In March 2020, a hacker group targeted Hammersmith Medicines Research (HMR) and got access to some extremely sensitive and confidential private data. As a result of the privacy violation, the hackers managed to steal customer names, dates of birth, identity information, and some health information. The hackers may also have had access to bank details. These details can be used by cybercriminals to commit further crimes – including data theft and financial fraud.
At Keller Lenkner UK, we are helping victims of the HMR data breach to claim compensation and achieve justice. But many people still do not know if their personal data was involved in this privacy violation.
Our expert data protection lawyers explain how to find out if HMR breached your data, as well as answering some of the other frequently asked questions in this case.
What happened in the HMR data breach?
On 14th March 2020, the Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR).
HMR did not pay the ransom. In response to this refusal, the cyber gangsters published the personal and medical details of more than 2,300 former volunteer patients online.
What information was compromised in the data breach?
The extremely sensitive and confidential information exposed in this hack includes names and dates of birth, identity documents (scanned passport, National Insurance card, driving licence and/or visa documents, and any photographs taken at the screening visit), health questionnaires, consent forms, information from GPs and some test results (including, in a few cases only, positive tests for HIV, hepatitis, and drugs of abuse). The hackers may also have accessed bank details.
Who is affected by the data breach?
According to HMR, the published records were from some volunteers with surnames beginning with D, G, I or J. However, HMR admits that criminals might still have your data, even if your records weren’t among those published.
Am I at risk?
There is a real risk that anyone exposed in the data breach could see criminals use their stolen identity documents to commit fraud. An increase in phishing attempts is also likely. When a data breach occurs, stolen personal information can also be found for sale on the dark web. So victims of the Hammersmith Medicines Research data breach must be extra vigilant.
Am I at risk if my data wasn't published online?
The published records were from some volunteers with surnames beginning with D, G, I or J. However, even if your records weren’t among those that were published, the criminals might have stolen copies of them
How would I know if I am involved in this data breach?
Despite HMR contacting those affected, of those who have contacted Keller Lenkner UK about the breach, approximately 60% did not see this email notification or only became aware of it months later due to the email being directed into volunteers spam folder. Therefore, your information might have been compromised in the HMR data breach and you may not know it.
Worryingly, this means that cybercriminals could have access to your information, without you putting any security measures in place. If you are worried that your information has been exposed, you can check at DataProtection@hmrlondon.com.
Can Keller Lenkner UK find out if I am involved in this breach?
Yes, Keller Lenkner can make a data request to find this out for you. Simply sign up with us and we will contact HMR on your behalf.
Find out if you can make an HMR data breach claim.
How many people are affected by this breach?
With the stolen files likely to date back 20 years, our early investigations indicate that hundreds of thousands of people could be involved in the HMR data breach.
If I make a claim, will I put HMR out of business?
Some people are wary about making a data breach claim because they do not want to harm the organisation that breached their data. However, in a world that is increasingly digital, cyber-attacks are going to happen, so organisations such as HMR usually take out insurance to cover the risk of cybercrime.
How much does it cost to make a HMR claim?
Who is responsible for the data breach?
HMR was negligent in safeguarding your data due to insufficient security systems. Just because it was a victim of a crime does not mean it is any less liable.
Is this claim likely to be successful?
We cannot say for sure, but we believe that we have a strong case.