Data Breach Help

Data Protection Breach Examples

By Lyndon Ashton on 11th December 2020 (updated: 28th January 2022)

What is a data breach?

A data breach is a term given to any breach of security that leads to accidental or unlawful loss, destruction, alteration, unauthorised disclosure or access to personal data.

Data breaches are more than just a hack of a database by a cybercriminal, they can often be the fault of organisations who do not have proper procedures or training in place to handle personal data.

Get in touch with us today if you think you’ve been affected by a data breach.

Get In Touch

Personal data breach gdpr examples 

Read the examples below to see if any sound familiar to your case, or let us know about your case and we’ll help to determine if you have a valid claim.

Example of data being breached

GDPR breaches can take many forms, and can be much more than data simply being lost. From a broad perspective, they typically entail a breach of security resulting in personal data being accessed, lost, altered, disclosed or destroyed.

Read our overview of data breach examples below.

GDPR Data Protection Breach Examples

  • Data breaches can be caused either accidentally or deliberately.
  • Database hacking is an example of an unauthorised party gaining access to personal data. This could lead to a loss of availability or even alteration.
  • Local authority and council breaches typically involve personal data being sent to the incorrect recipient, but can also include personal data being lost or stolen.
  • Cardskimming and finance attacks are deliberate actions by third-parties, but data controllers/processors can also be at fault through their inaction.
  • Clerical errors can be caused deliberately or accidentally by the controller, and often involve personal data being sent to the wrong recipient.
  • Loss or compromise of electronic devices and can lead to further breaches related to 3rd party access, alteration and loss of availability.

What are the different categories of personal data breaches?

There are several types of data breaches that occur across a multitude of industries, below we’ve provided you with an explanation for each, including examples of recent and historic cases.

Database Hacking

Errors accounted for 21% of all data breaches in a study of over 41,686 security incidents conducted by Verizon, which is good evidence that many data protection breaches are not caused intentionally. However, they also found that 71% of breach were financially motivated, with 52% of all breaches involving hacking in some form. Hackers are becoming increasingly sophisticated in their attempts to crack valuable data stores and any organisation which holds some kind of personal data is now considered to be a target.

Local Authorities & Council Data Breach Examples

The Information Commissioner’s office has confirmed that there were 223 data breaches involving local governments in the UK in the final quarter of 2018 alone. The majority of these involved data being posted, faxed or emailed to the wrong incorrect participant, but also included loss or theft of paper work from an insecure location.

Local councils often deal with large amounts of highly sensitive data regarding their constituents, so the scope for damage can be considerable. Figures from the ICO highlight a failure to use BCC in emails as being a particular issue for authorities dealing with education and childcare.

Local Authorities & Council Breach Examples

Cardskimming & Finance Attacks

Unsurprisingly, the majority of breaches that take place involve the loss of financial data which leads to £190,000 a day being lost to victims from around the UK. Whether by sophisticated scams or intelligent hacking of payment systems, cyber criminals have proven themselves more than capable of compromising some of the world’s biggest brands. In some cases, hackers have been able to surreptitiously access booking systems and then skim personal details from users as they make their payments. In this circumstance, those responsible for the system would be at fault for not providing proper protection for their users.

Clerical Errors

Every industry involves some use of administration, which necessitates the storing of personal data. This data could relate to employees of the company, clients or beneficiaries of the organisation. Regardless of whom the data is connected to, those responsible for processing it can often be the ones responsible for accidentally breaching it. Clerical errors can include simple mistakes such as sending an email containing personal data to the wrong recipient, or a letter sent to the wrong address but can also include verbal disclosure of personal data and incorrect disposal of paperwork.

Clerical Error Data Breach Examples 2020

Loss Or Compromise of Mobile Electronic Devices

In a Mobile security report from Verizon, 671 professionals responsible for the management of mobile devices within their organisations admitted to not protecting their assets as well as they would other devices. Whether by theft, loss or malicious attack, mobile electronic devices are vulnerable to more threats than their desktop counterparts and often contain valuable tranches of personal data. The ICO confirmed that there were 112 report of lost or stolen devices containing personal data in Q4 of 2018.

Examples: Glasgow City Council breach, Heathrow USB Stick breach

About Data Breach Help

Operated by Cobleys solicitors – one of the UK’s top law firms – we have experienced solicitors that are well-versed in every aspect of data breach law. Vastly experienced in data breach litigation, we have utilised our wealth of resources and knowledge to claim data protection breach compensation for a multitude of clients from both public and private organisations.

If you think that you’ve been affected by a data breach like one of the examples above, let us know and we might be able to help you secure compensation for your loss.

FAQs

What is a Data Protection Breach?

A data protection breach is a breach of security which has led to the personal data of an individual, or group of people, being unlawfully or accidentally destroyed, lost, altered, disclosed or accessed by an unauthorised party.

Breaches do not have to necessarily involve a hacker or cyber criminal, and can often include simple clerical errors made by office workers or administrators.

How soon should I be contacted about a Data Protection Breach?

You should be contacted within 72 hours of the breach taking place, although the organisation may contact the ICO first if the breach is considered to be ‘low risk’

The Information Commissioner’s Office (ICO) has laid down a guideline regarding the reporting of Data Protection Breaches, including how quickly an organisation should report one. Organisations of all sizes are required to report data breaches to the ICO without delay, but no later than 72 hours after becoming aware of it. If they do not give sufficient reasons for this delay then they could be subjected to a fine.

ICO guidelines state that organisations should inform individuals effected by a data breach as soon as possible. In the case where the breach is considered to be ‘high risk’ (when highly sensitive personal information has been breached), then priority should be given to informing the individuals effected. Informing those affected as soon as possible gives them the best chance to protect themselves from the effects of the breach.

Personal data breaches can cover a wide range of scenarios in both the commercial and private sector – learning what these can encompass and how they might manifest is crucial to preventing future breaches and recovering compensation from situations where you may be due remuneration. Keep reading to find out what a Data Protection Breach is and how they can take on many different forms.