Tech consultant to UK tech contractors Qdos acknowledges client data breach
In a recent development, Qdos, a UK-based specialist in business insurance and IR35 employment status services, has confirmed a data breach affecting some of its customers' personal information and documents related to insurance policies and IR35 services.
The breach involved unauthorized access to their web application, mygoqdos.com, which was detected on June 19, 2025, and reported publicly around July 24-25, 2025.
Key details of the breach and its impact include:
- Personal customer information and documents, such as contracts, contract reviews, IR35 calculations, invoices, and credit notes, may have been accessed or downloaded by the intruder.
- Crucially, credit card information, passports, drivers licenses, and any data related to insurance claim submissions were reportedly not collected, stored, or compromised.
Upon learning of the incident, Qdos CEO Seb Maley stated that immediate action was taken, including disabling customer access to the Qdos website and reinstating access on June 26.
The company launched an investigation with a third-party cybersecurity expert and notified relevant UK authorities, including the Information Commissioner’s Office (ICO), the Financial Conduct Authority (FCA), Action Fraud, and the National Cyber Security Centre (NCSC).
It was confirmed that the breach was not a ransomware attack but an unauthorized third-party data exfiltration incident. However, Qdos cannot confirm exactly which data or documents were accessed for each customer, indicating some ambiguity regarding the full extent of individual impact.
Personal data from customers' accounts, including name, correspondence address, email address, and contact information, may be affected. Contractors were assured that their policies remain in full effect and have not been impacted.
Qdos has yet to provide further updates on the investigation's progress or the potential consequences for those affected by the breach. It is advised for customers to remain vigilant and monitor their personal and financial information closely.
- The breach at Qdos, a UK-based provider of business insurance and IR35 employment status services, has highlighted the need for heightened AI-driven security measures in technology, particularly in financial sectors and general-news platforms.
- While Qdos confirmed that credit card information, passports, and drivers' licenses were not compromised, the data breach incident has raised concerns about the security of customers' personal information and documents, such as contracts, invoices, and credit notes, in databases.
- In an effort to maintain business operations and ensure customer privacy, Qdos has taken immediate action, launching an investigation with a third-party cybersecurity expert and notifying relevant authorities like the ICO, FCA, Action Fraud, and NCSC.
- As the investigation continues, it is crucial for those affected by the data breach to stay informed and vigilant, surveilling their personal and financial information to avoid potential crime-and-justice issues.
