Ardagh Data Breach


Following a data breach in early 2021, Ardagh “engaged leading industry specialists to conduct a forensic investigation” into the incident. This page explains how the Ardagh data breach happened. 

What happened in the Ardagh data breach?

In May 2021, Ardagh confirmed that it had experienced a cyberattack. In response, the company was forced to shut down some of its systems as a precautionary measure.

In October 2021, the company became aware that stolen data taken from its systems had been placed on the dark web. And, in February 2022, nine months after the security breach, Ardagh wrote to employees to warn them that their personal information might have been exposed in the attack.

The following employee data was accessed in the breach (although not every employee had the same information stolen and this might not be a comprehensive list):

This is a significant amount of personal information and the delay in notifying those affected meant that employees were not given the chance to secure their personal data for many months.

Victims of the Ardagh data breach were put at risk

As information stolen in breaches is often used by cybercriminals, the delay in reporting the incident meant that Ardagh employees were left vulnerable to cyber fraud and scams. And, while Ardagh informed its employees that the dark web is “only accessible by means of special software” and “unlikely to be accessible by the general public” this did not lessen the risk.

The dark web is commonly used by hackers to sell data to other criminals. Similar data breaches have resulted in fraud, blackmail, and identity theft, so Ardagh employees were at high risk of being targeted by cybercriminals.


Ardagh data breach timeline

  • May 2021
    Ardagh confirmed that it had experienced a cyberattack.
  • October 2021
    Ardagh became aware that stolen data taken from its systems had been placed on the dark web.
  • February 2022
    Ardagh wrote to employees to tell them that HR data stolen in the attack had been found on the dark web.

Your questions answered

See our answers to the FAQs we get asked about the Ardagh Data Breach.

How did the security incident happen?

In May 2021, Ardagh experienced a cyberattack. Following investigations, personal employee data extracted during this attack was found on the dark web.

What data was accessed?

The stolen information included:

  • Names
  • Contact details (addresses and telephone numbers)
  • Next of kin contact details
  • Employment references
  • Salary details
  • National insurance numbers
  • Bank details including accounting number and sort code).

This might not be a comprehensive list.

Was my information accessed in the breach?

If you were an Ardagh employee on (or potentially before) May 2021, you could have been affected by this breach. Ardagh has a legal obligation to tell you if your information is compromised. However, it is not clear if Ardagh has told everyone affected by this breach.

Why did Ardagh take so long to tell affected employees?

Ardagh claims the delay was justified because, while it became aware in October 2021 that personal data had been placed on the dark web, it was only after further review that it became known to the business that employee data was implicated. 

Could Ardagh fire employees for making a claim?

Absolutely not. An employer cannot fire you or harm your career in any way if you make a claim.