In January 2023, Cambian Group, which is one of the largest children’s social care providers in the UK, discovered “unauthorised activity” on its computer systems.
Data stolen in this hack has since been found on the dark web, and months after the hack, this data is still currently for sale online (as of 26/04/2023).
Worryingly, Cambian is owned by CareTech, which operates a network of hospitals, schools, and homes for children and adults with learning disabilities, autism, and mental health conditions. As such, vulnerable individuals are at risk.
Initially, Cambian was unable to confirm what data had been compromised in the attack, although highly sensitive information has been found online. However, almost four months after the data security breach, By the Bridge Fostering – part of the Cambian Group – has now written to former foster parents with more information.
According to a Data Incident Notification sent to affected individuals, the stolen data includes:
- Fostering applications and assessments
- Bank details (those used by By the Bridge to pay foster parents)
- Documents relating to their role as a foster parent up until they left By the Bridge.
Worryingly, Cambian admits that “it could transpire that further data of yours was affected”.
How should those affected by the By the Bridge data breach protect themselves?
Cambian has warned the former foster parents not to search for their information on the dark web, as it could be infected with malware and accessing this data could put them at further risk of cybercrime.
Cambian has provided some basic information to help protect the safety and wellbeing of those affected by the data breach. This includes:
- Monitoring for any suspicious or unsolicited communications, whether letters in the post, emails or phone calls
- Visiting the National Cyber Security Centre or the Information Commissioner’s Office for more help.
Victims of this breach can also contact Cambian to discuss their concerns at cyber.incident@caretech-uk.com
At KP Law, we have seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft. Some victims of this breach have already experienced fraudulent transactions and by failing to take sufficient steps to notify all those involved immediately, Cambian left them exposed as they were not given the opportunity to protect themselves. This adds to the victims’ worry now that they have found out about the breach.
Claim compensation for the Cambian data breach
KP Law has launched an investigation to find out how this data privacy breach was allowed to happen, and how the security incident affects those who use Cambian’s services.
If you are affected by the Cambian data breach, join our no-win, no-fee action and claim compensation for this data protection failure.
Because of the nature of this breach, and the sensitivities involved, we can represent you anonymously, and speak on your behalf.
