Lawyers are seeking a “group litigation order” against the Police Federation (PFEW) over a 2019 ransomware breach which they say may have impacted 120,000 officers.
Keller Lenkner UK said it served notice this week to the staff association for police constables, sergeants, inspectors and chief inspectors in England and Wales. It intends to seek the order from the High Court in early 2022.
As reported by Infosecurity at the time, the PFEW’s IT systems were first hit on March 9 2019, and then again ten days later.
It claimed that several databases and systems at its Surrey headquarters had been affected.
“Back-up data has been deleted and has been encrypted and became inaccessible. Email services were disabled and files were inaccessible,” an FAQ statement noted.
Although the attack was halted before it could spread to any regional branches across the country, Keller Lenkner claims that the federation did not have adequate data security processes.
This may have led to personal and financial data theft from members. The law firm is also alleging that the PFEW didn’t inform members until a fortnight after the breach, despite GDPR obligations to the contrary.
Group litigation orders are the UK’s equivalent of a US class action suit. However, unlike class actions, where affected parties are included in the suit unless they opt-out, the UK version requires potential litigants to opt-in proactively.
Therefore, each case will be judged on its own merits, but Keller Lenkner said it is looking into pursuing action around financial loss, distress, and loss of privacy for the breach victims.
It claimed that breached information included names, email addresses, national insurance (NI) numbers, ranks and serving forces of up to 120,000 officers, and names, addresses and email addresses of guests who visited the PFEW’s conference Leatherhead.
Also compromised were names, addresses, NI numbers and bank details of members who requested the federation’s assistance for “any investigation, inquiry or complaint.