Equifax data hack
, ,

How much compensation could you receive following the Equifax data hack?

The investigation by the Financial Conduct Authority (FCA) into Equifax data hack is now drawing to a close. And, our data breach compensation solicitors are predicting that the regulator may well impose a financial penalty of millions of pounds.

So, if you think your data was put at risk because of the Equifax data breach, now is the time to start preparing your claim for compensation. But how much could you receive?

Well, while each case is different, it is expected that each person will be able to claim between £500 and £3,000.

 

Data stolen Likely compensation pay-out
Financial data £3,000
Email addresses £1,500
Other personal data £500 – £1,000

 

With 14 million customers affected in the UK alone, in addition to any fines imposed by the regulator, Equifax could find itself facing a compensation bill of millions of pounds. And that’s just this side of the Atlantic. The figures in the US could be even more staggering.

If Equifax is already being fined by the FCA, why do you still need to claim compensation?

The Equifax data breach compromised the personal information of 14 million customers, with 30,000 people having their email addresses stolen and 15,000 having their credit card details put at risk. The potential consequences of the breach include financial fraud, identify fraud, cyber-extortion and online harassment.

However, any fine given by the FCA will not go towards victims of the data breach. So, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

At Hayes Connor Solicitors our data breach compensation solicitors are ready to help victims of the Equifax data hack to claim compensation and get the payment they deserve. You can claim if you have lost out financially because of the hack, or if the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist).

To help you get the justice you deserve, we are launching a group action against Equifax. This strengthens your overall position and increases your chances of settlement or success at Court. What’s more, we are also providing no-win, no-fee funding arrangements in this case, and, if successful, we won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by the firm.

If you have been affected and want to join the group action, you can register your details here.

 

ticketmaster data breach
, ,

TICKETMASTER WAS WARNED ABOUT DATA HACK​

Earlier this week, Ticketmaster admitted to a huge data protection breach. The hack, which impacts thousands of people in the UK, compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. And, victims should now be looking to secure data breach compensation.

A delay in reporting

While Ticketmaster reported the issue to the Information Commissioner’s Office (ICO) – which it is required to do by law – it seems that the company was alerted to the breach back in early April, but failed to do anything about it. This delay is bound to be taken into consideration in any data breach compensation claim.

Worse, there are now reports that customers have been the victim of theft, with their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among other items). And digital bank Monzo believes that Ticketmaster is the link between these fraudulent transactions.

What happened?

According to Monzo, it warned Ticketmaster that something strange was going on two months before the business revealed its payment pages had been hacked. But, in responding to the bank’s concerns, Ticketmaster said that: “an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”

Defending its actions at that time, Ticketmaster is now blaming third-party supplier Inbenta for the security breach. And the failure did happen after Inbenta was infected with malicious software while having access to the Ticketmaster website.

Ticketmaster maintains that: “When a bank or credit card provider alerts us to suspicious activity it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf. In this case, there was an investigation, but there was no evidence that the issue originated with Ticketmaster.”

However, Inbenta has put the blame back with Ticketmaster. It claims the ticket-giant placed JavaScript on the payment pages it hosts, without Inbenta’sknowledge. It was this script that was abused by hackers. In a statement, Inbenta said: “Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability.”

With an ICO investigation now underway into the Ticketmaster data breach, whoever is to blame for this appalling data protection failure will no doubt have to pay a hefty fine. And, while the ICO does not award data breach compensation, our data breach solicitors can help you with that.

In addition to the initial negligence, Ticketmaster will also have to answer questions over why there was a delay in disclosing the breach.

What can you do to claim data breach compensation?

The data breach affects Ticketmaster, TicketWeb andthe resale website Get Me In!

UK customers who purchased, or attempted to buy, tickets between February and June 23 this year may be affected. As well as international customers who purchased, or tried to purchase, tickets between September 2017 and June 23.

Ticketmaster has said that it has informed those affected. But, while it has offered customers free security software, it has not provided data breach compensation.

However, it is clear that cybercriminals have access to this data and have already used it to carry our fraud, so more has to be done to hold Ticketmaster and any negligent third-party to account.

If you have been contacted by Ticketmaster and told that your details are at risk, you should make sure that by agreeing to any free offers, you are not inadvertently signing away your rights to make a data breach compensation claim.

