equifax data hack
, ,

What is a group action claim?

If an organisation has failed to protect your personal data and breached any part of the Data Protection Act, you have a right to claim compensation. However, in many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action data breach claim.

In this jargon-free guide, we take a look at what a group action claim is, and how you can join one.

What is a group action claim?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also sometimes called class actions, collective redress actions, or multi-party actions. With a group action, this group of people (the Claimants) collectively bring their cases to court against a Defendant. These victims then fight together to achieve compensation in the High Court of Justice.

In 2015 – in the first group litigation of its kind in the UK – 5,518 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have had their email addresses stolen and data privacy violated.

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions.

In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

The benefits of group action claims

Group action claims are becoming far more common in the UK. Here are just some of the reasons why:

  • Strength in numbers. Starting a claim can be frightening, and it’s not unusual for people who have perfectly valid complaints to be put off due to the risks of going up against a large and well-resourced Defendant. Where cases are very similar, group actions can be a powerful tool and can redress the balance
  • Save on legal costs. By joining together, individuals can share the risks and costs of claiming compensation. Legal advice is also shared, so not everyone in the action needs to pay for their own solicitor
  • Help victims with smaller claims. Group actions provide a way for people with more modest cases (that may not justify legal fees) to claim the compensation they deserve. Often, solicitors will agree to take such cases on a no-win-no-fee basis
  • You might not have to go to court. Usually, a Lead Test Case is started, and common issues are tried. The result of this case is then used as a precedent for other cases in the action; so every single claim doesn’t have to be taken to court.

Who can make a group action claim?

In data breach cases, the Information Commissioner’s Office (ICO) investigates any reported breaches and has the power to impose hefty fines. If the ICO believes that an organisation broke the law, this information can be used in court to support a group action claim.

If you have suffered damage, distress, or a loss of privacy caused by an organisation breaching any part of the Data Protection Act, and the ICO finds that the organisation did indeed break the law, you have a right to claim compensation. However, in many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

However, before you can join a group action, the court decides whether claims can be grouped together. Where approved, a group litigation order (GLO) is created which grants permission for group action proceedings to begin.

In many cases, people start to think about joining a group action before the court has issued a GLO, or even before an organisation has been found guilty and fined by the ICO. For example, at Hayes Connor Solicitors, having witnessed an influx of queries from clients who have received letters from Equifax informing them that their data may be at risk following the latest hack, we are currently building a secure database of victims who want to seek compensation for damages or distress suffered. If Equifax is fined, we will let people know when their claim for compensation can be made and help them get the compensation they deserve.

Does everyone in a group action claim get the same amount of compensation?

No. Just because your case is part of a group action doesn’t mean that you will receive the same amount of compensation as everyone else.

All claims within a group action are settled based on their merits, and, as with any case, the value of your claim depends on the extent of your suffering. So if your claim is successful, you will receive what you are owed.

What can we claim for?

You can claim compensation if an organisation has failed to protect your personal data – regardless of whether or not you have suffered as a result of the breach. However, where you have experienced financial, medical harm, anguish or anxiety, we can make a more significant case. In group action cases we will claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress, anguish and anxiety. Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. Being the victim of a crime can have a significant impact on you mentally and physically.
  • Loss of privacy. You do not have to have experienced harm as a direct result of a data breach.  If a company does not protect your data in the way it is legally obliged to do, and you have suffered a loss of privacy, you can make a claim. For example, if your email address was stolen or otherwise put at risk.

There are no guidelines about how much compensation you can be awarded for a claim under the Data Protection Act. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.

Making a group action with Hayes Connor Solicitors

If you want to  join one of our group actions, contact Hayes Connor Solicitors ASAP. We’ll advise you on whether you have a valid claim, answer any questions you might have and go through your options with you. It goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.

Once we have established that your data has been breached – and the extent of this failing – we’ll start the claims procedure on your behalf. We’ll only do this with your explicit agreement

Once we have your permission we’ll investigate your case,  gather together the relevant paperwork and evidence, and make sure all the necessary court forms are filled in on time.

We will try to reach a settlement

Before taking your claim to court, the judge will want to know what steps you have taken to settle the claim. So, we’ll write to the offending person or company offering a settlement. The minimum amount of damages sought will depend on the nature of the injustice and the impact this had on you. If the claim includes substantial losses or harm, or the leak of personal, medical, financial or sensitive business information, the level of settlement required would increase. At Hayes Connor Solicitors we seek the maximum compensation possible on your behalf.

Going to Court

If the other party does not agree to our terms, and we fail to reach an agreement, we will write to them to tell them that we intend to take the matter to court. In many cases, including data breach cases where the company has already been fined by the ICO, these claims are taken seriously. Likewise, the costs of contesting a claim often far exceed the costs of settlement, so there is usually a willingness to pay a reduced amount rather than face larger costs and bad publicity.

If your group action case does go to court, you will need evidence to back up your claim, and we will work on establishing this for you. Where the company/individual has already admitted to a crime, or to breaching private data, or has already been found culpable, the chances of success are very strong.




data breach claims

Data breach victims. Does your distress matter?

At Hayes Connor Solicitors, we are preparing to launch group actions against a number of companies who must be held to account for their failure to protect our personal information.

