Cyber_Bytes - Issue 39

Published on 15 February 2022

Welcome to latest edition of Cyber_Bytes, our bi-weekly roundup of key developments in cyber, tech and evolving risks.

KP Snacks supply chain crunches to halt after ransomware attack

Food manufacturer KP Snacks is the latest victim of a major ransomware attack, with notorious Conti ransomware group taking responsibility. The attack is expected to have an impact on the company’s supply chain up until the end of March.

RPC Partner Richard Breavington has commented on the incident, (in an Insurance Times article found here) which is yet another example of how even some of the largest organisations can fall victim to ransomware attacks. He calls for all businesses to remain vigilant to this threat. Attacks such as these are a big threat to our increasingly digitally dependent society. There has never been a more important time to ensure that appropriate precautions are put in place.

Click here to read more.

The High Court decision in William Stadler v Currys Group Limited [2022] EWHC 160 (QB)

This case involved a consumer dispute on responsibility for the security of data stored on a smart television returned to a retailer for repair.

The Claimant returned a faulty smart television to Currys Group Limited (Currys), who subsequently sold it to a third-party company without carrying out a factory reset. The Claimant's Amazon account was still active on the smart television and was used by another individual to purchase a film. Currys offered the Claimant £200 in vouchers to compensate for his distress.

The Claimant brought a claim against Currys for misuse of private information, breach of confidence, negligence and breach of data protection legislation. In response, the Defendant applied for an order to strike out and/or summary judgement.

Although the court did not grant the Defendant their application, they did make useful comments regarding conduct and allocation of these types of minor data breach claims.

The court stated that in low-value and modest claims such as this one, it would be disproportionate to allow the claim to proceed in the High Court and that the matter should therefore be transferred to the County Court and a Small Claims Track. The Claimant's solicitors' strategy of pleading multiple causes of action was described by the Court as an unconvincing attempt to shoehorn the facts of the case into a tortious claim worthy of being heard in the High Court. This was held to be out of line with the obligation to ensure cases are justly and proportionately managed in accordance with the overriding objective.

The Court's decision sets a positive precedent for Defendants and adds to the roster of recent caselaw decisions which might help stem the compensation culture created by low-value data protection breach claims (see Warren v DSG Retails Limited, Lloyd v. Google, Johnson v. Eastlight Community Homes and Rolfe v Veale Wasbrough Vizards). Demonstrating that these types of data breach claims ought to proceed in the County Court and Small Claims Track will ensure that disproportionate costs are not incurred.

Click here to read the judgement in full.

Foreign Office target of 'serious cyber incident'

Following the accidental publication of a tender document on a government website, details have emerged of a serious cyber-security attack against the UK's Foreign, Commonwealth and Development Office. The attack was quickly detected, and it is not believed that any classified or highly sensitive material was accessed.

Government offices are frequently the target of cyber-espionage campaigns by other states seeking to access information about diplomacy and current events.

Despite the attack being quickly detected, the hackers have not yet been identified. For this reason, government bodies of the UK and the US remain on high alert for further cyber-attacks, especially given the risk of conflict in the Ukraine and current tensions with Russia.

Click here to read the BBC coverage of the incident.

New plans could mean tougher cybersecurity for SMEs

The UK Government has published a new policy proposal (please see here) outlining tough new cyber security standards to help protect British businesses.

Whilst many consider cyber security to be an issue for big corporations only, SMEs are also a prime target for cyber criminals. This is because SMEs might typically be less inclined to invest in the implementation of measures that could prevent an attack, making it in some cases easier for criminals to compromise their systems and gain access to data.

The new proposal introduces stricter standards that will help businesses (large and small) prevent cyber security risks. These range from new procurement rules to ensure that the public sector only buys services from firms with good cyber security, to making multi-factor authentication a legal requirement.

The proposal is unlikely to be implemented until the end of 2023 at the earliest. But an article by Startups, here, explores what SMEs can do in the meantime to protect themselves against the increasing threat of cyber-attacks.

Cybersecurity: 'To cripple UK, Putin does not need nuclear weapons'

Given the current tense political environment, it is feared that Russia may deploy further cyberattacks as part of their efforts to destabilise neighbouring Ukraine.

However, it is not just Ukraine that is at risk from Russian devised attacks. There are concerns that other countries, including the UK, may also be under threat. Due to the increased digitalization of its services, the UK public sector in particular is seen as a prime target for such attacks.

Whilst the UK has a new cybersecurity strategy in place, many experts believe that this needs to be revised and reformed in order to prevent and address any future attacks it may suffer.

Click here to read an article in City AM which explores this further.

Stay connected and subscribe to our latest insights and views 

Subscribe Here