I’ve heard that my previous employer has, last week,  been targeted  by hackers who have gained access to pretty much all  of the companies systems and are effectively holding the data to ransom looking for a payment.

Given that the company probably still holds a big chunk of my personal data in electronic form including  a copy of my passport, driving licence and bank details should I be doing anything to check that my data  hasn’t been potentially compromised by bad people?

I only have a glancing familiarity with  how GDPR works.

Any tips as to what, if anything, I should be doing about this?

It’s nothing to do with GDPR really, it’s a theft of personal information.

I’d be keeping an eye on my credit score/record (using something like Clear Score) and bank accounts to see if there’s any spurious transactions or applications for credit made, otherwise I wouldn’t worry too much

Gdpr requires the company to notify the ico very soon after they discover the breach, and also to notify individuals if it could impact their “rights and freedoms” which it could be argued would be the case if they’ve leaked your passport etc.

The hackers probably dont even have the data. It sounds like ransomware where the attacker gains access to a system then uses that to reach out over a period of time to the internal network then encrypts all the data drives. The ransom is for the decryption key.

If they’ve managed to get access to everything then it could end up being very expensive for them, not just in the ransom but in the post match analysis as well.

How long ago did you leave? Do you actually know if they still have your passport and D/L on file? It would be interesting to know if they have documented justification for keeping those once you are no longer an employee!

The reality is every hire car company, foreign hotel, and airline you’ve used has a copy of one or other of those (or at least the magic numbers from it) and so from a fraud perspective copies are relatively low risk. This is why ID checks usually require the original AND recent proof of address.

I left at the start of November and I’m 100% certain that they still have all that info stored.

I’m not actually that concerned but more curious as to what the potential implications might be.

I’d be more worried about being one of the prime suspects for the hack.