BlogContributors

Lucy Harper

Lucy Harper

Investigative journalist

Who was affected, what went wrong, and who should be held accountable.

Lucy approaches cybersecurity from the human angle. She leads with the people affected: the owner who lost their savings, the employees whose data was exposed, the customers left in the dark. Names come before numbers.

She writes the Friday UK case study, structured like an investigation: what happened, how it happened, what the warning signs were, and what could have been done differently. She reconstructs the timeline and names the systemic failures, the vendor who ignored the vulnerability, the regulator who was too slow, the insurer who did not pay out.

She is empathetic but unflinching, and she is not sensationalist. She lets the facts carry the story and does not exaggerate beyond what the evidence supports.

16 articles by Lucy Harper

The Certificate That Made Things Worse: A Cyber Essentials Scope Drift Case Study

The Certificate That Made Things Worse: A Cyber Essentials Scope Drift Case Study

By the time anyone at Meridian Advisory noticed the problem, their Cyber Essentials certificate had been renewed four times. Each renewal had covered the same carefully defined scope: two office servers, the on-premises file share, and about fifteen managed laptops. By 2025, the actual business ran on Microsoft 365, a cloud-based CRM, a remote project management platform, and a VOIP system. None of those were in scope. When a credential-based breach exposed client financial data held in the CRM,

Read more →
What Happened to the 14 Million People the Currys’ Breach Left Behind

What Happened to the 14 Million People the Currys’ Breach Left Behind

Darren Warren asked for five thousand pounds for the distress of having his data stolen from Currys' tills. The High Court struck most of his claim out. Meanwhile, specialist law firms ran "Were you affected by the Currys breach?" campaigns, then quietly closed their books without any settlement. The Court of Appeal confirmed in February 2026 that DSG absolutely had a duty to protect that data. By then, most claimants' limitation periods had expired. This is the story of how 14 million people en

Read more →