Jul32025
AdviceNews qantas cyber attack

Qantas Cyber Attack: Personal Data of up to 6 million Customers Exposed

Advice, News

Qantas, Australia’s largest airline, is the latest company to be targeted in a major cyber attack.
On Monday, 30th June, Quantas detected unusual activity on a third-party platform used by its contact centre in the Philippines. That platform holds the records of 6 million customers, which include names, email addresses, phone numbers, dates of birth, and frequent flyer numbers. However, it does not store payment information, personal financial information or passport details.

READ MORE
Jun252025
AdviceGDPRNews The Data (Use and Access) Act

The Data (Use and Access) Act: What Impact Will It Have On Organisations?

Advice, GDPR, News

The Data (Use and Access) Act 2025, first introduced in the House of Lords as the Data (Use and Access) Bill, has finally been granted royal ascent.
This Act aims to introduce amendments to UK data protection law, meaning that it isn’t a replacement for existing regulations, such as UK GDPR, The Data Protection Act 2018 and The Privacy and Electronic Communication Regulation 2003, rather it just makes them look a little different.

READ MORE
Jun242025
AdviceGDPRNews oxford city council cyber attack

Oxford City Council Hit By Cyber Attack: 21 Years of Election Worker Data Compromised

Advice, GDPR, News

Over the weekend of 7-8 June 2025, Oxford City Council was hit by a cyber attack targeting its legacy IT systems. The breach exposed personal data, such as names and contact details, of individuals involved in council-administered elections between 2001 and 2022. These mainly consisted of current or former council officers, including polling station staff and ballot counters.
No evidence has been found that the compromised data was shared externally or downloaded in bulk.

READ MORE
Jun202025
AdviceGDPRNews data (use and access) bill

Data (Use and Access) Bill Granted Royal Assent

Advice, GDPR, News

On 19th June 2025, the UK’s Data (Use and Access) Bill was granted Royal Assent and will now be known as The UK Data (Use and Access) Act 2025, or DUAA.
At this point, it is important to clarify The DUAA will amend the existing UK data protection laws, not replace them. This means, we will still have the three primary underlying laws; UK GDPR, Data Protection Act 2018 and PECR 2003.. they’ll just look a bit different.
Reforms to data protection legislation were first proposed by the Conservative Government, promising to “overhaul” data protection legislation post-Brexit.. the early version of these reforms were more radical – even abolishing the requirement for Data Protection Officers (DPOs).

READ MORE
Jun182025
AdviceGDPRNews 23andme cyber attack ico fine

23andMe Fined £2.3 Million By Regulators Following Cyber Attack

Advice, GDPR, News

The Information Commissioner’s Office, the independent supervisory authority for data protection in the UK, has fined 23andMe, a genetic testing service, £2.31 million following an investigation into a cyber attack that happened in 2023.
Between April and September 2023, an attacker carried out a credential stuffing attack, which exploited reused login credentials that were stolen from previous unrelated cyber attacks. Credential stuffing is when login details, usually stolen from another breach, are tried on different services, relying on users reusing the same passwords.

READ MORE
Jun122025
AdviceGDPRNews retailers cyber attack

Retailers: Why Are They So Often Targets Of Cyber Attacks?

Advice, GDPR, News

Over the past few months, a wave of cyber attacks has swept through the UK retail sector, disrupting some of the country’s largest brands. Adidas, Harrods, The Co-Op and most publicized due to the impact of the attack, Marks & Spencer, have all been targeted by cyber criminals, resulting in outages, data breaches and multi-million-pound losses.
But why are these retailers so frequently targeted by attackers? This blog post will explore the unique risks that retailers face, what we can learn from recent incidents and how the sector as a whole can protect itself from future attacks.

READ MORE
Jun42025
AdviceNews NHS England

NHS England Puts Pause on AI Project Following Concerns Over Use of GP Data

Advice, News

NHS England has made the decision to put a pause on their project to use GP data to train an artificial intelligence model, known as Foresight, following concerns raised by GP leaders. Foresight, the AI model with oversight from NHS England, is trained on de-identified NHS data from roughly 57 million patients in England. The purpose of the model is to predict potential health outcomes for patient groups across England, based on knowledge about the patient’s condition. NHS England has previously described it as working “like an auto-complete function for medical timelines”.

