Mon-Thu 09:00-18:00 | Fri 09:00-17:00

Royal Mail data breach: technical glitch exposes customers’ information

The Royal Mail had to take down its Click & Drop service on the 1st of November after a data breach resulted in customers being able to see other users’ information.

At 1 pm, customers began to report seeing details of people’s orders, customer’s details, and business’s order history. The Royal Mail attributed the leak to a technical glitch.

The Royal Mail took the service down an hour later and released the statement:

“We have been made aware there was an issue affecting Click & Drop that meant some customers could see other customer’s orders. As a protective measure, we have stopped access to Click & Drop temporarily.”

They restored the service by 6 pm that evening. It’s designed to let users print labels, track their packages and pay for postage online.

The next day users took to Twitter to complain that the site still wasn’t working, and some people were charged twice for a label they never received.

Did the glitch breach data protection legislation?

The UK General Data Protection Regulation (UK GDPR) has seven principles, that all organisations that store data must adhere to. It was enshrined into law to keep your data safe and secure.

  1. Lawfulness, fairness and transparency
  2. Accuracy
  3. Confidentiality
  4. Accountability
  5. Limited storage
  6. Minimisation
  7. Limited use

If an organisation violates any of those principles and data is lost, exposed, or taken, the victim is eligible for compensation. The company will also need to inform the Information Commissioner’s Office (ICO), which will perform its own investigation.

However, the ICO did release a statement the day after the breach saying that the Royal Mail had not informed them of a breach. They further clarified there is no need for an organisation to report a data breach to them unless it poses “a risk to people’s rights and freedoms.”

If personal information leaked in the breach, such as names, addresses, or bank details, then the Royal Mail would be in breach of the UK GDPR. Failure to report the breach to ICO would therefore be unlawful.

Our team of data breach specialists can help you with your claim

If you’re concerned that your data may have been exposed in the Royal Mail breach, get in touch with us, and we can investigate on your behalf. Our solicitors are experts in data protection legislation and can help you get the compensation you deserve.

We understand that when you hand your personal information over to an organisation, you expect it to be kept safe and secure. If a company fails to adhere to GDPR, there can be serious financial and psychological consequences, which could entitle you to compensation.

We offer a no-win, no-fee service, so you won’t have to pay a penny until you receive your award.

To get started on your claim, get in touch with us today, either via our online claim form, calling us on 0151 668 0814 or sending us an email at enquiries@hnksolicitors.com.

Related Posts

Get in touch

Fill out the below form and one of our advisors will get in touch to arrange a consultation about your claim.

Recent Articles

Policeman and police motorcycle behind cordon tape at an accident or crime scene
Can I claim against the police?
March 22, 2024
Image of a person's legs lying on the floor next to a car. Car accident concept image.
HNK recover £99,700 for claimant injured during an attempted robbery on his vehicle
March 7, 2024
Photograph of two British transport police officers stood inside a train station.
Kent Police officer jailed for six months for inappropriate relationship with suspect
March 7, 2024
Call Us Claim Now