As specialist data protection lawyers, we would urge anyone contacted to let us know. If you are a Ticketmaster or Get Me In user and you haven’t received an email make sure that you check your junk mail folder. If you have received an email, get in touch. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

, ,

Ticketmaster admits serious data breach

Ticketmaster has admitted a huge data protection breach and revealed that the personal information of thousands of UK customers is now at risk. The data protection breach happened after a supplier to Ticketmaster was infected with malicious software while having access to the Ticketmaster website. The breach also affects customers of TicketWeb and the resale website Get Me In! Both of which are owned by Ticketmaster.
The company will have to face questions over whether there was a delay in disclosing the breach, as it has been revealed that some UK banks have known about the incident since early April.
The data hack involves both personal and payment information which can be used to carry out data theft and financial fraud. The data stolen includes names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.
According to the Guardian, “a number of Ticketmaster customers have already had fraudulent transactions debited from their accounts, with the fraudsters spending people’s cash on money transfer service Xendpay, Uber gift cards and Netflix, among other items”.
It appears that digital bank Monzo was the first to realise that its customers’ cards were being compromised and even identified Ticketmaster as the shared link in a spike in frauds. However, despite warning Ticketmaster of the issue, Monzo’s head of financial crime said that they “couldn’t get any traction” out of the company.
UK customers who purchased, or attempted to buy, tickets between February and June 23 this year may be affected as well as international customers who purchased, or tried to purchase, tickets between September 2017 and June 23.
Ticketmaster has said that it is working with the relevant authorities, as well as credit card companies and banks.
However, even though Ticketmaster has self-reported to the Information Commissioner’s Office (ICO), there are no reports of them notifying the police. However, we fully believe that the police should be informed, so it’s important that anyone affected lets them know (as well as letting the ICO know).
Find out more about reporting a cybercrime to the police.

So far, Ticketmaster has offered customers free security software but no monetary compensation. However, you should make sure that by agreeing to any free offers, you are not inadvertently signing away your rights to make a data protection act compensation claim.
In this case, it is likely that Ticketmaster (or its third-party associates) were negligent in safeguarding your data due to insufficient security systems. Just because they were a victim of a crime does not mean they are any less liable. They delay in reporting this issue makes the company’s failure even more severe.
Ticketmaster has said that it has informed those affected.

So, if you have received an email, we would urge anyone contacted to let us know and start a data protection compensation claim.

If you are a Ticketmaster, Get Me In or TicketWeb user and you haven’t received an email make sure that you check your junk mail folder.

If you have received an email, get in touch.

We’ll let you know what is happening in this case and if and when you can claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.
Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

data breach solicitors
, ,

How do you make a compensation claim against Equifax?

Industry experts are predicting that the Financial Conduct Authority’s (FCA) investigation into the Equifax data breach is now coming to an end. If the FCA finds Equifax guilty of not looking after consumer data with the necessary levels of care, this could open the floodgates to millions of compensation claims being made against Equifax.

So, what should you do if you think your data has been compromised because of the Equifax data hack? How do you make a claim against Equifax?

  1. If you are in any way concerned, contact the data breach compensation solicitors at Hayes Connor Solicitors and let us know. You can register your details here
  1. We will check if you have had your data breached (if the company has not written to you and admitted as much already)
  2. Once we have established that your data has been violated – and the extent of this failing – we can start the claims procedure on your behalf. Of course, we’ll only do this with your explicit agreement!
  3. Once you have registered with our data breach compensation solicitors, it’s important to keep a ‘diary’ or note of events since the hack. This will help us with your case. This includes things like whether your card been used without permission, if there are transactions that your bank has picked up that you haven’t made and if you are getting more ‘spam’ or junk email with your name on it
  4. You should also keep a note if you are anxious or worried by the thought of people being able to access your data
  5. When the results of the FCA investigation are revealed, we will make sure you are part of our group action against Equifax. With this group action claim, you and the other claimants collectively bring your cases to court against Equifax. Where circumstances are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

 

Read our FAQ’s to find out more and to add your details to our secure database. Our expert, friendly data breach compensation solicitors will advise you when you have a valid claim and will be pleased to answer any questions you might have.

We have already received an influx of queries from people whose data was put at risk by the credit reference agency. If you were affected, you could be entitled to up to several thousand pounds, so it’s important to act now.

 

REGISTER NOW

equifax data hack compensation
, ,

Equifax data hack fine – does more still need to be done?

