View Sidebar

Archive for category: data breach

PSNI Data Breach – What Happened And What Should You Do?

PSNI Data Breach – What Happened And What Should You Do?

In August 2023, the Police Service Of Northern Ireland (PSNI) announced that they’d had a data breach. It’s said to have exposed the personal information of every member of staff, from the highest level to the bottom. Understandably, it’s caused a lot of concern.

Below, we take a look at what happened and what those affected can do to secure their position, as well as take legal action.

psni data breach

What Is The PSNI Data Breach And How Did It Happen?

The PSNI announced in a press conference on 8th August 2023 that they’d suffered a major data breach affecting all members of staff.

It came about as a result of a routine Freedom of Information (FOI) request. A member of staff responded to a question about police staffing numbers and ranks and grades. As part of that response, they attached a spreadsheet which contained the personal information of every member of staff.

The types of data exposed include:

  • First name initials
  • Grade and ranking
  • Surnames
  • Work locations
  • Department employed in

The data was uploaded to an FOI directory website called What Do They Know. It remained live for a number of hours before it was removed.

It’s unclear how many people accessed the PSNI spreadsheet, but regardless, the breach has caused great concern to many.

You can find out more in the PSNI’s statement on the data breach.

Have You Received A Data Breach Notification Letter?

If you’re employed by the PSNI, whether as an officer or other staff member, you may have received a letter or email in relation to the data breach. This is formally known as a data breach notification letter.

This letter should detail what personal information was exposed and the steps the PSNI is taking to secure it.

If you haven’t received a letter or notification yet, you should contact the PSNI.

PSNI Staff Could Claim Compensation For The Data Breach

The PSNI data breach has the potential to cause significant distress for many employees. Already officers and staff members have publicly commented that they’re frightened for the safety and well-being of their families.

If you’re experiencing distress, worry, anxiety or depression as a result of the PSNI data breach, a compensation claim could be a viable option. The force has admitted fault for what has happened, so it’s worth getting legal advice by speaking with a solicitor about your situation.

Why Is The PSNI Data Breach So Significant?

The PSNI data breach is a significant security issue. The force has seen attacks on members of its staff by republican paramilitaries, with one incident occurring as recently as February 2023 when an officer was shot.

With the risk of data on PSNI officers and staff getting into the wrong hands, people have understandably found the news distressing.

What Should You Do If You’re A PSNI Staff Member?

If you’re employed by the PSNI and want to know what to do, it can be helpful to first reach out to your employer.

You should have received a data breach notification letter or email which should confirm that you were impacted and what data has been exposed.

If you haven’t received this correspondence, get in touch with the PSNI.

It’s important to keep an eye out for any suspicious phone calls, text messages or emails. If you receive anything, report it right away.

Also, keep an eye on your bank accounts in case there are any attempts at fraud. If you notice anything suspicious, speak with your bank right away.

And you can get legal advice on what’s happened. In some cases, if you’ve suffered damage to your finances or mental health, you could claim compensation via a data breach claim against the PSNI.

Learn More About Data Breaches

Below, you can learn more about data breaches as well as the PSNI data breach incident:

August 9, 20237 commentsRead More
Capita Suffers Significant Data Breaches

Capita Suffers Significant Data Breaches

In early 2023, Capita suffered two significant data breaches which have affected a significant number of people—potentially over 100,000. 

In this guide, we examine what happened and what data was impacted. We also offer some practical advice on what you can do if you’ve been impacted by the Capita data breach, such as contacting your bank and taking legal action in the form of claiming compensation. 

First, let’s take a look at the Capita organisation and the service it provides.

capita data breach compensation

Who Is Capita?

Most people may recognise Capita as an insurance company, however, that is just one function it serves. In the case of the data breaches that affected it, the company offers an outsourcing service for third party firms to help manage their pension schemes.

Capita has a significant number of clients, some of which have thousands of employees. 

Let’s take a look at what happened with the data breaches. 

About The Capita Data Breaches

Capita has been struck by two data breaches in 2023. 

The first breach occurred in March 2023. This incident arose as a result of a cyber attack which targeted Capita’s systems. The successful attack led to criminals accessing the personal data of employees of around 90 organisations. Those that have confirmed they’ve been affected include:

At the time, the hack led to a major outage at the outsourcer, but the damage wasn’t clear until some time later when individuals started making complaints about their data. It spurred the Pensions Regulator to write to over 300 pension funds to ask them to check on their data. 

Things got worse for Capita in May 2023 when another data breach came to light. This one wasn’t a cyber attack but rather an issue relating to human error. 

In this incident, it transpired that data files relating to people’s benefits were left on publicly accessible storage. It only came to light when a number of councils contacted Capita to say they thought data had been accessed without consent.

What Data Was Impacted?

When a data breach occurs, it can impact people in different ways depending on the types of personal information exposed. For example, if banking information is accessed, it could see money taken from individual accounts or efforts made to steal the person’s identity or take out credit in their name. Such incidents can obviously cause financial loss and damage. 

If the exposed data relates to the likes of names, email addresses, phone numbers and dates of birth, it can cause damage of a different kind, namely psychological. Knowing that criminals know these details about you can cause distress, worry and anxiety.