Despite this, some people would have us believe that claiming for distress is an overreaction. That your psychological suffering and anguish doesn’t matter. That, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information stolen.

Luckily the law doesn’t look at things this way and recognises the amount of damage that can be caused by worry and upset.

Why distress is important

Being the victim of a crime can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

According to Victim Support: The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

What the law says

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, a recent case has recognised the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole all your photos or read your diary and private letters you would be distressed. So why should you feel any less upset at having your online memories taken – particularly when it looks like these companies gave the burglar the keys? And why shouldn’t you seek compensation for this failure to look after your information correctly?

Coping after a data breach or cyber crime

At Hayes Connor Solicitors, we are committed to helping those affected by cybercrime and data breaches. To do this, we regularly work with, and refer our clients to, other organisations and partners. This includes Victim Support.

The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents, last year Victim Support offered help to nearly a million victims of crime across the UK.

If you need assistance after a data breach, there are a number of resources on the Victim Support website to help you cope.

Don’t let them get away with it!

The sheer scale of the information we share with organisations and on social media is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this gets into the wrong hands. For example, with enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Something has to be done to make companies accountable for these losses and claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

How to make a compensation claim 

You can claim on your own, but, at Hayes Connor, we believe that the best way to make big companies pay for their failures is to use an expert lawyer. As such, we are preparing to launch a number of no-win, no-fee group action cases. These group actions allow people who have been affected to work together to strengthen their overall position and increase their chances of success.


Data Breach experts
, , ,

Facebook data breach latest: 200 apps suspended

Facebook has suspended around 200 apps as part of its ongoing investigations into the potential misuse of personal data following the Cambridge Analytica privacy scandal.

In an announcement on its website, the social media giant said: “We have large teams of internal and external experts working hard to investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data.”

Facebook is currently conducting a “comprehensive review” to identify every app that had access to large amounts of potentially sensitive data before it changed its policies in 2014.

While there is not as yet a publically available list of the 200 apps under investigation, Facebook has promised that if they discover that an app has misused data, it will be banned. It has also informed users that they can check whether they were affected here.

However at the time of writing, only “This Is Your Digital Life” – the app at the centre of the scandal – is listed on the tool. The other 200 apps have not yet been added.

To date, a whopping 87 million people are thought to be affected by the data breach. And the people who used the 200 suspended apps are likely to see this number increase even further. In fact, with more than nine million apps supported by Facebook six years ago, it is expected that the revelations about abusive apps have only just begun and that the final number of people affected will be staggering.

You can keep an eye on our website to be kept up-to-date with the latest Facebook data breach news as it happens.

cybercrime solicitors

Can you get your money back after a “push” fraud?

Last week, an article revealed the sad case of a widow who was conned into losing her mother’s care-home fees. In a highly-sophisticated cybercrime attack, the woman was defrauded of £20,000 in a so-called “push” scam.

What is push fraud?

Push fraud – also called authorised push payment (APP) scams – happen when criminals deceive individuals into sending them money. Because the victim believes the fraudster to be trustworthy and genuine, they authorise the handover of cash. The money is then quickly transferred by the fraudster to different accounts, often abroad, which makes getting it back almost impossible.

Common types of push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

While in many cases, the criminals involved might call hundreds of people in the hope of tricking someone, often these cybercrime scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them.

In this latest case, the criminal claimed to be from the Royal Bank of Scotland fraud team flagging up unusual transactions. The fraudsters ran through some security questions to extract the information they needed to access her online banking and rename her current account “frozen”. So, when the woman went to check via the proper channels, it did appear that her account had been locked. In a following call, she was then asked to move her balance to a new “protected” account. But when she called RBS to check the transfer went through okay, they knew nothing about it.

The rising problem of push fraud

The problem of transfer fraud is increasing in the UK. Indeed, according to consumer group Which? in the first two weeks after launching an online cybercrime reporting tool, more than 650 people came forward claiming a loss of over £5.5 million.

Overall, the latest official figures show that over £100 million was unknowingly handed over to criminals through push scams between January and June last year. Over this period around 17,000 people were victims of these scams, and they lost an average of £3,000 each.

How to protect yourself against push fraud

To keep you safe, UK Finance offers the following advice:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Don’t be rushed into handing over sensitive information, take the time to contact the company directly using a trusted email or phone number to check the request is genuine
  • Listen to your instincts. If something doesn’t feel right don’t be pressured into making a decision there and then
  • Never automatically click on a link in an unexpected email or text.

Are the banks liable?

According to the banks, they make it very clear that customers should never make a payment at the request of someone over the phone or email. So, while millions have been lost by unwitting victims, because the transfers were authorised, until now banks have been unable (or unwilling) to return nearly 74% of the money.

Don’t be fobbed off by the banks!

If you have been the victim of a push fraud and need help getting your money back, there is some good news. Under new plans, the regulator is coming down on the side of consumers and people tricked into transferring money directly to a fraudster can expect stronger protections.

A new industry code will be in place from September, helping victims of such scams to secure compensation. What this means in practice is that victims of push scams can be confident that any claim for reimbursement will be given fairer consideration.

If you want to claim compensation following a push payment scam or another type of cybercrime, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

 We can help you to claim compensation from the fraudster, your bank, and any organisation that may have put your data at risk (where this data was then used to facilitate a push scam).

Start your claim

We are also considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.