If you are a UK resident, then your personal data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). This means that any information that can be used to identify you, like your name, email address, or postal address, needs to be handled in compliance with these laws.
This information will be handled by data controllers, who decide how, when, and why they need your personal data, and data processors, who follow the controller’s instructions to process the data. But what happens when these parties fail to protect it?
In this guide, we’ll take a look at some of the most famous data breach cases in the UK. We’ll talk about what happened, why the breach occurred, and how a breach of your personal information could affect you.
Contact Us
If you’ve been harmed by a personal data breach, even if it doesn’t make our list of famous data breach cases, our team of advisors are here to help. Get in touch to learn more about your next steps and to find out if you could be eligible for compensation by:
- Calling us on 020 8050 3051
- Using the live chat feature
- Contacting us online
Browse Our Guide
What Are Famous Data Breach Cases In The UK?
When a data processor or data controller fails to comply with the correct legislation, this is known as wrongful conduct. If wrongful conduct leads to a data breach, the organisation can be held liable. If you are harmed as a result of the data breach, you may be due compensation.
We understand that this can be a complex topic, that is why we invite you to call our advisors to have any questions regarding data breaches answered. You can also take a look at some of the following famous data breach cases.
Dixons Carphone
In 2017, around 10 million Dixons Carphone customers were affected by a cyberattack. A critical failure in their data security systems allowed hackers to access the personal data of customers. This data included email addresses, and postal addresses, as well as the records of 5.9 million payment cards.
The Information Commissioner’s Office, the UK’s data protection watchdog, investigated this breach. They found that a number of critical failures had occurred, including inadequate encryption of personal data, out-of-date web installations, and inadequate firewalls.
As a result, the ICO levied a £400,000 fine against Dixons Carphone.
https://www.bbc.co.uk/news/business-45016906
Equifax
While the Equifax data breach affected many US citizens, the far-reaching consequences also affected Canadian and UK residents. In 2017, hackers gained access to credit card numbers, birth dates and postal addresses. Attackers gained access to the data by exploiting vulnerabilities in the data security systems.
During the incident, the records of at least 147 million people were exposed. The hackers copied at least 147 million names and dates of birth, about 145.5 million Social Security numbers, and a total of 209,000 payment card numbers along with the expiration date.
The UK’s Information Commissioner’s Office has already issued the company with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during the same attack. However, Equifax settled the case with the US Federal Trade Commission for $700,000,000, approximately £561,000,000.
https://www.bbc.co.uk/news/technology-49070596
https://www.fca.org.uk/news/press-releases/equifax-ltd-fine-cyber-security-breach
Easyjet
In 2020, budget airline Easyjet revealed that a “highly sophisticated cyber-attack” had allowed criminals to gain unauthorised access to the data of almost 9 million customers. This information included emails, travel details, and credit card information.
https://www.bbc.co.uk/news/technology-52722626
Virgin Media
In 2020, it was revealed that a Virgin Media database had been left accessible and unsecured for approximately ten months, allowing the personal data of 900,000 customers to be accessed on “at least one occasion.”
The database had been used for marketing purposes. As a result, it contained the phone numbers, email addresses, and home addresses. According to Virgin Media, the database had been incorrectly configured by a member of staff who did not follow the correct procedures.
https://www.bbc.co.uk/news/business-51760510
British Airways
In 2018, insufficent security measures allowed hackers to access the personal data of around 400,000 customers. This included their names and email addresses, as well as payment card numbers and travel booking details.
The ICO investigated and imposed an initial fine of £183,000,000, which they then lowered to £20,000,000 in 2020 in light of the impacts of the Coronavirus pandemic.
https://www.bbc.co.uk/news/technology-54568784
JD Wetherspoon
The names, email addresses, and phone numbers of around 650,000 people and 100 people had very limited credit and debit card information accessed in a JD Wetherspoon data breach in 2015. The card data was not encrypted because the database did not contain other details.
https://www.bbc.co.uk/news/uk-35002951
TalkTalk
In 2016, TalkTalk was fined £400,000 by the ICO for failing to implement even the “most basic” cybersecurity measures. This allowed hackers to steal the personal data of around 157,000 customers.
The ICO found that TalkTalk had been using out-of-date database software. Because of this, a coding bug allowed the hackers to target vulnerable webpages and bypass the usual restrictions in order to obtain the personal data of customers.
https://www.bbc.co.uk/news/business-37565367
Interserve
The ICO imposed a fine of £4.4 million to Interserve after hackers stole the personal and financial information of 113,000 employees. The ICO stated that Interserve Group breached data protection law due to the fact that they had failed to put appropriate measures to prevent cyberattacks.
https://www.theguardian.com/business/2022/oct/24/outsourcer-interserve-fined-4-point-4m-cyber-attack-failings-data-breach-personal-information
Read About How To Claim For Data Breaches
Not all of the examples of data breaches mentioned above will have resulted in a valid data breach compensation claim. But if you’ve been harmed after a breach of your personal data, our team are here to help.
When you get in touch, one of our friendly advisors can evaluate your case during a free, no-strings consultation. During this time, they can answer any questions you have about the data breach claims process, and they may be able to connect you with an expert data breach solicitor from our panel.
Contact our team today to find out if a specialist No Win No Fee data breach solicitor from our panel could help you by:
- Calling us on 020 8050 3051
- Using the live chat feature
- Contacting us online
Further Resources
To read about data breach claims:
- Find out how to claim for a student accommodation data breach with our guide
- Read our guide to learn how to claim for a data breach at a gym
- Learn what to do after receiving a letter of notification after a data breach
Find more helpful data breach resources:
- Make a complaint about data protection through the ICO
- Learn about the DPA with information from the Government
- Get advice and guidance from the National Cyber Security Center
Thank you for reading our guide on the most famous data breach cases in the UK.