December 23, 2020
December 23, 2020

Sorry, I don’t speak Legalese: Breach

What is a Breach? 

A breach is the act of someone breaking, or failing to observe, their legal obligations. A contract can be breached in whole or in part. 

In the case of a data breach, a trusted company can violate their legal obligations to a customer by having insufficient data security and not treating your data with the care it deserves. 

Personal Data Breaches

According to the General Data Protection Regulation (GDPR), a personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

Personal data only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question. Or those who can be indirectly identified from that information in combination with other information.

An individual is ‘identified’ or ‘identifiable’ if you can distinguish them from other individuals. The GDPR gives the following examples of ‘identifiers’:

  • Names
  • Addresses
  • Debit and Credit Card Numbers
  • CVVs

Personal data breaches can be categorised into:

  1. Confidentiality breach: Where there is an unauthorised or accidental disclosure of, or access to, personal data. This type of breach is most common with patients’ records.
  2. Availability breach:  Where there is an accidental or loss of access to, or destruction of, personal data. 
  3. Integrity breach: Where there is an unauthorised or accidental alteration of personal data.

All three categories can be involved in one single breach, depending upon the circumstances.

Three Famous Data Breaches

1. Marriott Hotels

A 2018 data breach by Marriott hotels led to the compromise of over 300 million guests’ personal data. Payment card numbers and expiry dates posed the most immediate risks, but passport numbers, dates of birth and email addresses were among other sensitive information left open to cyber attackers.  The ICO fined Marriott £99 million.  

2. Virgin Media

It was announced in 2020 that a Virgin Media database with more than 900,000 clients’ personal information was left unsecured for 10 months.  Phone numbers, email addresses and home addresses were easily accessed by third parties during the leak. A formal apology was offered, and an email was sent out to all victims affected, but no compensation was given. 

3. British Airways

The BA data breach took place in 2018, and it is estimated that it affected more than 420,000 people throughout the UK and the world.  Full names, debit and credit card numbers (including CVVs), addresses, and email addresses were among the personal data leaked. 

We are currently seeking justice for thousands of victims involved in the BA data breach.

How Can I Protect Myself from a Data Breach?

  1. Use strong and unique passwords for each of your accounts
  2. Create these strong passwords using a password generator
  3. Turn on dual-factor authentication for each account where it is offered
  4. Update your devices and ensure they are running the latest operating system versions
  5. Backup your data – turn on automatic backups where possible.

You can find out more, here. 

More Opinions

Tom Goodhead: Fighting the rise of predatory extractivism
Tom Goodhead joined experts and victims of environmental crimes in Brazil at Harvard University to discuss extractive industries.
Read More
Navigating Medical Treatment for Gender Dysphoria in Young People: Insights from the Cass Review April 2024
The Final Cass Report was published in April 2024, over three and a half years later and two years after her Interim Report was published. The purpose...
Read More
The Law and Economics of climate and ESG legal risk management
While environmental and governance strategies are nothing new, the field of ESG legal risk management is growing exponentially.
Read More