Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
What is This Claim About?
The U.K.’s Police Federation of England and Wales (PFEW) was hit by a cyberattack in March 2019. According to Data Breach Lawyers, nearly 120,000 police officers could have been affected by the data breach.
The Police Federation cyberattack happened 9 March 2019, but it was allegedly not disclosed to members until 21 March 2019.
Who’s Eligible?
You may qualify for the Police Federation cyberattack group action if you are a member of the organisation.
Fletchers Data Claims says the PFEW should have contacted all members who had data breached, but it is possible all of the nearly 120,000 officers had information taken. It is unclear how many members have been contacted by PFEW.
How Much Compensation Will I Receive?
If the Police Federation cyberattack group action is successful, eligible claimants will receive compensation in an amount to be determined by the Court.
How Do I Join?
If you believe you are eligible to join the group action, contact one of the representing law firms to find out how to file a claim.
The following law firms are participating:
Data Breach Lawyers
Fletchers Data Claims
Hayes Connor Solicitors
Irvings Law
Keller | Lenkner
More law firms may be added.
A group action has been launched in the U.K. for victims of the 2019 Police Federation of England and Wales cyberattack.
The PFEW was hit by a cyberattack in March 2019, according to Tech Crunch.
In a 21 March 2019 tweet, the Police Federation described the breach as a ransomware attack.
“We can confirm we have been subject to a malware attack on our computer systems,” the tweet said. “We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading.”
The Police Federation cyberattack occurred 9 March 2019 at the organisation’s Surrey headquarters. However, the ransomware attack was disclosed publicly on 21 March, according to Tech Crunch.
Many databases and email servers were encrypted in the Police Federation cyberattack, which caused some disturbance to the organisation’s services. The PFEW’s backup data was also deleted in the cyberattack.
In 2019, in the earliest stages of the cyberattack, the PFEW tweeted there was no evidence that data was taken from the system but it was possible, Tech Crunch reported.
The PFEW represents 119,000 police officers in 43 forces in England and Wales, but the Police Federation cyberattack only targeted the headquarters; none of the other U.K. branches were breached, Tech Crunch reported.
The National Crime Agency investigated the Police Federation cyberattack, and the organisation learned it was not a specific target of a hacker, but probably part of a bigger malware scheme.
Matt Walmsley, Vectra’s Europe, Middle East and Africa (EMEA) director, said ransomware is usually not a targeted attack — it is more “opportunistic in nature,” Infosecurity Magazine reported.
“Whether they had a regulatory or legal need to inform the ICO isn’t clear — particularly if there has been no data breach,” Walmsley said. “The launch of a criminal investigation may help salve anger and frustration but is unlikely to result in accurate attribution, never mind a conviction, even if they’ve called in their friends from the National Computer Crime Unit. However, their transparent reporting, even if it’s a number of days after the instance, should be commended for its candor. Defenses are imperfect, always.”
The PFEW reported the cyberattack to the U.K.’s data protection regulator on 11 March, in compliance with European law.
Tech Crunch reported in 2019 that the PFEW did not want to comment on the cyberattack because there was an ongoing investigation in the works.
The PFEW said in 2019 its BAE Systems’ Cyber Incident Response division was investigating the effects and extent of the malware attack, according to Silicon.co.uk.
Although the Police Federation cyberattack was immediately disclosed to authorities, many officers were irritated that the organisation took 12 days to inform its members. Many tweeted their complaints about how the PFEW handled the cyberattack.
“So this happened on 9th March and it is only now the 21st March that you tell your paying members?? Absolutely disgraceful handling by the federation,” Ronan Donohue tweeted on 21 March 2019.
“Law enforcement agencies such as the UK’s Police Federation should maintain regular and constant backups of important files and consistently verify that the backups can be restored,” Cybereason chief information security officer Israel Barak told Silicon.co.uk.
“Organisations should also educate their employees on refraining from downloading pirated software or paid software offered for ‘free,’ as humans are the single biggest asset cyber criminals have in extorting money from businesses,” Barak said. “Lastly, organisations should deploy advanced anti-ransomware technology to prevent the effective execution of ransomware and help to make cybercrime a less profitable and attractive business.”
