Data Protection Breach Examples

What is a data breach?

A data breach is a term given to any breach of security that leads to accidental or unlawful loss, destruction, alteration, unauthorised disclosure or access to personal data.

Data breaches are more than just a hack of a database by a cybercriminal, they can often be the fault of organisations who do not have proper procedures or training in place to handle personal data.

Some examples of a data protection breach may include: confidential or personal information being sent to the wrong email address, an unauthorised person gaining access to a laptop without permission, or personal information being lost or corrupted by an organisation.

Personal data breach gdpr examples 

Read the examples below to see if any sound familiar to your case, or let us know about your case and we’ll help to determine if you have a valid claim.

GDPR breaches can take many forms, and can be much more than data simply being lost. From a broad perspective, they typically entail a breach of security resulting in personal data being accessed, lost, altered, disclosed or destroyed.

Read our overview of data breach examples below.

GDPR Data Protection Breach Examples

• Data breaches can be caused either accidentally or deliberately.
• Database hacking is an example of an unauthorised party gaining access to personal data. This could lead to a loss of availability or even alteration.
• Local authority and council breaches typically involve personal data being sent to the incorrect recipient, but can also include personal data being lost or stolen.
• Cardskimming and finance attacks are deliberate actions by third-parties, but data controllers/processors can also be at fault through their inaction.
• Clerical errors can be caused deliberately or accidentally by the controller, and often involve personal data being sent to the wrong recipient.
• Loss or compromise of electronic devices and can lead to further breaches related to 3rd party access, alteration and loss of availability.

What are the different categories of personal data breaches?

There are several types of data breaches that occur across a multitude of industries, below we’ve provided you with an explanation for each, including examples of recent and historic cases.

Database Hacking

Errors accounted for 21% of all data breaches in a study of over 41,686 security incidents conducted by Verizon, which is good evidence that many data protection breaches are not caused intentionally. However, they also found that 71% of breach were financially motivated, with 52% of all breaches involving hacking in some form. Hackers are becoming increasingly sophisticated in their attempts to crack valuable data stores and any organisation which holds some kind of personal data is now considered to be a target.

Local Authorities & Council Data Breach Examples

The Information Commissioner’s office has confirmed that there were 223 data breaches involving local governments in the UK in the final quarter of 2018 alone. The majority of these involved data being posted, faxed or emailed to the wrong incorrect participant, but also included loss or theft of paper work from an insecure location.

Local councils often deal with large amounts of highly sensitive data regarding their constituents, so the scope for damage can be considerable. Figures from the ICO highlight a failure to use BCC in emails as being a particular issue for authorities dealing with education and childcare.

Cardskimming & Finance Attacks

Unsurprisingly, the majority of breaches that take place involve the loss of financial data which leads to £190,000 a day being lost to victims from around the UK. Whether by sophisticated scams or intelligent hacking of payment systems, cyber criminals have proven themselves more than capable of compromising some of the world’s biggest brands. In some cases, hackers have been able to surreptitiously access booking systems and then skim personal details from users as they make their payments. In this circumstance, those responsible for the system would be at fault for not providing proper protection for their users.

Clerical Errors

Every industry involves some use of administration, which necessitates the storing of personal data. This data could relate to employees of the company, clients or beneficiaries of the organisation. Regardless of whom the data is connected to, those responsible for processing it can often be the ones responsible for accidentally breaching it. Clerical errors can include simple mistakes such as sending an email containing personal data to the wrong recipient, or a letter sent to the wrong address but can also include verbal disclosure of personal data and incorrect disposal of paperwork.

Loss Or Compromise of Mobile Electronic Devices

In a Mobile security report from Verizon, 671 professionals responsible for the management of mobile devices within their organisations admitted to not protecting their assets as well as they would other devices. Whether by theft, loss or malicious attack, mobile electronic devices are vulnerable to more threats than their desktop counterparts and often contain valuable tranches of personal data. The ICO confirmed that there were 112 report of lost or stolen devices containing personal data in Q4 of 2018.

Examples: Glasgow City Council breach, Heathrow USB Stick breach

About Data Breach Help

Operated by Cobleys solicitors – one of the UK’s top law firms – we have experienced solicitors that are well-versed in every aspect of data breach law. Vastly experienced in data breach litigation, we have utilised our wealth of resources and knowledge to claim data protection breach compensation for a multitude of clients from both public and private organisations.

If you think that you’ve been affected by a data breach like one of the examples above, let us know and we might be able to help you secure compensation for your loss.