September 2023 data breach roundup

Hayes ConnorBy Legal Futures Associate Hayes Connor Solicitors

September saw a number of data breaches take place across a variety of sectors, resulting in the personal information of countless individuals being compromised.

The past month saw the Information Commissioner’s Office (ICO) intervene to warn organisations on their use of data belonging to victims of domestic abuse, while data breaches were uncovered across multiple Northern Ireland government departments, among other notable incidents.

To find out more about some of the most significant data breaches to take place in September, be sure to read on below:

ICO warns organisations using personal data of domestic abuse victims

The ICO has issued a firm statement of intent, warning organisations who handle personal data belonging to victims of domestic abuse. This warning was made in direct response to a worrying pattern of recent data breaches, where victims have been put at risk of potential harm.

Since July 2022, the ICO has reprimanded seven different organisations for data breaches involving victims of domestic abuse. This includes cases where the addresses of domestic abuse victims being leaked to their alleged abuser, and the identities of women seeking information about their partners being leaked to said partners.

Inadequate staff training and poor data protection procedures were ported to be the primary causes of the data breaches.

The ICO report did not name any of the organisations responsible for the breaches. However, since the statement was released, Wakefield Council have been named as one of the organisations after court documents revealing the addresses of vulnerable family members were released.

Legal Director at Hayes Connor, Christine Sabino, has commented on the matter, stating: “The report paints a bleak picture.

“With human error the number one cause of data breaches, it is clear that urgent changes are needed to avoid such detrimental slip-ups, thus providing more robust protections to victims of domestic abuse. This isn’t just a matter of leaked data amounting to fraud and theft, this is a matter of life and death for the victims.”

Cyber-attack against Greater Manchester Police supplier causes data breach

An investigation has been launched after a third-party supplier for Greater Manchester Police force was the target of major cyber-attack.

The supplier that was attacked is responsible for producing Greater Manchester Police’s identification badges and warrant cards. This means that sensitive information such as names, photographs and identity numbers are likely to have been exposed as a result of the breach.

It is understood that home addresses and financial information were not leaked, but there is an understanding that certain Geo Location data may have been accessed.

Concerns have understandably been raised about the potential for the identities of undercover police officers to be exposed. Addressing this, Mike Peake, Chair of the Greater Manchester Police Federation said: Our colleagues are undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.

“To have any personal details potentially leaked out into the public domain in this manner – for all to possibly see – will understandably cause many officers concern and anxiety.

“We are working with the force to mitigate the dangers and risks that this breach could have on our colleagues.”

Northern Ireland government departments guilty of multiple data breaches over past decade

Recent investigations have found that Northern Ireland government departments have been guilty of almost 50 data breaches over the past decade, with a third of these being by the Department of Justice.

The data breaches included cases where papers containing medical data were lost, a member of staff inappropriately accessing their ex-partner’s benefits information, sensitive information being left behind in a restaurant and the possible disclosure of a person’s former identity.

The cases have all been referred to the ICO where the appropriate action was reportedly taken to ensure that information was deleted.

Former commissioner for public appointments in Northern Ireland Felicity Huston said of the breaches: She added: “I was struck by the variety of breaches, from small things like envelopes not arriving to lost healthcare information, and that’s deeply disturbing.

“After what’s happened with the police and now this, people will quite rightly start to think: ‘What next will turn up in the public domain?'”

Manchester school admits to serious data breach

North Cestrian School have admitted to a serious data breach after an email intended for the parent of a suspended student was mistakenly sent to other parents. The email provided details about the suspended child and the circumstances that led to their suspension.

The school has reported the incident to the ICO and has confirmed that an apology has been sent to the parent of the suspended child.

The school’s headmaster Lee Bergin said in a statement: “I can confirm that there was a data breach when a letter meant for one parent was accidentally sent to others. Within 20 minutes the letter had been removed.

“The matter was reported to our Data Protection Officer and the incident was logged with the Information Commission Office. All parents who received the letter were contacted. I met with the parent whose letter had been compromised with an unreserved apology.”

Ransomware attack compromises Save the Children

One of the world’s leading non-profit organisations Save the Children International were struck by a major ransomware attack which resulted in financial, health and medical data being stole.

Cybercrime gang BianLian are taking credit for the attack, claiming to have stolen 6.8TB of data. While the gang did not explicitly confirm that they had attacked Save the Children, they had stated that they had hit an organisation that fit the profile.

Save the Children have since confirmed that they had been compromised. A statement from the organisation read: “Save the Children International recently experienced an IT incident involving unauthorised access to part of our network. There has been no operational disruption and the organisation continues to function as normal to build a better future for children across the world.

“We are working hard with external specialists to understand what happened and what data was impacted so we can take all the appropriate next steps. This process is complex and takes time but remains our absolute priority. Our systems are also secured, and we are confident in the ongoing integrity of our IT infrastructure.”

Third party data breach exposes charity donor details

A cyber attack against survey company About Loyalty has exposed the personal details of hundreds of thousands of people who have donated to some of the country’s most prominent charities.

The survey company work with more than 40 charities in the UK, including the RSPCA, Dogs Trust and Battersea Dogs And Cats Home. The data stolen in the breach is said to include the victim’s surname, part of their home address, email address and the amount of money they donated to respective charities.

Some of the charities affected in the breach have started to contact victims to warn them of the extent of the breach.

The ICO have confirmed that they have been notified and that they will be conducting their own investigation into the matter.

Speak to our legal experts about a data breach

The impact of any type of data breach can be devastating. Even where you have not experienced any direct financial losses, learning that your data has been compromised can be a very distressing experience.

Organisations handling personal data have a range of strict legal obligations to keep it secure. This means that failing to prevent a data breach could lead to victims being able to make a claim for compensation.

At Hayes Connor, our specialist data breach solicitors have a wealth of combined experience and expertise in handling data breach claims. We can therefore provide clear guidance on how best to proceed.

We will then take the time to establish the details of your case, the impact it has had on your life, and the level of compensation you may be able to receive.


For further information on our data breach expertise and how we handle such claims, see here.

To start a data breach claim, you can use our online claim form.


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation