The payroll provider for the Ministry of Defence (MoD) has been breached by a large-scale cyber-attack, with armed forces staff members’ data accessed.
The hackers are believed to have been present in the system of the Ministry’s third-party contractor, Shared Services Connected Ltd (SSCL), for several weeks rather than a matter of days, as was originally thought.
An estimated 270,000 payroll records belonging to members of Britain’s armed forces have been exposed to the hackers. The data accessed is primarily names and bank details, and in other instances on a smaller scale, addresses and National Insurance numbers of current and former members of the army, navy and air force and reservists. Those whose home addresses have been identified as part of the hack are being notified as a priority.
Details of civil servants and members of the Royal Fleet Auxiliary are not affected by the cyber-attack.
While it is currently unclear if any data has been stolen or interfered with, investigations are ongoing to identify the full extent of the breach and the potential failings by the contractor. The MoD has also launched a full review, drawing on specialist external and Cabinet Office support and expertise.
Affected personnel are likely to be offered registration to a commercial data protection service, which will provide constant monitoring of personal data – notifying the user of any irregular activity.
What are my rights if I have been affected?
Under PII (Personal Identifiable Information) regulations, accessing sensitive information has the potential to put servicemen and servicewomen at high risk of fraudulent activity. To avoid this, organisations are required to be compliant with GDPR (General Data Protection Regulations).
In instances of a breach occurring, the organisation must report it to the ICO (Information Commissioner’s Office), and those affected within a reasonable time limit.
The ICO will focus its investigation on what prevention measures the organisation had in place. The less compliant an organisation has been, the higher the risk of being fined and suffering reputational damage.
Regardless of the outcome of the ICO’s investigation, GDPR gives those affected the right to claim compensation as a result of the organisation breaking data protection law. Data Breach Claims – Form. This includes both “material damage” (financial loss) or “non-material damage” (e.g. any distress they may have suffered).
Court proceedings can be costly and without the correct legal advice, claimants’ chances of success could be lower than those working with legal experts. Barings Law is currently taking on multiple data breach claims against organisations that have been hacked, or those who have sold data to third-party companies.
If your data has been stolen or sold, we will act on your behalf on a no-win no-fee basis.
All you need to do is click the button at the bottom of this article and fill in a quick form. From there our legal experts will assess your case to see if you have a valid claim, they will then make contact with you to get the ball rolling.
We wish to emphasise that our litigation action is NOT being carried out against the UK Government or the Ministry of Defence, but the civil contractors, Shared Services Connected Ltd, who failed in their duty to keep this data secure.
At Barings Law, your legal concerns are our top priority. Whether you need guidance on a complex legal matter or have questions about our services, our team is ready to assist you.
Copyright © 2024 Barings Law.
All rights reserved.