Although we are only a few weeks into the new year, there have been data breaches that have been brought to our attention over the last few weeks, that have also been highlighted in the media.

We have highlighted x4 of these breaches below:

Young Man Arrested for School Cyber Crime

It has been mentioned on The Register, that a 28 year old has been arrested due to a cyber attack on Welland Park Academy. The school in Leicestershire, announced the breach in January, stating that personal devices connected to the school network had been compromised in this cyber attack.

The arrest was made for suspicion of breaching sections 1 and 3 of the Computer Misuse Act. The school withholds around 1,000 pupils, the hard drives in question seem to be wiped. With continued investigations underway, it is not yet clear the extent of the GDPR breach or the effects this could have on the school, pupils and staff.

Trafford Bin Suffers Cyber Attack

AMEY PLC, who manages the Trafford Council infrastructure was victim of a cyber attack. Mount Lock ransomware group targeted the company which was said to have began in December 2020, but has progressed into the new year; who are demanding $2 billion dollars from the firm.

Documents that include:

• Scans of passports, drivers licenses and any identity documents of company directors
• Contracts
• Financial documents (inc bank statement and loan records
• Financial reports
• Employment records (new hire offers and resignation letters)
• Confidential partnership agreements
• Non-disclosure agreements
• Technical blueprints (of Manchester Metrolink railways, for example)
• Meeting minutes.

According to the Cyber hacker themselves, over 143GB of data was stolen. The ICO have been informed along with the NCA, with communications regarding the incident continuing to be conversed, to keep any disruption to a minimum.

British Mensa Website Hacked

Mensa is a society that withholds information of individuals with high IQ’s. A non-profit organization, open only to those people who score in the 98th percentile or higher in a standardized IQ test.

It has been reported that Mensa failed to secure access to their website, which allowed the hack to take place. Eugene Hopkinson, a former director is said to have stepped down from his position at British Mensa in light of the breach. Is has been said that that the credentials of a director was used to initiate the hack itself.

The website failed to secure 18,000 members details correctly. Details of individuals had begun to be exposed on the pastebin website; however where removed not so long afterwards.

It is said that although passwords where said to be encrypted, the configurations where easily unscrambled; which allowed the hackers to easily grant access to the information they required. This has led to an investigation with the British Information Commissioner.

150,000 Arrest Records Compromised in Police Incident

Routine cleaning of Police data bases, has resulted in records in excess of 150,000 have been accidentally wiped.

DIGIT highlighted that data such as basic contact information and

• Fingerprints
• DNA
• Arrest histories

Are all aspects which would have been lost in this mishap.

Although the Home Office have stated that the wiped records only related to people who had been arrested and released when no further action was taken. No data associated with criminals or dangerous persons had been deleted.

The repercussions of this data loss, will mean that investigations will be made much more difficult to re open without previous history on the file for individuals. The main issue for this is the safety of the public. If in the event further crimes where committed and no previous history is available on the individual, this could pose risks to other members of the public.

Although human error plays a role in data breaches, research found that 60% of 3.5 million company security breaches were caused by individual mistakes. Whilst the ICO, said that human error was responsible for 90% of UK data breaches in 2019.