In our regular update, we provide a roundup of some of the data breaches and data breach news that occurred over the last few weeks.
Police data breaches
Over the last few months, there have been a number of police data breaches.
The Metropolitan Police
The Metropolitan Police reportedly experienced a data breach after a cyber security incident. The breach happened after an unauthorised party gained access to the systems of one of the force’s suppliers. The security failure involved Digital ID, a company which makes warrant cards and identification badges. The names, ranks, photos, vetting levels, and pay numbers for officers could have been accessed.
Greater Manchester Police
In September, police officers at Greater Manchester Police (GMP) were told that they were also involved in the Digital ID data breach. Other forces may also have been affected. Indeed, according to GMP the breach “concerns policing organisations on a national scale”.
Norfolk and Suffolk Police
A serious data breach involving Suffolk and Norfolk police put over a thousand people at risk. Victims of this breach include witnesses and victims of crime. The compromised data includes descriptions of offences including sexual and domestic assaults, hate crime and thefts. Names, addresses, and dates of birth are included. The forces have admitted that “some very vulnerable individuals” are affected.
A data breach at Cumbria police has exposed the names, positions, and salaries of more than 2,000 officers and staff, including those in covert and sensitive roles. The leak affects 1,304 police officers, 756 staff members and 52 police community support officers. The breach happened in March when Cumbria police accidentally published the sensitive and confidential data online.
Police Service of Northern Ireland
In August 2023, an “industrial scale breach of data” in Northern Ireland saw the details of around 10,000 officers and staff published online for a number of hours. Information mistakenly released in this breach is in the hands of dissident republicans according to Northern Ireland’s police chief.
Fresca Group, the largest privately-owned supplier of fruit and vegetables in the UK, has experienced a data breach. The data breach – which happened after the company suffered a cyberattack earlier this year – could affect current and former employees.
Victims of this data security failure should have received notification of their involvement.
Ministry of Defence/Zaun
Zaun, a manufacturer of fencing systems, was hit by a cyber-attack carried out by Russian ransomware gang LockBit in August 2023. Zaun is a third-party supplier to the MOD and the hack has exposed sensitive information about British intelligence.
The gang later published some data on their leak site. According to the Daily Mirror, the data released by LockBit included thousands of pages of data that could help criminals get into His Majesty’s Naval Base, Clyde (HMNB Clyde) nuclear submarine base, the Porton Down chemical weapon lab and GCHQ’s communications complex in Bude, Cornwall.
London-based PBB University was hit by cybercriminals. Following the attack, students were unable to access their course work. The University confirmed that it was experiencing an IT ‘outage’ after its systems were “accessed by an unauthorised third party.”
Succession Wealth – a UK-based wealth management and financial planning specialist – has experienced a cyber-attack. The business, which is owned by Aviva, is investigating a data security breach that reportedly occurred in February 2023. Succession Wealth operates a network of more than 200 financial advisors. It also has over 20,000 clients. We do not know how many clients, FAs, and employees have had their data breached in this attack.
In August 2023, it emerged a cyber-attack had compromised the data of 40 million voters. The security incident went undetected for a year and the public was not told for another 10 months. The Electoral Commission has apologised for the leak which breached names and addresses of all voters registered between 2014 and 2022.
It has since been revealed that the UK Electoral Commission failed a basic cybersecurity test before data breach. According to the BBC, the election watchdog failed the Cyber Essentials test in multiple areas including the use of outdated and vulnerable devices and software.