CEL Solicitors is acting for employees of the Riverside Group after their personal and financial information was compromised in a serious data breach.

The Riverside Group, which is a registered social housing provider, wrote to its staff last year to notify them that their data had been breached. The data breach occurred after an employee, who no longer works for the company, sent employees’ personal and financial information to a personal email account.


What information was compromised in The Riverside Group data breach?

In a letter sent in January 2022, the Riverside Group Chief Executive Officer (CEO) – Carol Matthews – updated affected employees on what information had been compromised.

“From our investigation and analysis of the data involved, we are now able to provide you with more detail about your personal data that was impacted”. The Riverside Group CEO subsequently revealed a comprehensive list of data, including:

– Job role

– Employment information

– Location data

– Pay details

– Job Application

– Home address

– National Insurance (NI) number

– Pension information

– Tax code

– Payslips

– Email address

– Offence data (employment records)


What is the risk to employees?

The risk posed to employees, due to a data breach of this nature, is considerable. The Riverside Group claim to have “received assurances that the data was deleted and not disseminated any further”. However, it has subsequently offered its employees a 12-month membership to a credit and web monitoring service, which helps to detect identity theft.

Only recently, CEL Solicitors, which specialises in data breach claims, assisted a victim of the Salvation Army data breach who was subsequently targeted by fraudsters, who attempted to take out credit in their name.


Commenting on the Riverside Group data breach, Mark Montaldo, a director and data breach solicitor at CEL Solicitors, said: “Claims that the data wasn’t disseminated further will be of little comfort to employees without a cast-iron guarantee. Data, especially extensive personal and financial information, is a valuable commodity. In the wrong hands, it can be extremely lucrative to criminals, which will be most concerning to those affected. In addition to taking advantage of the free credit and web monitoring service, The Riverside Group employees should notify their bank of the data breach, keep an eye out for any unusual activity and be wary of any phishing attempts by potential scammers.”


With Russia launching cyber-attacks, is the UK at risk?


Was your data compromised in the Riverside Group Data Breach?

Victims of the Riverside Group data breach are advised to strengthen their passwords and keep a close eye on any accounts that may be accessible using their personal data. Likewise, extra care should be taken when it comes to phone calls and messages from banks and similar businesses that scammers typically impersonate.

It is the responsibility of the data holder (in this case, The Riverside Group) to ensure the information they hold is kept secure. As such, this incident constitutes a breach of the data protection act by an employer. The Riverside Group state that they are “continuing to investigate the root cause of this event”. They are also working on both their organisational and technical security measures to ensure this is not repeated.


If you are an employee of the Riverside Group and have reason to believe your data was compromised, then tell CEL on 0808 273 0900. You may be able to claim GDPR breach compensation. Importantly, compensation can be awarded even if you have not suffered any direct financial harm from the breach.
Skip to content