The Latest Data Breaches Revealed – Are YOU A Victim?
HMRC Penalty Notice Data Breach
The Institute of Chartered Accountants in England and Wales (ICAEW) have been among thousands of agents who have received penalty notices which are NOT for their clients.
HMRX were notified of the late-filing penalty notices for 2019/20 error that were all issued on 23rd March 2021. It was highlighted that the letters included notices for other members of the public and not for their clients. There were multiple errors being send out via post which has been put down to a lack of testing for automated systems at HMRC, which performed a bulk run that subsequently resulted in errors.
The total number of individual penalty notices sent to the wrong agent is 18,496 with 15,459 agents affected by either receiving noticed they should not have or not receiving notices that were sent to another agent. Two tax payers also received agent copies relating to other tax payers.
All notices have been reissued and re sent with advice to discard notices that are not for the intended recipient.
Football Investors Identities Revealed Via DCMS Data Breach
The Department for Digital, Culture, Media and Sport (DCMS) confirmed data breach of hundreds of Football Index customers.
The breach occurred when an email was sent to more than 500 customers where the CC option was used as opposed to the BCC (blind carbon copy) option which would hide others copied into the email, therefore this exposed over 500 personal email addresses making those customer identifiable. The email surrounding the recent collapse of the gambling platform. In a response to those complains is how these customers became embroiled in the data breach.
A follow up email has been sent to those affected apologising for the recent copied in error asking for recipients to delete the email in question. It has not been highlighted if the breach has been reported to the ICO as of yet.
Merseyrail Ransomware Attack Withholding Employee and Customer Information
The ICO have been made aware of the incident which could affect Merseyrail’s employee’s and customers information. Mersyrail is a UK rail network that provides train service through sixty-eight stations in the Liverpool City Region in England.
The cyber-attack investigation has been launched after the cyber-criminals ‘Lockbit Ransomware Gang’ managed to operate the directors email sending an email to: BleepingComputer, various UK newspapers, and the staff of Merseyrail confirming the hack and providing evidence of the information they now withhold.
There is not an update to confirm if these details have been breached.