fbpx

Police Federation Data Breach Claims

Around 120,000 police officers affected.

Are you one of them?

If so, our group action can help.

Get justice for the Police Federation data breach

In 2019, The Police Federation of England and Wales (PFEW) suffered a severe data breach following a ransomware cyber-attack hit the PFEW headquarters.

What did the compromised information include? 

  • The names, email addresses, NI numbers, ranks and serving forces of around 120,000 police officers at all levels up to the rank of chief inspector.
  • The names, addresses and email addresses of guests who visited the PFEW conference and hotel facilities in Leatherhead. Some guests may also have had their financial details put at risk.
  • The names, addresses, National Insurance numbers, and bank details of members who requested PFEW assistance for any investigation, inquiry or complaint.

Keller Lenkner UK has launched a group action against the Police Federation for this shocking privacy failure. Group actions can be a powerful tool and can have a bigger impact than a single claim.

IF YOU HAVE BEEN AFFECTED BY THE PFEW DATA BREACH, WE CAN HELP YOU MAKE A NO-WIN, NO-FEE CLAIM FOR COMPENSATION.

Why claim PFEW data breach compensation?

Hold the federation to account for failing to protect your private information.

 

Receive financial compensation for your losses.

 

Force the federation to implement better data security.

Holding the Police Federation to account


Simply knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. This is especially true for police officers. In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So the PFEW has questions to answer.

JOIN THE KELLER LENKNER UK DATA BREACH GROUP ACTION TO GET THE JUSTICE YOU DESERVE.
 

Talk to our expert data breach lawyers today on 0151 459 5850

Police Federation Data Breach Timeline


  • 9th March 2019. The Police Federation of England & Wales detected an attack on its computer systems.
  • 11th March 2019. The PFEW reported the incident to the Information Commissioner’s Office and the National Crime Agency.
  • 21 March 2019
    • Following the initial attack on its systems, the Police Federation of England and Wales (PFEW) was subjected to a multi-pronged, sustained cyber-attack. Early indications showed that the attack was different from the first and has affected the wider Federation network.
    • In a tweet, the PFEW confirmed that it had been subject to a malware attack. The PFEW said: “There is no evidence at this stage that any data was extracted from our systems but this cannot be discounted”.
    • Questions were raised about why it had taken the PFEW almost two weeks to inform the affected parties.

Latest News

WHAT IS A GROUP ACTION?

 

Find out more about making a group action claim for compensation against the PFEW.

WHAT DOES NO-WIN, NO-FEE MEAN?

 

What does no-win, no-fee actually mean and are there really no costs if you appoint us?

Why use Keller Lenkner UK to make a data breach, GDPR violation, or cybercrime claim?

JOIN OUR NO-WIN, NO-FEE POLICE FEDERATION GROUP ACTION

Your questions answered

 

See our answers to the FAQs we get asked about the PFEW data breach.

FAQs about the Police Federation data breach

What happened in the Police Federation data breach?

The Police Federation of England and Wales (PFEW) suffered a severe data breach across a number of its databases and servers. The violation occurred as a ransomware cyber-attack hit the PFEW headquarters.

When did the breach occur?

On 9th March 2019, the PFEW detected an attack on its computer systems. Following the initial attack on its systems, on the 21st March the Police Federation of England and Wales (PFEW) was subjected to a multi-pronged, sustained cyber-attack. Early indications showed that the attack was different from the first and affected the wider Federation network.

What is a ransomware attack?

Ransomware is a type of malicious software. Typically cybercriminals use ransomware to threaten to publish the victim’s data, or to block access to it unless a ransom is paid. Ransomware attacks are becoming more widespread.

As a result of the PFEW ransomware attack, there was some disruption to services and backup data was also deleted.

What police information could be at risk?
  • One database that has been affected holds the names, email addresses, NI numbers, ranks and serving forces of around 120,000 police officers at all levels up to the rank of chief inspector
  • A second violation involves a booking system for the PFEW conference and hotel facilities in Leatherhead. This includes the names, addresses and email addresses of guests who visited for leisure purposes. Some guests may also have had their financial details put at risk
  • The PFEW claims case management system has also been compromised.
Who is affected by the data breach?

Over 120,000 police officers have been exposed.

Also, any guests who stayed at the PFEW conference and hotel facilities in Leatherhead between 1 September 2018 and 9 March 2019 may also have had their details put at risk.

Any members who requested PFEW assistance for any investigation, inquiry or complaint could have had their name, address, National Insurance number, and bank details accessed.

How do I know if my data was involved?

By now those who have been affected should have been contacted.

How did the PFEW respond to the data breach?

It looks like the PFEW did not notify anyone who may have been affected by the attack ‘without undue delay,’ as they are bound to under GDPR. Instead, it took almost two weeks to inform the affected parties.

Is there an investigation into the data breach?

A criminal investigation has now been launched into the Police Federation cyber-attack. The Information Commissioner’s Office (ICO) – the UK’s data protection regulator – is also aware of the situation. However, while it has the power to impose hefty fines on organisations who fail to meet their data protection requirements, the ICO does not award compensation.

Why should I claim compensation for the Police Federation data breach?

Simply knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. This is especially true for police officers. And, if you have suffered damage or emotional upset caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. Crucially, in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So the PFEW has questions to answer.

How do I start a claim?

To become part of the PFEW group action, you will need to register with us. Doing this guarantees that you will form part of the compensation claims that will be lodged by the firm.

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.

Distress

GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.
 

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.

JOIN OUR NO-WIN, NO-FEE PFEW ACTION