pupils.

The confidential details related to all students at the school who had anxiety and had been referred to the school’s wellbeing services, containing their full names.

The email containing these details was supposed to be sent to staff members, but the staff member responsible instead sent it to all 1,500 pupils who attend the Norfolk school.

The school have confirmed that the email has since been recalled, and the families of the students impacted by the error have been spoken to about the incident.

Parents are asking for the incident to be reported to the Information Commissioner’s Office (ICO), but there is no confirmation as of yet that this has been done.

Jonathan Rockey, Wymondham High Academy, expressed “Our data protection officer is investigating the incident and is helping us determine the next steps.”

“The academy has already contacted the parents and pupils directly impacted by this, as well as taking action to both recall and limit the distribution of the mail.”

“The academy does not intend to make further comment at this point, as an investigation is currently under way.”

What to do if you or a client needs help with a data breach

If you are a victim of a data breach incident or have the belief to presume so, it’s crucial that you immediately seek advice and guidance from a professional.

No matter what your personal situation is  the experts at Hayes Connor can assist. Whether you need assistance or you are a law firm looking to refer a client, the Hayes Connor team are available to provide a helping hand.

Hayes Connor is one of the biggest data breach teams in the County . The team has years of expertise providing advice for clients who are victims of data breaches

When you choose to work with the Hayes Connor team, you can be confident in receiving a personalised experience with solicitors who will take the time to carefully listen to your case, the impact, and how they can deliver the assistance you require aligned with your circumstances and needs.

If you are interested in learning more about Hayes Connor’s data breach expertise or wish to enquire about a potential claim or client referral, please don’t hesitate to contact Hayes Connor, where the team can assist.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation