Cybersecurity and data breaches

We provide strategic advice in relation to data privacy incident management and information security.

  • Advised a global payments fintech on incident response and management in relation to a personal data breach.
  • Advised a fund on a data breach resulting from a cyber-attack made against the client's outsourced HR and payroll provider, by ensuring that they were in compliance with their notification obligations under the UK GDPR, and coordinating with an independent technical expert to formulate a robust response to the breach and ensure that the risk to our clients' systems was limited.
  • Advised on its response to a data breach incident affecting members of its pension scheme.
  • Advised on data breaches suffered by several of its overseas offices when an unknown attacker exfiltrated files containing personal data, by ensuring that they were in compliance with their local regulatory and notification obligations according to the types of data impacted.
  • Advised a listed financial services provider in relation to a data breach of a payment platform operated by the client, where hackers had gained unauthorised access to the personal data of customers of over 5,000 merchants. This included advising on all aspects of incident response and potential disputes with third parties.
  • Advised a financial institution on a data breach which resulted in hackers gaining unauthorised access to sensitive personal data. This included advising on making relevant notifications to affected data subjects, the ICO, insurers and the police.
  • Advised a food retail company on a customer complaint to the ICO, alleging a breach of data protection law. This included corresponding with the ICO regarding the steps the client had taken to address the issue, with the result that the complaint was taken no further.
  • Advised a well-known Japanese company in relation to a data breach and the loss of customers' details.
  • Advised a financial institution in Hong Kong on a data breach incident allegedly caused by the negligence of a third party service provider.
  • Advised an investment management firm on the data privacy issues of remote working cyber security penetration testing in the DIFC.
  • Advised multiple clients on sanctions for alleged unlawful disclosures or use of data, confidential information and trade secrets under the UAE federal laws.
  • Advised a private equity fund on a data breach suffered by an investee company which resulted in hackers gaining unauthorised access to personal data, including addresses and bank details, of various parties, including investors in the company.