Her Majesty’s Prison and Probation Service (HMPPS) has revealed that during the 12 months prior to September 2021, they suffered 2,152 data breaches.
This finding comes following a Freedom of Information Act (FOIA) request submitted in September and fulfilled by the Ministry of Justice (MoJ). The HMPPS data breaches each reflect data lost, stolen, or otherwise accessed from a secure system without permission or authorisation.
CEL Solicitors is working with an HMPPS employee who suffered as part of one such data breach. HMPPS recently wrote to the employee to say there had been unauthorised access to the Justice Academy platform, the largest online community of justice and public sector staff. During this breach, their full name, staff identification information, email address, national insurance number, and details of where they work and with which department/agency was compromised, amongst other pieces of data.
Following the HMPPS Justice Academy data breach, the employee states that they had sought support, feeling that they were now at an increased risk due to the nature of their job. They requested access to an occupational health specialist to help with their increased stress and anxiety. This request was reportedly ignored.
Prison and Probation Service hit hard by data breaches
HMPPS is an executive agency, sponsored by the MoJ with the objective to “carry out sentences given by the courts, in custody and the community, and rehabilitate people in our care through education and employment”. To do this, HMPPS employs over 58,000 staff members across England and Wales.
An annual report (2020-21) from the MoJ highlights 16 “significant personal data-related incidents reported to the Information Commissioner’s Office (ICO)”, and is believed to have affected at least 5,476 people. The number of people affected by two ransomware incidents in October and December 2020 is unknown, meaning the actual number of affected individuals could be far higher.
While the protection of personally identifiable data ought to be the imperative of all employers, this is further expected when employees are working with and around dangerous individuals, as HMPPS staff frequently are.
It is natural for anybody to feel anxious and stressed about how their data might be used once it has fallen into the hands of criminals. This is only compounded when your day-to-day life already puts you at increased risk of being blackmailed and personally targeted by criminal groups.
With Russia launching cyber-attacks, is the UK at risk?
What should I do if my data has been breached?
If you believe that your data has been compromised, you will likely have already been informed by the company involved in the breach. Alternatively, you should contact the company yourself and ask for clarification.
If your data has indeed been compromised, you may be worried and stressed about how your data will be misused. Depending on the severity of the breach and the information involved, criminals may be able to contact, scam and threaten you. You may also be entitled to make a claim for compensation following a data breach – particularly if you have suffered stress, anxiety, or harm (either emotionally or financially) because of the breach.
Mark Montaldo, a director and data breach expert at CEL Solicitors, said: “Given the Justice Academy platform was accessed, by an unauthorised third party, it’s likely that many more justice and public sector staff, using the portal, have been affected by this data breach. Many, due to the sensitive nature of their work will be incredibly worried about their data getting into the wrong hands. I would therefore urge anyone who is concerned to get in touch to discuss what this could mean for them and what their rights are.”