The Investigation into the Equifax data result in a financial penalty of £500,000.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

The Equifax data hack investigation

The Equifax data breach compromised the personal information of million customers as hackers gained access to its systems. As a result, 30,000 people had their email addresses stolen and 15,000 had their credit card details put at risk.

The potential consequences of the breach include financial fraud, identify fraud, cyber-extortion and online harassment.

The Information Commissioner’s Office (ICO) investigation was carried out in parallel with the Financial Conduct Authority (FCA). While the FCA does not typically disclose whether it is looking into a company, it said it had chosen to confirm the existence of an investigation given the “public interest” in the case.

The investigation revealed multiple failures at the credit reference agency. For example:

  • Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data
  • Measures which should have been in place to manage the personal data were found to be inadequate and ineffective
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched.

HOLDING EQUIFAX TO ACCOUNT

While Equifax was the victim of a cyber-attack, it was responsible for protecting your personal information. But, despite the ICO’s investigation finding Equifax to blame for this appalling data protection failure, the ICO does not award data breach compensation.

So, while the fine is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

HOW CAN CYBERCRIMINALS USE YOUR PRIVATE DATA? 

In this case, along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following the Equifax data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

What should you do now?

At Hayes Connor Solicitors, our data breach solicitors are helping victims of the Equifax data hack to claim compensation and get the payment they deserve. In fact, since the breach, our data breach and cybercrime experts have witnessed an influx of queries from people who are concerned that their data may be at risk.

As a result we have launched a group action against Equifax.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

Why join our multi-party action?

Multi party actions give our clients more power against big businesses. This is because a group of people who have suffered the same or similar injuries due to the negligence of the same defendant (in this case Equifax) join together to claim for compensation. In short, it gives us strength in numbers.

Data breaches often have severe consequences for those affected so you could be entitled to significant compensation. Making a claim is simple and doing so sends a message to organisations everywhere that they must do more to protect their customers from identity and financial theft, and emotional distress.

NO WIN- NO FEE

We are also providing no-win, no-fee funding arrangements in this case, and, if successful, we won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Let our data breach solicitors help you

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by the firm. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

If you have been affected and want to join the group action, you can register your details here.

 

hayes connor solicitors
, ,

Can you make a data breach claim against Yahoo?

Yahoo has been fined £250,000 after 515,000 UK accounts were compromised. This comes following a sophisticated and persistent attack in 2014. The data protection hack led to user’s names, email addresses, telephone numbers, passwords and security information being stolen by cybercriminals.

Following the fine by the Information Commissioner’s Office (ICO), those affected should now consider a data breach claim against Yahoo.

What happened in this case?

In 2014, a Russian state-sponsored cyber-attack resulted in personal data being stolen from over 500m Yahoo user accounts worldwide. Despite evidence that the firm knew about the hack soon after it happened, the data breach wasn’t reported until September 2016.

What was the result of the investigation?

The investigation focused on UK accounts that were co-branded Sky and Yahoo, and which the London-based branch of Yahoo had responsibility for.

Following its inquiry, the ICO found that Yahoo had “failed to prevent” the hack. The ICO also condemned “inadequacies” that had been in place at Yahoo for some time without being “discovered or addressed”.

The investigation also found that:

  • The firm failed to ensure that its data processor complied with the appropriate data protection requirements
  • The firm failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed

According to an ICO spokesperson:

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

As a result, the watchdog imposed a £250,000 fine. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit.

What can you do?

The ICO has said that cyber-attacks are a fact of life, and that companies have to make it as difficult as possible for them to get in. That it is “no good locking the door if you leave the key under the mat.”

But, while the ICO has the power to impose fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. However, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

According to the ICO, Yahoo has informed those affected. If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Following massive data breaches, companies often set aside funds to pay compensation, so you have nothing to lose.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

dixons data breach
,

Dixons Carphone admits huge data breach

Dixons Carphone has admitted a huge data breach following a prolonged hacking attempt. The data hack involves 5.9 million payment cards and 1.2 million personal data records. The breach occurred following a number of attacks – carried out over a period of 12 months.

The personal data records compromised by the hackers includes information such as names, addresses and email addresses. All of which can be used to carry out data theft and fraud.

Also, while most of the cards had chip and pin protection, some105,000 non-EU issued cards did not have this technology. While the company has said there is no evidence that any of the cards had been fraudulently used, a full police investigation is now underway. The regulators have also been informed and it is thought that the breach could leave the company open to a large fine.

Alex Baldock, chief executive at Dixons Carphone said:

“We are extremely disappointed and sorry for any upset this may cause.

“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

A history of data protection failures

Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a whopping £400,000 following another cyber-attack. The fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO). In that breach, the personal data of over three million customers and 1,000 employees were put at risk. Including the historical payment card details for some 18,000 customers.

Find out more about the Carphone Warehouse breach here.

While Dixons Carphone claims that the two incidents are unrelated, the Information Commissioner (ICO) will now be looking very carefully at this latest failing.

What can you do?

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse and the merged Dixons Carphone should now be looking to claim compensation.

The company has said that it will be contacting those affected to advise them of the breach. We would urge anyone contacted to let us know and start a data protection compensation claim; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you are affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

data breach compensation
,

Does an organisation have to be fined by the ICO before you can make a data breach compensation claim?

The Information Commissioner’s Office (ICO) is an independent authority. Part of its job is to make sure that organisations across the UK keep our data safe. Every year, the ICO imposes fines on all kinds of businesses, government bodies and other parties that fail to do this. The ICO can also ensure that these organisations take steps to protect our data in future better.

But, while the ICO has the power to impose hefty fines, it does not award compensation to victims. That being said, you do have the right to ask the ICO to assess if an organisation has breached data protection legislation. And, once an organisation has been found guilty by the ICO, you can use that information to support a data protection compensation claim.

However, what many people don’t understand is that they can proceed with a data breach compensation claim even if the ICO has not investigated a breach, or found an organisation guilty of negligence.

This is important because, following the introduction of the GDPR (the latest EU-wide data protection legislation), the ICO is going to be busier than ever.

Data protection under the GDPR

Under the new rules, organisations have a greater responsibility towards protecting our data than ever before. And, experts predict that this could lead to an increase in data breach complaints. So the burden on the ICO is going to make it difficult for its officers to investigate every complaint as quickly as you might hope.

In fact, even before the legislation came into play last month, the ICO tweeted: “Sorry, we are extremely busy in the run up to GDPR & are experiencing unprecedented demand across all our services”. And, over the last few weeks, the ICO has also apologised for the “considerable” wait time on its helpline due to “high demand for our services”.

Making matters worse, according to reports, the ICO has only collected half of the data breach fines it has issued since 2010. Often because it doesn’t have the power it needs to enforce payment. So often these organisations are going unpunished for their failures.

So, what can you do if an organisation has failed to protect your data, but you don’t have the weight of the ICO behind you?

Making a private data breach compensation claim

You can make a compensation claim against a company without going to the ICO. When you make a private complaint, your case goes before a judge in a civil trial to seek recovery of any losses and the payment of compensation. Often these cases are settled out of court. Proceedings can be started quickly, without the uncertainty associated with whether the ICO will investigate the incident.

What’s more, even if you have already contacted the ICO about a potential breach, Hayes Connor Solicitors can still investigate your claim. We will work with the ICO to gather as much evidence as possible to help you succeed. But, where we don’t feel things are moving fast enough, or where we don’t agree with the findings of the ICO, we can still help you to pursue a private claim.

While each case will be judged on its merits, as experienced data breach lawyers, we can advise you on what you can include in your compensation claim and your chances of success. In most cases, the minimum level of damages to be sought at settlement stage would be between £750 and £1,000.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

data breach solicitors
, ,

Can you make a data breach claim against the Crown Prosecution Service?

In May this year, the Information Commissioner’s Office (ICO) issued a £325,000 fine following the loss of recorded police interviews by the Crown Prosecution Service (CPS). The DVDs contained interviews with 15 victims of child sex abuse and were to be used at trial.

Shockingly, the recordings were also unencrypted, and the failure to protect such sensitive information has led to concerns that a “loss in trust could influence victims’ willingness to report serious crimes”.

Such data breaches could also have severe consequences for those affected. So, victims should now be looking to make a data breach claim against the Crown Prosecution Service.

What happened in this case?

In November 2016, the DVDs were sent by tracked delivery from Guildford to Brighton for a trial. But, because the delivery was made outside of office hours, they were left at an office reception in a shared building.

The recordings, which were not sent in tamper-proof packaging, contained highly intimate and sensitive details of the victims, as well as the personal data of the perpetrator, and identified information about other individuals.

It was over a week before the loss was discovered and while the building’s entry doors were locked, deliveries that were left there could be accessed by anyone with admission to the building.

The DVDs and the information contained on them have not been found, so it is unclear what has happened to them and whether anyone has watched them.

To make matters worse, this is the second time that the CPS has failed to take necessary steps to protect sensitive data. In 2015, the CPS was fined £200,000 by the ICO after the theft of laptops containing videos of police interviews uncovered serious security failures by the government body.

What was the result of the latest investigation?

In its judgement, the ICO found that the CPS was negligent by failing to ensure that the videos were kept safe. The CPS was also accused of not taking into account the substantial distress that would be caused if the videos were lost.

Astonishingly the investigation also revealed that while encryption software is available to the CPS, it is not routinely used to protect such evidence.

As a result, as well as the £325,000 fine, the ICO ruled that, due to a lack of proper processes across the organisation, staff training within the CPS was needed immediately.

Stephen Eckersley, head of enforcement at the ICO, said:

“The CPS failed to take basic steps to protect the data of victims of serious sexual offences. Given the nature of the personal data, it should have been obvious that this information must be properly safeguarded, as its loss could cause substantial distress.

“The CPS must take urgent action to demonstrate that it can be trusted with the most sensitive information.”

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by the CPS is particularly worrying as many of the victims were already vulnerable and had already endured significant distress during their interviews with the police. As such, the loss of these recordings is likely to cause considerable emotional anguish.

What’s more, while the CPS has said that it has now strengthened arrangements to prevent further incidents, its failure to do so following the last data protection breach highlights a shocking disregard for those people it should be protecting. The CPS simply did not make sure that appropriate care was taken to avoid similar breaches re-occurring.

The CPS was aware of the graphic and distressing nature of the personal data contained in the DVDs, but it was complacent in caring for that information and those it is supposed to protect. So it must be held to account.

Victims who had their data accessed were informed about the breach. And, while the CPS has offered to meet victims’ families to apologise, this does not cancel the right to proper compensation.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to make a data breach claim against the Crown Prosecution Service and claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM COMPLETE OUR CONTACT FORM.

make a data breach claim
, ,

Can you make a data breach claim against the British and Foreign Bible Society?

This month, the British and Foreign Bible Society was fined £100,000 for failing to protect the personal data of 417,000 of its supporters. Following an investigation by the Information Commissioner’s Office (ICO), it was revealed that the Society exposed these supporters to possible financial or identity fraud.

While the Society was a victim of a cyber-attack, this does not negate the fact that it failed to take appropriate steps to protect the personal data it was entrusted with.

With data breaches often causing significant distress for those affected, victims of the British and Foreign Bible Society data breach may now want to claim compensation.

What happened in this case?

Between November and December 2016, criminals exploited the weakness of the Society’s computer network – which used an easy-to-guess password – to access the personal data of its supporters.

Using ransomware to encrypt almost one million files, the data compromised included names and contact details, as well as payment card and bank account details for some. Fortunately for the Society, the data had recently been backed up, so it could not be held to ransom. But, many of the files were transferred, copied and extracted by the attacker.

What was the result of the investigation?

During its investigation, the ICO found that supporter details were kept on an insufficiently secured internal network which offered inappropriate remote access rights.

Commenting on the case, Steve Eckersley head of enforcement at the ICO said:

“The Bible Society failed to protect a significant amount of personal data and exposed its supporters to possible financial or identity fraud.

 “Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated.

 “Cyber-attacks will happen, that’s just a fact, and we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders.”

The British and Foreign Bible Society was fined £100,000 for breaching data protection legislation.

What can you do?

Today, many people choose to donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data. Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often such organisations are insured against such data breaches, so you don’t have to worry about the impact of the good work you support.

In this case, the ICO found that the Society’s failure was likely to cause substantial damage or distress to those supporters who had their data stolen.

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The Society has notified victims who have had their payment details stolen, but it is not clear if those who had other personal data put at risk were informed. However, modern cybercriminals are increasingly sophisticated and such information can be used to carry out identity theft and fraud, so it is vital you are told.

What’s more, it doesn’t matter if criminals haven’t used your data. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. If you are not sure if your information was compromised, we can find this out for you. We can also help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM COMPLETE OUR CONTACT FORM.