equifax data hack
, ,

What is a group action claim?

In 2015 – in the first group litigation of its kind in the UK – 5,518 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence. But what is a group action claim and can you join one?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also sometimes called class actions, collective redress actions, or multi-party actions. With a group action, this group of people (the Claimants) collectively bring their cases to court against a Defendant. These victims then fight together to achieve compensation in the High Court of Justice.

The benefits of group action claims

Group action claims are becoming far more common in the UK. Here are just some of the reasons why:

  • Strength in numbers. Starting a claim can be frightening, and it’s not unusual for people who have perfectly valid complaints to be put off due to the risks of going up against a large and well-resourced Defendant. Where cases are very similar, group actions can be a powerful tool and can redress the balance
  • Save on legal costs. By joining together, individuals can share the risks and costs of claiming compensation. Legal advice is also shared, so not everyone in the action needs to pay for their own solicitor
  • Help victims with smaller claims. Group actions provide a way for people with more modest cases (that may not justify legal fees) to claim the compensation they deserve. Often, solicitors will agree to take such cases on a no-win no-fee basis
  • You might not have to go to court. Usually, a Lead Test Case is started, and common issues are tried. The result of this case is then used as a precedent for other cases in the action; so every single claim doesn’t have to be taken to court.

Who can make a data protection group action claim?

In data breach cases, the Information Commissioner’s Office (ICO) investigates any reported breaches and has the power to impose hefty fines. If the ICO believes that an organisation broke the law, this information can be used in court to support a group action claim.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, and the ICO finds that the organisation did indeed break the law, you have a right to claim compensation. However, in many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

However, before you can join a group action, the court decides whether claims can be grouped together. Where approved, a group litigation order (GLO) is created which grants permission for group action proceedings to begin.

In many cases, people start to think about joining a group action before the court has issued a GLO, or even before an organisation has been found guilty and fined by the ICO. For example, at Hayes Connor Solicitors, having witnessed an influx of queries from clients who have received letters from Equifax informing them that their data may be at risk following the latest hack, we are currently building a secure database of victims who want to seek compensation for damages or distress suffered. If Equifax is fined, we will let people know when their claim for compensation can be made and help them get the compensation they deserve.

Does everyone in a group action claim get the same amount of compensation?

No. Just because your case is part of a group action doesn’t mean that you will receive the same amount of compensation as everyone else.

All claims within a group action are settled based on their merits, and, as with any case, the value of your claim depends on the extent of your suffering. So if your claim is successful, you will receive what you are owed.


data breach claims

Data breach victims. Does your distress matter?

At Hayes Connor Solicitors, we are preparing to launch group actions against a number of companies who must be held to account for their failure to protect our personal information.

Despite this, some people would have us believe that claiming for distress is an overreaction. That your psychological suffering and anguish doesn’t matter. That, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information stolen.

Luckily the law doesn’t look at things this way and recognises the amount of damage that can be caused by worry and upset.

Why distress is important

Being the victim of a crime can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

According to Victim Support: The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

What the law says

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, a recent case has recognised the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole all your photos or read your diary and private letters you would be distressed. So why should you feel any less upset at having your online memories taken – particularly when it looks like these companies gave the burglar the keys? And why shouldn’t you seek compensation for this failure to look after your information correctly?

Coping after a data breach or cyber crime

At Hayes Connor Solicitors, we are committed to helping those affected by cybercrime and data breaches. To do this, we regularly work with, and refer our clients to, other organisations and partners. This includes Victim Support.

The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents, last year Victim Support offered help to nearly a million victims of crime across the UK.

If you need assistance after a data breach, there are a number of resources on the Victim Support website to help you cope.

Don’t let them get away with it!

The sheer scale of the information we share with organisations and on social media is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this gets into the wrong hands. For example, with enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Something has to be done to make companies accountable for these losses and claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

How to make a compensation claim 

You can claim on your own, but, at Hayes Connor, we believe that the best way to make big companies pay for their failures is to use an expert lawyer. As such, we are preparing to launch a number of no-win, no-fee group action cases. These group actions allow people who have been affected to work together to strengthen their overall position and increase their chances of success.


