Vet chain CVS reports cyberattack
One of the UK's largest vet groups has been targeted in a cyberattack.
CVS says the attack has caused disruption but hasn’t specified what data has been accessed.
It reported the incident to the Information Commissioner's Office and CVS said that it has securely restored most of its IT services.
Read on to find out what to do if your personal data is compromised.
CVS data breach
CVS owns 450 vet practices in the UK, but it's not yet known whether any personal data that it holds has been lost in last week's cyberattack.
If a company has lost your personal data, there are certain procedures it must follow, including informing you about the breach.
Personal data is anything that makes you identifiable. That could be:
- your name
- address
- email address.
Following a data breach, it's not uncommon for personal data to fall into the hands of scammers. Data can be sold on the dark web by criminals who want to steal people’s identities or target people with scams.
- Read more: what counts as personal data?
What should you do when there’s a data breach?
If a company whose services you use experiences a data breach, there are some actions you can take and potential threats to look out for.
1. Change your passwords
You should immediately change the passwords you use to log in to the company’s online services. If you use the same login info elsewhere, change the passwords for them too.
Read our advice on creating secure passwords.
2. Look at your credit file
Make sure to check your credit file for any unusual activity, such as accounts in your name that you don’t recognise, as this is a sign that your identity is being used by a fraudster.
You should also look at your bank statements for any transactions you don’t recognise, as that could indicate you’ve been the victim of fraud.
If you see any fraudulent activity, call your bank immediately using the number on the back of your bank card and report it to Action Fraud or call the police on 101 if you’re in Scotland.
3. Watch out for scams
Fraudsters can use the personal information gathered on you to attempt to scam you. So you might suddenly receive an influx of out of the blue calls, texts and emails that include malicious links. Watch out for any attempts to try to get you to move money into a safe account, pay an unexpected bill or to gather more personal information about you.
If a scammer manages to gather enough of your personal information, they could attempt to spear phish you, which is a personalised and much more convincing version of a generic phishing message or call.
- Read more: the latest scam alerts from Which?
4. Claim compensation
If a data breach causes you financial loss, damage or distress, you may be eligible to claim compensation from the company that was breached, under the Data Protection Act 2018 (GDPR).
You can do this by initially complaining to the company. You can also contact the ICO; it doesn’t award compensation or say how much compensation should be paid, but it can give an opinion on the situation to support your complaint.
You may also be able to escalate your case to the small claims court if you can’t reach a satisfactory resolution with the company which experienced the breach.
