In March 2020, Hammersmith Medicines Research (HMR) was targeted by hackers in a ransomware attack. The Maze ransomware group (which later announced that it was shutting down) managed to steal a wealth of information from HMR, including:
- Dates of birth
- Identity documents (scanned passport, National Insurance card, driving licence and/or visa documents, and any photographs taken at the screening visit)
- Health questionnaires
- Consent forms
- Information from GPs
- Some test results (including, in a few cases only, positive tests for HIV, hepatitis, and drugs of abuse).
The hackers may also have had access to bank details.
HMR refused to pay the ransom, and, in response, Maze published the personal and medical details of more than 2,300 former volunteer patients online. The published records were from volunteers with surnames beginning with D, G, I or J. However, even if your record was not among those made public, the criminals might still have stolen a copy of it. Indeed, with the stolen files likely to date back 20 years, our early investigations indicated that hundreds of thousands of people could be involved in the HMR data breach.
Did the HMR data breach put you at risk?
When a data breach occurs, stolen personal information is often found for sale on the dark web – often months after the initial violation. So, the data stolen in the Hammersmith Medicines Research breach could be used by cybercriminals to commit further crimes, including data theft and financial fraud, even if this has not already happened.
What can you do to uphold your data privacy rights?
On investigating this case, we discovered that HMR was negligent in safeguarding the personal data of its volunteers due to insufficient security systems. In response, we have helped many victims of the HMR data breach to secure compensation and achieve justice.
But many former HMR volunteers still do not know that their personal data was involved in this privacy violation.
In fact, despite HMR contacting some of those affected, of those who have contacted Keller Lenkner UK about the breach, approximately 60% have not received any confirmation of involvement from HMR.
So, your data could have been stolen in the HMR data breach and not know it.
Worryingly, this means that cybercriminals could have access to your information without you having the opportunity to put any security measures in place.
To find out if your information was exposed in this breach, contact HMR at DataProtection@hmrlondon.com. You have a legal right to ask for this information, and HMR cannot refuse this request.
Keller Lenkner UK can find out if you are involved in the HMR breach
Alternatively, to find out if your data was compromised in the HMR hack, Keller Lenkner UK can make a data request for you. Simply sign up with us, and we will contact HMR on your behalf. We will not charge you to make this request, and we are taking on all HMR claims on a no-win, no-fee basis.
Register with Keller Lenkner UK to find out how we can help you claim compensation in our no-win, no-fee case.