NOW: Pensions Data Breach – December 2020

NOW: Pensions is one of the biggest pension providers in the UK, providing tens of thousands of employers and millions of people with a pension throughout the country.

What caused this data breach?

In December 2020, the pension provider released a warning to affected members that their personal data had been accidentally posted to a public forum by one of their service partners.

The data breach took place between Friday 11th and Monday 14th December 2020, and occurred when one of NOW: Pensions service partners unintentionally posted members’ personal data to a public software forum.

The personal data exposed in the breach belonged to 2% of the approximately 1.8 million NOW: Pensions members, and included:

  • Names
  • Addresses
  • Birth dates
  • Email addresses
  • National Insurance numbers

This personal data was copied by a ‘small number of unknown parties’ before the data breach was picked up by NOW: Pensions.

NOW: Pensions made sure to inform the approximately 36,000 members of what had happened, however the fact that this breach was even made possible points to a lack of robust data protection procedures.

What did NOW: Pensions have to say about this?

Patrick Luthi, CEO of NOW: Pensions said this in his statement:

“Protecting our members’ personal data is of the utmost importance to us and we are taking this matter extremely seriously. We acted as soon as we were made aware of the issue.

Relevant members, fewer than 2% of our total membership, who are affected by this incident (the law sets out thresholds about this) have been sent communications setting out our current understanding of the situation and the steps we are taking to mitigate any risks to their data. We would ask those members to refer to that correspondence. We do not have any evidence that any members’ data is being used by unauthorised third parties.”

How could NOW: Pensions members be affected by this data breach?

The range of personal data that was exposed during this data breach was far-reaching and could easily have been used by criminals in order to conduct phishing scams, or to attempt access to banks, loans or other financial products.

The consequences of this could be significant financial loss, not to mention members’ credit rating being affected, which could have a further knock-on effect on financial status and eligibility for mortgage applications or loans.

What should you do if you were affected by the NOW: Pensions data breach?

If you have been affected by the NOW: Pensions data breach then you should have received a message from them informing you as such. The provider has offered a year’s free membership to Experian Identity Plus for all those affected by the breach, so that they’re notified of any fraudulent activities that may be taking place connected to their person.

If your personal data has been exposed in this breach, or a similar one, then you may be able to claim compensation. Get in touch with us today to find out if we can assist you with making a claim.