Looking for a bit of advice, not sure if this is the right forum.

Just received a letter from a previous employer advising that they have been a victim of a cyber attack, and they have advised:

We have conducted a review of the files in question, and our investigations have shown that personal data of the following type relevant to your employment may include:

Name, DOB, Gender, Current and Former Address, Home and Mobile Number, Financial Information, NI Number, Salary Details, Pension Contributions, Medical Information, CV, Contract of Employment, Disciplinary/Absence Records.

They have given me a 12 month subscription to Transunion International UK Limited, and just suggested things to make sure that im not having finance or anything taken out in my name.

Just wondering if there is something more I should be doing? or if there is more that they should be doing?

I don’t think so, it’s an unfortunate modern life that we live in. Just be wary. You can put restrictions on your credit file report.

I expect some people would be all about complaints and compo.

1. Because it's not the launch codes.
2. Because in order to be usable ordinary business reasons, it can't be airgapped.

Organisations should take steps to protect data, especially PII, but ultimately the controls are only as good as they are.

I'm trying to imagine an HR person having to go through a persontrap into a faraday cage in a building with HGV and blastproof walls and armed guards just to get someone's national insurance number so they can process a P60 form.

I would report it so ICO know, they might join the dots if the previous employer hasn't and do something.

I would set expectations for ICO doing something to low.

My primary concern would be protecting myself, my credit history, etc. Did the company have any passwords that you have re-used anywhere else? If so I would change these as a priority.

I agree with that having been in a similar situation a few years ago. The company offered 12mths subscription to Experian but it's still live some time beyond that.

I had similar a year or so back, from a huge global I used to work for. Infuriatingly, it seems that they transferred all of my PII out to a 3P payroll company AFTER I left.

There's some sort of class action underway as a result of this, although unlikely to deliver any big payouts, I'm told. I've never claimed compo from anyone for anything before, but due to the way I was treated by them when I worked there, and their sheer ineptitude in their actions, and the fact that they have completely ignored requests from me for further information, I've added my name to the list. They were a fking awful company to work for (which is why I left).

I've already had two attempts to use my information fraudulently since it happened, fortunately both blocked by the providers.

Air gapped