u/Far-Bass9895

The HR department at my employer was victim of a phishing scam. They sent my payslips to a scammer and manually changed the bank details on my HR account to reroute my pay after the scammer requested an update.

Luckily I caught the change to my bank details before payroll ran due to an automated system notifcation. But the payslips were sent as an attachment to the scammer. They were password protected, but the password was my date of birth. HR told the person who sent the email that the password was my DOB, so if they were able to find that, they would have been able to open the attachment. My payslips include my name, address, last four digits of my bank account, and my UK national insurance number.

What do i need to do to protect myself?

What are my rights in this situation?

I've been at my employer for 2.5 years.

The HR department at my employer was victim of a phishing scam. They sent my payslips to a scammer and manually changed the bank details on my HR account to reroute my pay after the scammer requested an update.

Luckily I caught the change to my bank details before payroll ran due to an automated system notifcation. But the payslips were sent as an attachment to the scammer. They were password protected, but the password was my date of birth. HR told the person who sent the email that the password was my DOB, so if they were able to find that, they would have been able to open the attachment. My payslips include my name, address, last four digits of my bank account, and my UK national insurance number.

What do i need to do to protect myself?

What are my rights in this situation?