In 2019, indoor go-karting company TeamSport – which operates racing circuits across the UK – suffered a significant data breach. As with most cases, this privacy violation was caused by human error and/or poor processes rather than cybercrime.
In a letter to former employees, the company admitted that a file was released in error. This file contained personal information relating to their previous employment with TeamSport.
The information violated in this privacy breach included names, titles, National Insurance numbers, employment dates, student loan deductions, tax codes, earnings, and tax information. As such this was an incredibly significant incident that has had a severe impact on many of those affected.
At Keller Lenkner UK, we have been pursuing a data breach compensation case against TeamSport. Here is a quick summary of what happened in this case.
What did TeamSport say about the data breach?
TeamSport apologised for the data breach and accepted that it did not keep the data as safe as it would have expected. The ICO was also notified (as is required by law).
While TeamSport said that the error was spotted promptly and that the recipient of the file deleted the information and did not disclose it to another party, we received several enquiries from people who were worried about what could happen with their personal and financial information after it had been exposed.
Indeed, while TeamSport said that it considered the risk involved to those affected by the data breach to be negligible, this has not been the case.
As in any data breach case, it can take months for the full implications and losses to become apparent. We have seen instances where the financial losses only start to occur three to six months later. What’s more, simply knowing that your details have been exposed can lead to anxiety and distress.
What did former employees need to do to protect themselves following the TeamSport Indoor Karting data breach?
At Keller Lenkner UK, we are experts in data breach cases, and we advised those affected by the TeamSport data breach to:
- Inform the Information Commissioner’s Office (ICO) about your concerns
- Contact their bank/credit card provider immediately if they were concerned their financial details had been exposed
- Keep an eye on their bank and credit card statements to see if there was anything they did not recognise
- Look out for any bills or emails showing goods or services they had not ordered
- Let the credit reference agencies know of any activity that was not down to them
- Register with the Cifas protective registration service.
- Beware of fraudsters attempting to gather additional personal information (phishing)
- Change their passwords on all accounts
Claiming compensation for the TeamSport Indoor Karting data breach
You have a right to claim compensation if you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act. This right applies to employees as well as customers.
In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, it is often the only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.
Those who have been affected by this breach should have been contacted by TeamSport. If you received this letter it is not too late to make a compensation claim with Keller Lenkner UK.