In the sprit of Halloween, we consider the horror that can be caused by increasingly sophisticated and frequent digital attacks on organisations. As recently as September 2025, Jaguar Land Rover (JLR) temporarily halted production across its three major UK plants following a significant cyber-attack that impacted over 30,000 employees and suppliers (read more about this in our blog The JLR cyber-attack: Data protection and resilience lessons). Incidents like this, on varying scales, are experienced across industries daily, despite organisations’ best efforts to prevent them.

At HewardMills, part of our role as a Data Protection Officer (DPO) is to help organisations respond to incidents efficiently and effectively whilst maintaining regulatory compliance. In doing so, we work with them to transform potential crises into opportunities to strengthen data protection practices and improve resilience and trust.

Here we share two realistic “cyber horror stories” that demonstrate how we use learnings from incidents and breaches to develop robust data governance.

1. The phishing link

An employee in the finance team at a multinational company receives a seemingly legitimate email from their CFO containing a link. Clicking the link leads them to enter their corporate credentials. Unfortunately, the employee has fallen victim to a phishing attack. The attackers use the stolen access token to infiltrate the company’s network, where they view a significant number of emails and download a small subset of files. The compromised mailbox contains highly sensitive business data, including contract information, invoice details, and internal commercial discussions.

Solution

As an outsourced DPO, our specialist team would coordinate a structured, rapid incident response. We can advise on revoking the stolen credentials, invalidating tokens, and provide objective verification of the attacker’s access. Working with specialist cyber forensics teams, we can also conduct an independent and comprehensive data breach assessment and provide guidance on any mandatory regulatory notification obligations, as well as work with PR teams on crisis communication strategies. Leveraging such breaches as a critical opportunity for learning and improvement, we can provide recommendations on strengthening key governance controls across an organisation’s key people, processes and technologies.

Outcomes:

  • Incidents are managed calmly and in full alignment with GDPR and other local notification requirements
  • Steps are taken preventing the impact of the cyber attack from escalating and potentially compromising other privileged user accounts
  • Management and board awareness of breach risks and mitigation steps are much improved
  • Organisational incident response coordination and reporting efficiency are significantly strengthened

 

2. An HR platform

A global organisation’s cyber team detects unauthorised login attempts to their HR platform from suspicious addresses. Investigations reveal that a bad actor has used employee credentials to access the platform. The breach compromises sensitive personal data including name, date of birth, personal email, and occupational health records. The incident, therefore, poses a high risk to the rights and freedoms of the impacted individuals.

Solution

As an outsourced DPO, HewardMills can support in immediately coordinating an incident response team. We can provide guidance on containment measures, including password resets, verification of the affected employee’s details, working with HR teams on appropriate and clear communications and support in implementation of multi-factor authentication. We can also coordinate global regulatory notifications in multiple languages and provide ongoing independent support on remediation plans.

Outcomes

  • The breach is reported within 72 hours in compliance with regulatory obligations
  • High-risk exposure to employees and impacted individuals is effectively contained
  • Key insights and actions are identified to strengthen access controls and implement better authentication across the HR platform

Why businesses should look to DPOs and privacy professionals for help

While data breaches may seem inevitable, effective preparation and guidance from DPOs and privacy professionals can significantly reduce risk and impact. DPOs play a critical role before, during, and after incidents:

  • Identifying vulnerabilities in systems, processes, and third-party integrations before an incident occurs
  • Establishing clear data handling, access control, and incident response policies aligned with GDPR and other relevant regulations
  • Conducting targeted training to prevent phishing, credential misuse, and other common threats
  • Leading structured responses, containing breaches, and advising on regulatory notifications
  • Leveraging lessons from incidents to enhance controls, monitoring, and organisational resilience

These stories illustrate that even well-prepared organisations can face cyber “horrors.” The key to mitigating the impact of breaches lies in structured incident response, strong governance, and proactive guidance from experienced DPOs and privacy professionals.

To discuss how we can help your business, contact us