← Return to blog

The 10 Most Notorious Data Breaches That Have Hit the UK

Posted on May 05, 2017 by John Lynch

hacked.pngThere are thousands of data breaches and millions of records stolen each year, but some cyberattacks are larger and more newsworthy than others.

Here we take a look at some of the most infamous data breaches in recent UK cyber history.

1. Three – 2017

At the end of 2016, the mobile network Three had its customer upgrade database breached. However, in early March 2017, the attack it was revealed to be much worse than expected.

The database had been accessed using an employee login and customer names, phone numbers, addresses and dates of birth were stolen. Originally, Three claimed 133,827 of its 9 million customers had been affected, but that figure rose to more than 200,000.

2. Sports Direct – 2017

In September 2016, Sports Direct noticed its system had been compromised, however it wasn’t until December of the same year that the breach was made public. A cybercriminal had accessed the personal credentials of every Sports Direct employee (around 11,000) through an unpatched content management system on an open DNN platform.

Controversially, the company informed the Information Commissioner’s Office, but did not tell its staff.

3. Tesco Bank – 2016

Last year, Tesco Bank froze its online system when it was reported that 40,000 accounts had been compromised and 20,000 customers had money stolen from their accounts. The money was replaced out of the company’s pockets, but it has stayed quiet on what exactly happened.



4. Sage – 2016

Rumoured to be an insider attack, accounting and HR software firm Sage suffered a breach of employee data. Information belonging to 280 UK customers, who represent multiple individual users, were put at risk. The case is ongoing.

5. Kiddicare – 2016

When testing a new website in 2015, Kiddicare accidentally exposed its customer data – something that was revealed when customers started receiving unusual texts, including one to fill in an online survey.

Names, addresses and contact details of 800,000 people were accessed, but no financial information was stolen.

6. TalkTalk – 2015

In October 2015, it was reported that a proportion of TalkTalk’s four million customer records had been breached after hackers exploited a vulnerability on the company’s website. It was later revealed that 157,000 records had been compromised.

7. Moonpig – 2015

A researcher was able to take advantage of a software flaw in Moonpig’s Android app to gain access to any or all of the company’s three million customer records. This was quietly reported to the company immediately after detection, but 18 months later the vulnerability was made public knowledge as the company failed to take appropriate action.

8. Yahoo – 2013/2014

In one of the biggest recorded breaches of modern time, 500 million Yahoo accounts were affected in 2014. This came a year after Yahoo suffered another breach which leaked 1 bilion users’ names, email addresses and telephone numbers.

Although not a UK-based company, many of Yahoo’s customers are based in Great Britain. Unsurprisingly, Yahoo has seen numerous law suits since, and Verizon reduced its bid to buy the company from $4.8billion to just $350million.



9. Think W3 Limited – 2014

Holiday firm Think W3 Limited saw a huge breach which resulted in a hacker stealing 1,163,996 credit and debit card records using an SQL injection attack. An investigation was soon under away which resulted in the company being fined £150,000.

10. Mumsnet – 2014

In 2014, Mumsnet fell victim to the Heartbleed SSL software flaw and hackers gained access to many of the organisation’s 1.5million user accounts. Although a huge number of users were affected, data in these accounts was less sensitive than that involved in other breaches.
Securely Send Big Files and Prevent a Breach

Don’t let the failures of these major companies provide you with an excuse to slack on your cyber security. If you send big files or sensitive information across the country or internationally, then ensure your communications are protected using a secure messaging service like Cirius.

Read more:
How the UK is Closing the Cybersecurity Skills Gap
Everything You Need to Know About DDoS Attacks
What Is Automated Polymorphic Malware and Why You Don’t Want it?


← Return to blog


Recent Entries