Action Fraud understands that different organisations impacted by the Capita data breach have confirmed what data has been impacted precisely. The USS, for example, has confirmed that title, initials, names, dates of birth, National Insurance numbers, USS member numbers and retirement dates have all been exposed. 

What Should You Do If Affected By The Breach?

If you’ve been impacted by the Capita data breach, you should receive some form of correspondence from the organisation that holds your data—this correspondence would not come from Capita directly; they’re classed as a data processor and conduct data handling tasks on behalf of the organisation you hold your pension with. 

This letter or email is commonly referred to as a data breach notification letter.

Contained within this correspondence, you may discover confirmation of the impact on your personal information due to the cyber attack or the breach by Capita. The letter should provide details regarding the specific data suspected to have been compromised.

This particular letter or email holds considerable significance should you decide to delve further into potential courses of action, particularly with regard to a data breach claim. It serves as crucial evidence, validating the fact that your information has indeed been affected.

In the event that you opt to make a compensation claim concerning the Capita data breach, the communication received from your employer will prove invaluable in assisting a solicitor when determining their ability to assist you.

If you haven’t received such a letter and find yourself desiring confirmation from your employer, you retain the option to correspond with them, penning a letter requesting an investigation into the matter.

Additionally, it would be wise to maintain a vigilant watch over your bank accounts, credit rating, and online profiles in order to identify any signs of suspicious or fraudulent activity. Should an influx of unwanted messages, calls, or emails also besiege you, it could serve as an indication that your personal data has been exposed.

Under such circumstances, it is imperative to promptly contact your bank and undertake the necessary measures to update your passwords.

Recently, the PSNI suffered a data breach, which you can read all about here. This arose out of human error, so is a little different to the Capita cyber attack.

July 6, 202315 commentsRead More
What Is The Zellis Cyber Attack?

What Is The Zellis Cyber Attack?

The Zellis cyber attack and data breach hit news headlines recently. The payroll support company boasts several large clients, including DHL, Boots, the BBC and British Airways. All of these companies are said to have been affected, leaving the data of their employees exposed.

Below, we look at how the Zellis data breach happened, which companies were impacted, and the types of information exposed. 

We also look at what steps you can take if you’ve been impacted by the data breach. 

zellis cyber attack

What Is The Zellis Cyber Attack And Data Breach?

Zellis is a company that provides payroll support to numerous organisations in the UK. To help them provide this service, they use a file transfer tool called MOVEit. 

MOVEit was targeted by cybercriminals who exploited a vulnerability in its software. This allowed them to access the system and ultimately the massive amounts of data that was being transferred over its network. This resulted in the personal data of thousands of people being stolen

In response to the data breach, Zellis informed the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC), who have both opened their own investigations. 

What Companies Were Impacted?

The Zellis data breach is said to have impacted the workforce of a number of its clients, some of which have tens of thousands of employees. 

The companies that have confirmed that they’ve been impacted include:

  • DHL – the delivery company has written to its staff confirming they’ve been impacted by the breach
  • Boots – the healthcare and pharmacy company has also confirmed its staff have been impacted
  • British Airways
  • The BBC

What Data Was Affected?

A range of different types of personal data is said to have been impacted by the Zellis cyber attack. This includes identifying information, like:

  • Names, both first and surname
  • Addresses
  • Email addresses
  • Dates of birth
  • National Insurance numbers
  • Bank details

It’s arguably the latter that is the most concerning for individuals. However, with enough other data, like names and National Insurance numbers, it’s possible for criminals to steal the identity of people, which can lead to them making purchases or taking out credit in their name. 

What To Do If You Are Impacted By The Zellis Data Breach

If you currently work, or have in the past, for any of the companies outlined above, you may have received a letter or email about the Zellis data breach. This is otherwise known as a data breach notification letter. 

This letter may confirm that you have been impacted by the cyber attack on Zellis and sets out the personal data that they suspect has been affected. 

This letter or email is very important if you decide to explore the possibility of taking further action, particularly a data breach claim. It serves as evidence, confirming that you have been impacted. 

If you wanted to take legal action over the Zellis data breach, a compensation claim could be possible. The correspondence received from your employer will prove very useful in helping a data breach solicitor work out if they can help you or not. 

If you haven’t received a letter and want confirmation from your employer, you can write to them and ask them to investigate. 

You should also keep a close eye on your bank accounts, credit rating, and online accounts to see if there has been any suspicious or fraudulent activity. If you also start receiving lots of unwanted texts, calls or emails, it could also be a sign that your data has been exposed. 

In this case, you should contact your bank without delay and look to change your passwords. 

How Do Cyber Attacks Happen?

The most common form of data breach is that caused by human error. This can involve anything from sending an email to the wrong person, failing to update addresses on systems, failing to redact confidential information, and devices containing personal data being lost or stolen. 

Data breaches can also occur as a result of cyber attacks. This is when criminals seek to hack firewalls and security software (like in the Zellis data breach case) or they try to infect systems with viruses that allow them to gain control. A common way this happens is via phishing attempts. This is where cybercriminals create imitations of websites, emails or text messages that appear real, all with the aim of trying to trick the person. 

It’s important to keep an eye out for any suspicious messages or calls and to double-check the like of website URLs, email addresses and phone numbers to ensure they’re from official sources. 

July 4, 20237 commentsRead More