A complete guide to claiming PFEW data breach compensation

Share on facebook
Share on twitter
Share on linkedin
Are you, or have you recently been, a police officer in England & Wales? If so, you could be owned significant data breach compensation following a 2019 Police Federation of England and Wales (PFEW) data breach. In this handy guide, our data protection experts set out everything you need to know about making a PFEW data breach compensation claim.

What happened in the PFEW data breach?

In 2019, cybercriminals potentially accessed the personal information of around 120,000 police officers. During a ransomware attack, several databases and servers were compromised and the PFEW lost control of its members’ data as the criminals locked the Federation out of its own systems. The result was a massive data breach.

Officers at all levels are affected, including constables, sergeants, inspectors, and chief inspectors.

Despite this incident happening years ago, the PFEW still has not admitted to its members why criminals were able to access its systems.

What data was compromised in the PFEW data breach?

The information potentially accessed by criminals in the PFEW hack includes:

  • The names, email addresses, NI numbers, ranks and serving forces of around 120,000 police officers at all levels up to chief inspector.
  • The names, addresses, email addresses, and some financial data of guests visiting the PFEW conference and hotel facilities in Leatherhead.
  • The names, addresses, National Insurance numbers, and bank details of members who requested PFEW assistance for any investigation, inquiry, or complaint.

The consequences of the PFEW data breach could be devastating

Police officers deserve to have the highest possible level of protection when it comes to their valuable personal data. Criminals could use this extremely sensitive information to cause serious harm. The impact of the PFEW’s data protection failure has had a significant effect on those affected, and the lack of care shown by the Federation after the incident has raised further questions about what happened.

Even if this information is never used, simply knowing that your sensitive details are in the hands of cybercriminals can cause considerable distress – especially given the nature of the job.

Is the PFEW at fault for the data breach?

While criminals are behind the attack, it is unlikely that they would have accessed the PFEW’s systems if sufficient and acceptable security measures had been in place.

Where personal and sensitive information is held, significant and robust processes must be in place to secure that data and prevent these attacks from being successful. On this occasion, this did not happen, so the PFEW must be held responsible.

By locking the PFEW out of its own systems and holding its members’ information to ransom, the breach resulted in a total loss of data control. This is a clear infringement of data protection laws.

To make matters worse, the PFEW did not notify everyone affected by the attack ‘without undue delay,’ as it is legally obliged to do. Instead, it took almost two weeks to inform the affected police officers. This subsequent lack of communications added to members’ worry after they eventually found out about the breach as it meant they were not given the opportunity to implement security measures, and their data was exposed for longer than was necessary.

Do you have a PFEW data breach claim?

Organisations like the Police Federation must treat your data lawfully and be held to account when they fail to meet their legal obligations.

You could have a PFEW data breach claim if any of the following apply:

  • You were a PFEW member in or prior to March 2019.
  • You stayed at the PFEW conference and hotel facilities in Leatherhead between 1 September 2018 and 9 March 2019.
  • You requested PFEW assistance for any investigation, inquiry, or complaint before March 2019.
  • The PFEW (either nationally or locally) contacted you to tell you that your data was compromised in this breach*.

*Those affected should have been contacted by the PFEW. However, if you suspect your data was compromised, and you have not been told that your information was breached, you can contact our data protection experts for help.

Is this breach being investigated?

A criminal investigation has been launched into the cyber-attack. The UK’s data protection regulator (the ICO) is also aware of the situation. However, while the ICO can impose fines on organisations that fail to meet their data protection requirements, it does not award compensation to victims.

How can officers claim compensation for the breach of their data?

If your details were compromised in this breach, you could be owed compensation.

Keller Lenkner UK is helping a significant number of Police Federation members who have been notified that they are affected by the data protection failure, and we can help you too.

  • Our data breach team includes some of the most skilled litigation lawyers in England and Wales.
  • We have the experience, diligence and means to fight our clients’ corner and win.
  • We are never afraid of a fight, and we are ready to take on the large, deep-pocket organisations that other law firms shy away from.
  • Used to winning for clients against well-funded opponents, we also have all the resources and expertise necessary to take on complicated data breach cases in complex multi-claimant and group actions.

We are representing police officers in this case on a no-win, no-fee basis to ensure they have access to the absolute best lawyers without worrying about legal fees.

Any members who wish to invite friends and colleagues to join this action can do so when signing up.


Contact Keller Lenkner UK’s expert data breach lawyers to discuss the Police Federation data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin