Employees Blame Their Employer For Data Theft

Uploaded on 2022-03-16 in FREE TO VIEW, BUSINESS-Services-Law

A sophisticated cyber attack at a midlands Mercedes dealership led to 'personal data of more than 100 staff being accessed', a data breach specialist law firm has claimed. 

The security breach has now prompted staff to take legal action against their employers.

Legal experts from Hayes Connor are conducting the legal action against Mercedes dealership LSH Auto, which has dealerships in Stockport and Bury, after failing to get any answers from the company about how the data had been breached and what had happened to it.

Staff from the Mercedes dealership LSH Auto, which has sites in Erdington and Solihull, have been affected and this 'security incident' that happened in June 2021.

But today specialist data breach law firm Hayes Connor confirmed the start of the group's legal flight. It includes both current workers at LSH’s eight dealerships and former members of staff. The 106-strong group were first contacted by bosses at the firm by letter more than six months ago which led to serious concerns among those affected. But Hayes Connor said that they "failed to get any answers from the company as to how their data had been breached and what happened to it."

A letter warned staff the business had suffered a "security incident" on June 3, last year, which “may have resulted in unauthorised access to your personal data”. It went on to say that the cyber attack was carried out by "unknown and unauthorised individual(s)."

Experts at Hayes Connor have been working with a growing number of people affected by the breach since then. The firm said the action was a bid to find out exactly how the cyber attack could have happened and what data had been accessed.

It is feared bank details, National Insurance numbers and other personal information could have been compromised in the attack. This, the group’s legal advisers say, has caused them "months of concern as they wait to find out more.

The initial letter caused huge concern amongst those affected," said Christine Sabino, a Legal Director from Hayes Connor. "Being told out of the blue that your data has been breached is worrying enough, but all of those affected still don’t know which data was accessed and what might have happened to it... Whether they still work for this dealership or not, every single one of our clients has a right to know exactly what went wrong here. LSH owes each and every person affected an explanation for this unnecessary distress and should say what they intend to do for them.”

The legal action raises important questions about the responibilty of employers to protect  private, highly personal information and the extent of their liabity when it is exposed or stolen.

Martyn Webb, the managing director at LSH Auto UK, said: “In June 2021, LSH Auto UK was the victim of a sophisticated cyber-attack contained to its UK business. We take the security of our systems and data extremely seriously, and so we immediately took action to protect our systems and engaged forensic specialists to investigate the incident... Our investigations concluded that there was no evidence that any potentially compromised data had been misused and the Information Commissioner’s Office subsequently confirmed that it would not be taking any further action.

“We are sorry this happened and the uncertainty that it caused, we take such matters seriously and have and continue to take all necessary steps to protect against cyber attacks.” Webb said. 

Birmingham  Mail:     Online News UK:    Cyber Security InsidersOlxpraca:     Image: Unsplash

You Might Also Read: 

Blame The Boss For Cyber Attacks:

 

« Hacker Behind Kaseya Ransomware Attack Extradited
Ukraine's 'IT Army' Risks Being Hijacked By Malware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

Totaljobs

Totaljobs

Totaljobs is the UK’s largest hiring platform. We have over 280,000 live jobs adverts on our site, helping you to find any type of job in any industry, including cybersecurity.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

Dazz

Dazz

Dazz is the cloud security remediation platform for smart security and development teams.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.