What is the Qdos security incident?

Qdos, a UK business insurance and employment status specialist, experienced a security incident affecting its mygoqdos.com web application. The incident involved unauthorized activity that resulted in an attacker successfully downloading customer personal information and sensitive business documents, exposing thousands of contractors' confidential data.

What type of data was exposed in the Qdos breach?

The exposed data includes personal customer account information (names, correspondence addresses, registered business addresses, email addresses, and contact details), insurance policy documents and schedules, IR35 service documents including contracts and compliance calculations, purchase-related documents such as invoices and credit notes, and business correspondence and communications.

How many people were affected by the Qdos data breach?

While Qdos confirmed that thousands of contractors' confidential data was exposed, the company has not disclosed the exact number of affected individuals. The investigation confirmed that customer personal information and sensitive business documents were successfully downloaded by the attacker.

Was the Qdos incident a ransomware attack?

No, Qdos has specifically stated that this was not a ransomware attack. However, the company has not disclosed the specific nature of the attack or the methods used by the unauthorized party to gain access to their systems.

What is Qdos doing to help affected customers?

Qdos is offering affected customers 12 months of free identity monitoring services to help protect them from potential identity theft or fraud. The company has also notified relevant regulatory authorities about the incident and conducted a thorough investigation with third-party cybersecurity experts.

What should Qdos customers do if they were affected?

Affected Qdos customers should take advantage of the free 12-month identity monitoring services being offered by the company. They should also monitor their accounts for suspicious activity, review their credit reports regularly, and be vigilant for phishing attempts or fraudulent communications that may reference their exposed personal information.

Has Qdos notified authorities about the security incident?

Yes, Qdos has notified the relevant regulatory authorities about the security incident as required. The company conducted its investigation with the assistance of third-party cybersecurity experts to ensure a thorough response to the breach.

Incident

UK contractor insurance company Qdos reports data breach exposing customer data

published: July 25, 2025

Learn More

Qdos, a UK business insurance and employment status specialist is reporting a security incident affecting its mygoqdos.com web application.

The security incident was discovered on June 19, 2025, when Qdos became aware of unauthorized activity on its mygoqdos.com web application platform. The company launched an investigation with the assistance of third-party cybersecurity experts. The investigation confirmed that an attacker successfully downloaded customer personal information and sensitive business documents, exposing thousands of contractors' confidential data including insurance policies and IR35 service documentation.

Exposed data includes

Personal customer account information including names, correspondence addresses, registered business addresses, email addresses, and contact details
Insurance policy documents and schedules
IR35 service documents including contracts, contract reviews, and IR35 compliance calculations
Purchase-related documents including invoices and credit notes
Business correspondence and communications

The nature of the attack and the number of affected individuals is not disclosed. Qdos claims that it was not a ransomware attack.

The company has notified relevant regulatory authorities and is offering affected customers 12 months of free identity monitoring services.

UK contractor insurance company Qdos reports data breach exposing customer data

Read More
South African Insurer Liberty Reports Data Breach
VIVA Health leaks data of nearly 5,000 Alabama …
UnitedHealthcare reports data breach impacting residents in multiple …
Delaware Life Insurance Company reports data breach after …
Pacific Guardian Life Insurance reports data breach, impacting …