Latest Data Breach Round-Up – June 2023 


In our regular update, we provide a roundup of some of the data breaches and data breach news that occurred over the last few weeks.   

MoveIt/Zellis Payroll Data Breach

In June 2023, hackers – believed to be part of a Russian crime group – exploited a security flaw in the MOVEit file transfer software. MOVEit claims to provide secure and compliant file transfers for sensitive data within and between organisations. The breach affects several global organisations that use this software. 

Payroll provider Zellis is one organisation affected. Zellis provides payroll support services to hundreds of companies in the UK. Eight of its clients are said to be impacted by the breach, including British Airways, the BBC, Boots and Aer Lingus.  

Ofcom and Ernst & Young may also be affected by this data breach. 


Capita Data Breaches

Capita – one of the UK’s most prominent business process outsourcing and professional services companies – has experienced two significant data protection breaches. The Capita data breaches could affect more than half a million UK pension holders, and an undisclosed number of people on benefits. 

In March 2023, Capita experienced a ransomware cyber-attack. Over half a million UK pension holders could be affected by this data security incident.    

The second data breach relates to the use of publicly accessible “unsafe storage” provided by Capita. Benefit data for several local authorities was found online and unprotected.  

Our cyber experts are investigating the breach to find out what happened, which pension plans and local authorities are involved, and how the breach affects victims. If you receive notification that you are affected by a Capita data breach, you can join our group action.  


Cambian Data Breach

Earlier this year, Cambian Group, which is one of the largest children’s social care providers in the UK, discovered “unauthorised activity” on its computer systems. 

Data stolen in this hack has been found on the dark web, and months after the hack, this data was still for sale online. Vulnerable individuals are at risk – including foster children and highly sensitive information, including current home addresses, has been found online. Some victims have experienced fraudulent transactions and had to change their payment cards and secure their bank accounts 

If you are affected by the Cambian data breach, join our no-win, no-fee action and claim compensation for this data protection failure. Because of the nature of this breach, and the sensitivities involved, we can represent you anonymously, and speak on your behalf.   


Leytonstone School Data Breach

There has been a data breach at Leytonstone School in North East London. The breach occurred after the secondary school fell victim to a cyberattack. A significant amount of personal data has been accessed in the attack.    

If they are affected, this data breach leaves families and teachers vulnerable to phishing scams and identity theft. In addition, the theft of personal data could also put safeguarding initiatives at risk. So, the consequences of the data protection failure could be devastating.     

University of Manchester Data Breach

There has been a cyber-attack at The University of Manchester. Some of the university’s systems have been accessed by an unauthorised party and data is likely to have been copied. Those affected by the University of Manchester data breach will be informed as soon as the university is able to. In the meantime, all staff and students of the university should be vigilant to any suspicious phishing emails.   


Lagan Specialist Contracting Group (SCG) Data Breach

In February 2023, Lagan SCG – a Belfast headquartered construction business – experienced a data breach following a cyberattack.  A significant amount of sensitive and confidential employee data was compromised because of the hack.   

Lagan SCG operates several sites across Ireland, Britain, the USA, and Dubai. The group’s companies include H&J Martin, FK Lowry, Charles Brand and Rosemount Homes. So, a significant number of employees could be affected by this breach. 

Keller Postman UK has launched a group action into the Lagan SCG breach. We encourage affected employees to join our action and claim compensation for the failure to protect their data. 


Cadwalader Wickersham & Taft LLP Data Breach

New York-founded law firm Cadwalader, Wickersham & Taft experienced a cyberattack leading to a data breach. And, according to a proposed class action in the US, the firm is at fault for exposing personal data.

In the US, victims of this breach are being urged to join the class action and claim compensation. It is thought that more than 93,000 people could have had their personal data compromised in this attack.

As Cadwalader, Wickersham & Taft is a large international law firm, we would urge UK-based clients affected by this breach to sign with us, as we look to launch a no-win, no-fee group action compensation claim in England & Wales.


WH Smith Data Breach

In March 2023, books and stationery supplier WH Smith became the latest retailer to fall victim to a “cyber security incident” resulting in a data breach.  Current and former employee data is believed to be compromised, although customer data is thought safe at this time.   


Bazaar Group Data Breach

Bean bag maker Bazaar Group contacted customers to notify them about a data hack. The breach has compromised a wealth of customer data, including payment card details.  


TikTok Data Breach Fine

In April, TikTok was fined £12.7 million by Information Commissioner’s Office (ICO) for using the personal data of children without parental consent. The data of the children involved in this breach may have been used to track them and profile them. And there are fears that they could have been exposed to potentially “harmful, inappropriate content at their very next scroll.”   


NHS Trusts/Facebook Data Breach

In May, an Observer investigation revealed that several NHS trusts are sharing intimate details about patients’ medical conditions with Facebook. These trusts do not have patient consent to do so.  


In March 2024, our firm changed its name to KP Law. 

Share this article: