Reprimand issued to Levales Solicitors LLP (‘Levales’) in respect of Articles 32(1)(b) and 32(1)(d). A threat actor accessed Levales’ cloud-based server using legitimate credentials and subsequently published data on the dark web. The incident affected 8,234 UK individuals, of which 863 individuals were deemed at high risk because of the nature of the data involved. The investigation found Levales were not ensuring the ongoing confidentiality of its processing systems and did not implement appropriate organisational measures.