Data Breach experts
, , ,

Facebook data breach latest: 200 apps suspended

Facebook has suspended around 200 apps as part of its ongoing investigations into the potential misuse of personal data following the Cambridge Analytica privacy scandal.

In an announcement on its website, the social media giant said: “We have large teams of internal and external experts working hard to investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data.”

Facebook is currently conducting a “comprehensive review” to identify every app that had access to large amounts of potentially sensitive data before it changed its policies in 2014.

While there is not as yet a publically available list of the 200 apps under investigation, Facebook has promised that if they discover that an app has misused data, it will be banned. It has also informed users that they can check whether they were affected here.

However at the time of writing, only “This Is Your Digital Life” – the app at the centre of the scandal – is listed on the tool. The other 200 apps have not yet been added.

To date, a whopping 87 million people are thought to be affected by the data breach. And the people who used the 200 suspended apps are likely to see this number increase even further. In fact, with more than nine million apps supported by Facebook six years ago, it is expected that the revelations about abusive apps have only just begun and that the final number of people affected will be staggering.

You can keep an eye on our website to be kept up-to-date with the latest Facebook data breach news as it happens.

cybercrime solicitors

Can you get your money back after a “push” fraud?

Last week, an article revealed the sad case of a widow who was conned into losing her mother’s care-home fees. In a highly-sophisticated cybercrime attack, the woman was defrauded of £20,000 in a so-called “push” scam.

What is push fraud?

Push fraud – also called authorised push payment (APP) scams – happen when criminals deceive individuals into sending them money. Because the victim believes the fraudster to be trustworthy and genuine, they authorise the handover of cash. The money is then quickly transferred by the fraudster to different accounts, often abroad, which makes getting it back almost impossible.

Common types of push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

While in many cases, the criminals involved might call hundreds of people in the hope of tricking someone, often these cybercrime scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them.

In this latest case, the criminal claimed to be from the Royal Bank of Scotland fraud team flagging up unusual transactions. The fraudsters ran through some security questions to extract the information they needed to access her online banking and rename her current account “frozen”. So, when the woman went to check via the proper channels, it did appear that her account had been locked. In a following call, she was then asked to move her balance to a new “protected” account. But when she called RBS to check the transfer went through okay, they knew nothing about it.

The rising problem of push fraud

The problem of transfer fraud is increasing in the UK. Indeed, according to consumer group Which? in the first two weeks after launching an online cybercrime reporting tool, more than 650 people came forward claiming a loss of over £5.5 million.

Overall, the latest official figures show that over £100 million was unknowingly handed over to criminals through push scams between January and June last year. Over this period around 17,000 people were victims of these scams, and they lost an average of £3,000 each.

How to protect yourself against push fraud

To keep you safe, UK Finance offers the following advice:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Don’t be rushed into handing over sensitive information, take the time to contact the company directly using a trusted email or phone number to check the request is genuine
  • Listen to your instincts. If something doesn’t feel right don’t be pressured into making a decision there and then
  • Never automatically click on a link in an unexpected email or text.

Are the banks liable?

According to the banks, they make it very clear that customers should never make a payment at the request of someone over the phone or email. So, while millions have been lost by unwitting victims, because the transfers were authorised, until now banks have been unable (or unwilling) to return nearly 74% of the money.

Don’t be fobbed off by the banks!

If you have been the victim of a push fraud and need help getting your money back, there is some good news. Under new plans, the regulator is coming down on the side of consumers and people tricked into transferring money directly to a fraudster can expect stronger protections.

A new industry code will be in place from September, helping victims of such scams to secure compensation. What this means in practice is that victims of push scams can be confident that any claim for reimbursement will be given fairer consideration.

If you want to claim compensation following a push payment scam or another type of cybercrime, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

 We can help you to claim compensation from the fraudster, your bank, and any organisation that may have put your data at risk (where this data was then used to facilitate a push scam).

Start your claim