Data

The Information Commissioner said the breach was the “perfect storm of risk and harm”.

The PSNI is facing a £750,000 fine after the Information Commissioner’s Office (ICO) identified a “tangible threat to life” following a huge data breach last year.

Details of approximately 10,000 PSNI officers and staff were inadvertently published online in response to a Freedom of Information (FOI) request last August.

A former Management Trainee at Enterprise Rent-A-Car UK Limited ("Enterprise Rent-A-Car") has been ordered to pay a fine after admitting he illegally obtained customer data between 18 March 2019 and 1 April 2019.

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/05/car-rental-manager-fined-after-unlawfully-obtaining-customer-data/

Businesses should expect the UK’s Information Commissioner’s Office (ICO) to undertake more ‘own initiative’ investigations into compliance with UK ‘cookie laws’ in the months and years ahead, an expert in data protection and privacy law has said.

https://www.pinsentmasons.com/en-gb/out-law/news/uk-cookie-law-enforcement-not-dependent-on-complaints

Telecommunications giant AT&T Inc. (NYSE:T) recently disclosed a significant data breach dating back to 2021 that resulted in the exposure of sensitive information belonging to 73 million users and is now circulating on the dark web.

The leaked data includes a wealth of personal details such as Social Security numbers, email addresses, phone numbers and dates of birth, affecting both current and former account holders. AT&T revealed that among the impacted people, 7.6 million are current account holders.

Data protection law in the UK is in a state of change, with uncertainty for organisations arising from recent reforms to retained EU law and the prospect of further reforms to follow as the Data Protection and Digital Information (No. 2) Bill proceeds through parliament.

https://www.pinsentmasons.com/en-gb/out-law/analysis/impact-of-retained-eu-law-reforms-on-data-protection

A group of workers at Manchester United are suing the football club for an HR data breach, according to a lawyer leading the action.

The club could face a damages claim totalling £100,000 after it accidentally emailed the staff wage slips of 167 colleagues to an entire pool of casual catering and hospitality staff.

A former insurance company employee who stole customer details and sold them to claims management companies has been jailed.

Karl Yates, 40, of no fixed abode, accessed customer data associated with non-fault road traffic claims from Royal Sun Alliance (RSA) systems while employed by them, when he was not authorised to do so.

A group of cyber criminals known for undertaking ransomware attacks on businesses has notified a US regulator about an alleged cybersecurity breach it was responsible for, alleging that the victim also failed to comply with data breach reporting requirements.

https://www.pinsentmasons.com/out-law/news/hackers-blow-regulatory-whistle-over-data-breach

A recent ruling by Belgium’s data protection authority has highlighted the importance of having data processing agreements in place to govern data processing arrangements from the point they take effect, an expert has said.

https://www.pinsentmasons.com/out-law/news/data-processing-agreements-cannot-be-retrospectively-applied-under-the-gdpr

The FCA has fined Equifax Ltd (Equifax) £11,164,400 for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US. The breach allowed hackers to access the personal data of millions of people and exposed UK consumers to the risk of financial crime.

https://www.fca.org.uk/news/press-releases/equifax-ltd-fine-cyber-security-breach