[imagesource: Sebastian Pociecha via Unsplash]

Unfortunately, data breaches are all too common in this day and age. Over the past few years, an untold number of organisations have failed to keep the personal details of their customers, partners, and employees secure, leading to high-profile cyber-security incidents and data breaches.

One such incident was the Guntrader data breach, which came to light in July 2021. Guntrader is a leading website for buying and selling shotguns and rifles in the UK, with thousands of customers using the site to trade their firearms.

In this post, we’ll be detailing the Guntrader data breach in full, as well as providing further insight into how the incident has continued to develop in the months since it first came to light.

What Initially Happened in the Guntrader Data Breach?

In the Guntrader data breach, the firearm dealer’s internal database was accessed by an unauthorised third party. The database in question was said to contain the details of around 110,000 users who were registered between 2016 and 2021. The details of the database were then published to the dark web, compromising the privacy, and security, of the customers whose data was exposed.

Guntrader’s initial response to the breach was to send out an urgent notice to their users, as well as contacting various authorities, such as the Information Commissioner’s Office (ICO) and National Crime Agency (NCA).

The database which was published on the dark web is said to have included names, mobile phone numbers, email addresses and geolocations. Payment logs were also included, but credit card information was not.

Of course, this particular data breach spawned several unique safety concerns for affected individuals. As gun ownership is tightly controlled in the UK, the point was quickly made that anyone whose data was exposed in the Guntrader data breach was at risk of being targeted by criminals.

The British Association for Shooting and Conservation (BASC) recognised this and published a statement on its website in response to the breach which read: “The National Crime Agency is aware of the issue and BASC is working with them to ensure we can update members as quickly as possible as the situation develops.

“Our advice to members would be to check home security and be extra vigilant.  Make sure all firearms are appropriately locked away and make sure buildings are kept secure.  Follow normal good crime security advice and report anything suspicious to the police.”

What Has Happened Since the Guntrader Data Breach Originally Took Place?

There have been a number of worrying developments to the Guntrader data breach since the story originally broke in July. At the start of September, it was discovered that an animal rights activist, who accessed the database through the dark web, published home addresses, postcodes, phone numbers, email addresses and IP addresses of Guntrader users in a blog post. The activist also asked his readers to contact as many Guntrader users as possible to ‘ask if they are involved in shooting animals’.

The data in question was dumped online as a Google Earth-compatible CSV file that pinpointed the addresses as likely firearm storage locations.

In response to this recent development, BASC has reminded the shooting community to remain vigilant around security and to report any concerns to the police. Google has also removed the CSV file from Google Drive that was linked to the blog.

What Will Happen Next in the Guntrader Data Breach?

Investigations into the Guntrader data breach are still ongoing, so there is no confirmation as to what the next steps are likely to be. The South West Regional Cyber Crime Unit is leading the criminal investigation into the incident and is being supported by various authorities such as the NCA and ICO.

Any organisation that holds personal data and fails to keep it secure – as was the case here – will firstly face disciplinary action in the form of a hefty fine. 

As an example of how seriously the ICO treats data breaches, British Airways were fined £183.4 million for infringements of the General Data Protection Regulation (GDPR). While the Guntrader data breach is not on the same scale as this example, it does demonstrate just how big a fine can be under certain circumstances.

Under normal circumstances, the fine that is issued will normally be a maximum of £20 million or 4% of the company’s global turnover – whichever is higher.

Guntrader will also have to contend with the fact that they could face plenty of compensation claims from affected customers.

If an individual’s data is compromised due to an organisation’s failure to keep it secure, they will likely be in a position to make a claim. This is true even if that individual did not suffer any direct financial loss – the stress and uncertainty associated with losing data often evidence enough.

What Should Guntrader Users Do Next?

If you’re a Guntrader user and you have been contacted to inform you that your data was compromised – or you have strong reason to believe that this is the case – there are a number of simple steps to take to stay safe and to avoid your data being misused.

If you’re concerned about your physical safety, it’s important to get in touch with the police to voice your concerns. In addition to this, you can lockdown your accounts by changing your passwords, getting up to date security software and contacting your bank to ensure your financial details haven’t been compromised.

Are you Concerned About the Guntrader Data Breach?

In this post, we’ve covered the latest updates on the Guntrader data breach, as well as looking ahead to what might happen in the future as the case develops.

Do you have any particular concerns about the Guntrader data breach moving forwards? Feel free to leave a comment below so we can keep the discussion going!

Please be advised that this article is for general informational purposes only, and should not be used as a substitute for advice from a trained legal professional. Be sure to consult a lawyer/solicitor if you’re seeking advice on the law. We are not liable for risks or issues associated with using or acting upon the information on this site.