READ MORE
May282025
AdviceNews Data Security and Protection Toolkit

Marks & Spencer Cyber Attack Set To Cost £300 Million

Advice, News

Marks & Spencer are expecting a £300 million hit to their operating profits following a cyber attack that is expected to lead to disruption to online operations until July. While investigations into the incident are still ongoing, it is believed that the cyber attack, which has been blamed on ‘human error’, occurred after attackers tricked third-party IT helpdesk staff into giving them access to company systems. This is known as a ‘social engineering’ attack, where human error is relied on to gain unauthorised access to accounts and systems. In this case, it is believed that two IT logins were used as part of the attack.

READ MORE
May222025
LegislationAdviceNews The Data (Use and Access) Bill: Where do we stand right now? (May 2025)

The Data (Use and Access) Bill: Where do we stand right now? (May 2025)

Legislation, Advice, News

The Data (Use and Access) Bill, introduced in the House of Lords in October 2024 is a new piece of legislation proposed by the Government with the aim of cutting out much of the “red tape and pointless paperwork” that they feel are stopping businesses from using data effectively under GDPR. The primary aims of the bill are to grow the economy and improve public services.

READ MORE
May212025
News 23andme cyber attack ico fine

Legal Aid Cyber Attack: A Significant Amount Of Personal Data Stolen

News

In late April, it was revealed that the online digital services for Legal Aid, the Government agency responsible for providing legal funding, had been hit by a cyber attack. It was initially thought that the only systems compromised were the ones which allow Legal Aid providers to log the work that they complete and receive payments from the Government, but we now know that in addition to this, a significant amount of personal data, including contact details, addresses, dates of birth, criminal records, national ID numbers, employment status has also been compromised. It is estimated that roughly 2 million pieces of data are affected.

READ MORE
May202025
News A black and white snapshot the price of Bitcoin over time - a currency sold on Coinbase

Coinbase Cyber Attack – Personal Data Stolen In Cryptocurrency Exchange Cyber Attack

News

Coinbase, an American based cryptocurrency exchange has confirmed that following a cyber attack last week, customer data has been stolen. In a report to the United States Securities and Exchange Commission, Coinbase say that they received an email from an unknown actor claiming that had obtained information about certain Coinbase customer accounts and internal documentation regarding customer service and account management systems.

READ MORE
May192025
News Toyota Bank Polska Fined

Newcastle Based Sole Trader Fined £50,000 After Making Over 190,000 Unlawful Marketing Calls

News

The ICO have announced that they have taken enforcement action against Newcastle based sole trader Darian Bishop (trading as ECO4U) after it was found that they had made 194,110 unsolicited marketing calls to individuals who were registered with the Telephone Preference Service. This was picked up by the ICO in October 2023 after only 21 complaints to them and the TPS.

READ MORE
May142025
LegislationNews

The Data (Use and Access) Bill: What is the impact on charities?

Legislation, News

The UK Government has introduced an amendment to the Data (Use and Access) Bill, which will have a significant impact on the way that charities advertise fundraisers and activities. The amendment proposes that charities will be allowed to take advantage of the soft opt-in exemption for email and SMS marketing. Soft opt-in is the idea that if an individual has used one of your services recently and has given you their contact information, they are probably happy to receive marketing from you about services that haven’t specifically consented to. This is something that was previously reserved for profit-making organisations.

READ MORE
May82025
News Toyota Bank Polska Fined

Apple and Meta fined combined total of €700 million for breach of the Digital Markets Act

News

The European Commission, the body responsible for drafting proposals for new European legislation, has fined Apple €500 million and Meta €200 million for breaches of the Digital Markets Act. They found that Apple had breached its anti-steering obligations, and that Meta had breached its obligation to offer consumers the choice of a service which uses less of their personal data.

READ MORE
Apr302025
News

Co-op forced to shut down part of IT system following hack attempt

News

Following the discovery of an attempted hack, The Co-op have been forced to shut down parts of their IT system. On the 29th of April, a letter was sent out to members of staff that as part of measures taken to “keep systems safe”, access to some systems had been “pre-emptively withdrawn”. It is not expected that this’ll impact customers directly, with only back office and call centre services being slightly impacted.

READ MORE