Stolen information about former foster parents found on the dark web following By the Bridge data breach


In January 2023, Cambian Group, which is one of the largest children’s social care providers in the UK, discovered “unauthorised activity” on its computer systems.  

Data stolen in this hack has since been found on the dark web, and months after the hack, this data is still currently for sale online (as of 26/04/2023).    

Worryingly, Cambian is owned by CareTech, which operates a network of hospitals, schools, and homes for children and adults with learning disabilities, autism, and mental health conditions. As such, vulnerable individuals are at risk.  

Initially, Cambian was unable to confirm what data had been compromised in the attack, although highly sensitive information has been found online. However, almost four months after the data security breach, By the Bridge Fostering – part of the Cambian Group – has now written to former foster parents with more information.  

According to a Data Incident Notification sent to affected individuals, the stolen data includes:  

  • Fostering applications and assessments  
  • Bank details (those used by By the Bridge to pay foster parents)  
  • Documents relating to their role as a foster parent up until they left By the Bridge. 

Worryingly, Cambian admits that “it could transpire that further data of yours was affected”.  

How should those affected by the By the Bridge data breach protect themselves?

Cambian has warned the former foster parents not to search for their information on the dark web, as it could be infected with malware and accessing this data could put them at further risk of cybercrime. 

Cambian has provided some basic information to help protect the safety and wellbeing of those affected by the data breach. This includes: 

Victims of this breach can also contact Cambian to discuss their concerns at cyber.incident@caretech-uk.com  

At KP Law, we have seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft. Some victims of this breach have already experienced fraudulent transactions and by failing to take sufficient steps to notify all those involved immediately, Cambian left them exposed as they were not given the opportunity to protect themselves. This adds to the victims’ worry now that they have found out about the breach. 

Our data protection experts have created some further guidance to help those affected by the breach stay vigilant.   

Claim compensation for the Cambian data breach

KP Law has launched an investigation to find out how this data privacy breach was allowed to happen, and how the security incident affects those who use Cambian’s services.  

If you are affected by the Cambian data breach, join our no-win, no-fee action and claim compensation for this data protection failure.  

Because of the nature of this breach, and the sensitivities involved, we can represent you anonymously, and speak on your behalf. 


In March 2024, our firm changed its name to KP Law. 

Share this article: