notjusthackers
, ,

Bank sends credit card statements to the wrong person

Financial crime is a hot topic at the moment, with stories about push payment fraud and takeover fraud leaving people worried about what could happen if they became the victim of a bank scam.

But in many cases, its human error rather than cybercrime that is the biggest cause of financial data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when a person’s financial information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a bank sent partial credit card statements to the wrong person. The information was sent to a completely different person to the account holder (our client), attached to the back of a bundle of documents she had requested.

Luckily, in this instance the woman who received our client’s statements was honest, and despite being a complete stranger she contacted him to let him know what had happened. She also reported the incident to her local branch, although she was not satisfied with how the bank proposed to deal with the matter. If such a simple error can be made, what’s to say it couldn’t happen to other customers?

As a direct response of this admin error, this data breach has caused considerable distress and worry to our client. He has now lost confidence in his bank and can’t be sure if his sensitive and personal data has been further breached.

Lessons learned

Banks, credit card providers and other financial institutions need to do more to protect sensitive financial data.

All too often staff are involved in such data breaches, so employee training and awareness must form a core part of any security strategy and measures.

If you are an employee of a financial organisation and want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that this doesn’t happen to you. Such steps could include things like additional data protection training, secure systems for storing information, checks and balances on systems generating correspondence, and measures to ensure that the correct information is being sent to customers.

This is especially important if you deal with sensitive financial information which could cause serious harm if it falls into the wrong hands.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, , ,

Is someone applying for credit in your name?

Earlier this week, an interview on the BBC’s Money Box programme revealed that companies you have never heard of could be searching your details on credit rating sites without your knowledge. This could mean that your details have been hacked and that scammers are using your information to apply for loans and carry out identity theft.

You can listen to the interview here (go to 17:53).

In the programme, a Money Box listener explained how he had signed up for alerts on his account following the massive data breach at Equifax in 2017. He did this to keep on top of his credit score.

Credit search alerts

The alerts are available as part of a paid for subscription service and, in October last year, he was notified about two searches on his credit reference data by insurance companies. However, the man had not applied for insurance, either directly or through a comparison website.

He then queried the searches with Equifax, asking how they could help him, but was not given a satisfactory answer.

This is very worrying. If someone does manage to steal your identity they could open bank accounts, obtain credit cards, take out loans or mobile phone contracts, buy things and even apply for a passport in your name. Ultimately this could lead to your finances, credit rating and reputation being harmed.

What can Equifax do?

Very little it would seem. In fact, when asked by Money Box what could be done in such a situation, Head of Customer Experience at Equifax, Lisa Hardstaff, said that it was up to the customer to talk to the companies doing the searches themselves, rather than to Equifax to sort it out.

What can you do to protect yourself?

Worryingly, this is not the first time we have heard of this happening. It is not unusual for an individual who has had their data stolen to find that someone goes on to apply for various finance such as bank accounts, credit cards, mobile phones and online shopping accounts in their name.

Even worse, in some cases when an individual tries to check their credit record following suspected fraud they may find that they are unable to because the scammer has already opened an account in their name.

In response to this issue, we would strongly recommend that you check your credit record to see if there are any searches that you don’t recognise.

Other ways to check if someone has stolen your identity include:

  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Making sure you read your credit card statements and other letters that come from your bank.

If your identity has been stolen, you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

The impact of identity theft

The real-life impact of identity theft can be devastating. It can have a significant effect on you mentally and physically. For some people, the results can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, family and job. So it’s vital that you do everything you can to protect yourself.

At Hayes Connor, we are currently investigating a spike in identity theft following the Equifax data breach. If you have been affected by this breach and are worried that your data could be used against you, please let us know. We will thoroughly assess the impact the violation has had on you and help you to claim the compensation you deserve.

LET US KNOW HOW THE EQUIFAX DATA BREACH HAS AFFECTED YOU.

Alternatively, if you are worried that your data is being used to commit identity fraud following another data breach, you can let us know here.

#notjusthackers
,

Sharing data? Think before you do

With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: All information you work with has value. Share it appropriately

The risk of data sharing  

We live in a data-driven world, so it’s not unusual for us to share our personal information with organisations. Not least because sharing this data tends to make life easier and more convenient. But it’s vital that our data is only used in ways we would expect, and that it is kept safe.

In a recent case, we saw the impact of what can happen when a gym provided a woman’s personal details – including her home address- to another customer who shared her name by mistake. This error led to considerable distress, upset and even fear.

Quick tips

  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information – both in and out of the office
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws
  • Organisations must do more to protect personal information. For example, by designing systems that only allow the relevant people to have access
  • Every staff member accessing personal records should provide a reason for doing so.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data protection
, ,

Massive NHS data breach. Are you affected?

According to damming new research by a leading think tank, the NHS saw nearly 10,000 documents either stolen or missing last year. The massive data breach affects 68 hospitals.

According to the findings:

  • University Hospital Birmingham was the worst affected with 3,179 missing documents
  • Bolton NHS Trust suffered a significant data breach with 2,163 documents lost
  • University Hospital Bristol also lost 1,105 records
  • Royal Devon and Exeter NHS Foundation Trust revealed that 425 of its records had been lost or stolen.

The information was collated via a Freedom of Information request pertaining to lost and/or stolen patient records. You can read the report in full here.

Reasons for the data breaches are said to include outdated and insecure methods of documentation, and cheap vulnerable means of recording. For example, 94% of NHS Trusts still use handwritten notes for patient record keeping and encrypted platforms are not thought to be widely used.

In June this year, we revealed that 150,000 patients have had their confidential data used without consent in another major NHS data breach. In this case, confidential personal data, given on the basis that it was to be used to provide medical care, was exploited for clinical audit and research purposes by the NHS, without the consent of patients. We have also looked at how healthcare accounts for nearly half of all data breaches.

In addition to human error the health service remains a top target for hackers. For example, one of the largest and most infamous cyberattacks on the NHS was the WannaCry attack in 2017.

So, with identity fraud and sales of patient records on the dark web on the rise, it is vital that the NHS does more to protect our sensitive information.

Have you been affected by the latest NHS data breach?

If you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful medical data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

Start a claim for compensation

breach compensation
, ,

Making a compensation claim helps to address the real-life impact of data breaches

At Hayes Connor Solicitors, we help our clients to make compensation claims after their data has been put at risk by the organisations they trust to look after it.

In some cases, these data breaches are massive news stories following hacks against the likes of Ticketmaster, Equifax and British Airways. But, every day, we also help people come to terms with smaller data breaches that have a severe and often lasting impact on them.

But, although we believe that these organisations must be held to account for their failure to protect our personal information, all too often people who make a data breach claim are accused of “trying to get something for nothing”. So let’s set the record straight.

The impact of cybercrime can be devastating

Cybercrime can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Following last year’s Ticketmaster data breach, 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards.

Worryingly, getting your money back following a scam is not always easy. For example, in a recent example of takeover fraud, a customer of the Royal Bank of Scotland (RBS) had more than £4,300 stolen from her account despite the fraudulent caller answering one of her security questions incorrectly. Despite the failure in their processes, the bank maintained that the customer was aware of the transaction and refused to refund her. Find out more about this case.

Claiming for distress isn’t an overreaction

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.”

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So why should you feel any less upset at having your online data taken?

Following last year’s Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Being the victim of a crime can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Even smaller data breach cases can have a huge impact. For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish. Crucially, the law agrees and recognises the amount of damage that can be caused by having your information stolen.

Holding organisations to account could be the only way to ensure they take your security seriously

The sheer scale of the information we share with organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So it’s no surprise that we are worried about what could happen if this data gets into the wrong hands. As such, something has to be done to make companies accountable for any harm done.

Cybercriminals are becoming more and more sophisticated. But this doesn’t let these organisations off the hook. If they have done everything in their power to protect your data and have robust security processes and procedures in place, it is unlikely that a claim would be successful. In fact, this is why we usually wait for the results of an investigation by the ICO before starting a claim.

But the reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

The real-life impact of data breaches

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

libel
,

Online defamation and libel: know your rights

Defamation is a bit of a hot topic at the moment. Earlier this year, writer and food blogger Jack Monroe won a libel action against Katie Hopkins, and was awarded £24,000 damages, for tweets which suggested that Monroe approved of defacing a war memorial during an anti-austerity demonstration in Whitehall. As a result of the fine, Hopkins had to apply for an insolvency agreement to avoid bankruptcy. Libel is a form of defamation.

Other instances where defamation has been brought into the public eye include where high-profile celebrities or businesspeople have brought an injunction to prevent the publication of material that would be damaging to their reputation (so-called gagging orders).

If you have been the victim of online defamation, it’s vital that you know your rights and what you can do to protect your reputation and achieve redress.

What is defamation?

Defamation is an all-encompassing term that covers any statement that damages someone’s reputation.

A defamatory statement can be made in:

  • Verbal form. This is classed as slander because only the spoken word is involved. Slander can be difficult to prove
  • Written form. This is classed as libel. A case for libel is easier to bring because evidence can be documented.

Defamation makes an ordinary person modify their opinions of another person as a direct result of hearing or reading the statement. Under UK law it is possible to defame businesses as well as individuals. A person that has suffered a defamatory statement can sue the person that made the statement under defamation law.

What is libel?

Online defamation tends to involve libel. You could accuse someone of libel against you if they:

  • Sent an email, or an email attachment defaming you, where that email is widely posted or forwarded
  • Made defamatory material available via a web page
  • Posted defamatory material to an email list or newsgroup
  • Streamed defamatory audio or video.

Anyone who actively transmits defamatory material may also be liable as part of any legal action.

What about freedom of expression?

It is accepted in a democratic society that individuals have a right to express their views and preferences. The internet offers great potential to do this.

Defamation is an abuse of this freedom of expression; where untrue statements may have a harmful impact on a person’s reputation.

It is critical to ensure that unfounded claims should not be allowed to damage a person’s reputation, but it is also vital for the law to balance such protections with the rights to freedom of expression. As such, the issue of defamation has become a much contested topic.

Of course, there is a balance to be had between one person’s right to protect their good name and another person’s freedom of speech. However, if someone has made an untrue statement about you, which was published on the internet, and which caused you injury, then you are entirely in your rights to sue for online defamation.

ticketmaster
, , ,

The real-life impact of a large data breach

At Hayes Connor Solicitors, we’re helping victims of the Ticketmaster data breach to claim compensation after their data was put at risk.

But, some nine months after the breach, what are the real-life effects of the Ticketmaster data hack?

63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards.

Cybercrime can result in both financial and/or identity theft. And, in this case the majority of our clients have gone on to suffer fraudulent activity.

What can you do to protect yourself from fraud?

With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And, getting your money back is not always easy.

Here are a few steps to help protect your cards from being used by hackers:

  • If you are worried that your banking details have been exposed, contact your bank immediately and ask them to keep a close eye on your account
  • Request a new card from your bank
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • Never automatically save your card details online.

31% of all clients involved in this case suffered from distress and/or psychological trauma.

Following the Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Being the victim of a crime can have a significant impact on a person mentally and physically. Everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect their friends, family and job.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish. Crucially, the law agrees and recognises the amount of damage that can be caused by having your information stolen.

Make a Ticketmaster compensation claim with Hayes Connor Solicitors

At Hayes Connor Solicitors, we are investigating the options available for customers of the Ticketmaster group.

As Ticketmaster has already admitted the breach and informed customers, those affected should already know if their data has been put at risk.

To ensure that you are fully informed on this matter complete your details and we will notify you about the investigation and your legal rights when making a claim.

REGISTER YOUR DETAILS TODAY.

BA data breach
, , ,

What’s happening in the British Airways data breach group action?

Last year, almost 400,000 British Airways customers had their bank card details stolen in one of the most severe cyber-attacks in UK history. In response, our expert data breach solicitors are preparing to launch a British Airways data breach group action once the relevant investigations are complete.

What happened in this case?

British Airways has apologised after admitting that its customers’ details were stolen over a period of 15 days in a massive data breach. The attack put the personal and financial information of customers making bookings at risk. In total, about 380,000 transactions were affected.

We could be talking about one of the most serious data breach cases to hit the UK, so we quickly began to receive enquiries from concerned passengers.

Where are we up to?

We are currently preparing to launch a British Airways data breach group action. A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of success.

We have also sent a ‘Letter of Claim’ to BA and their solicitors. This shows them that we are serious about pursuing potential litigation on behalf of our clients.

We have also met with other solicitors who are also pursuing claims against BA for the data breach. We believe that a joined-up approach with these solicitors will allow us to proceed on a similar footing with the other claimants, and maximise our chances of success.

Why claim against a victim of a cyber-attack?

It’s true that cybercriminals carried out a “sophisticated, malicious criminal attack” on the British Airways website.

But this doesn’t let BA off the hook. These hackers spent more than two weeks accessing data online before the hack was spotted and reported. This increases the risk substantially. So it’s unlikely that

BA did everything in its power to protect your data or had secure security processes and procedures in place.

The reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

What should you do if you are worried?

For anyone worried that their data has been exposed by British Airways, you should:

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. British Airways should be able to advise you on this
  2. Contact your bank. If any financial information has been stolen, contact your bank or credit card provider immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  3. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  4. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present, the ICO is investigating the British Airways data breach. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

bank details
, , ,

Banks issue new cards after Ticketmaster data breach

Nine months after the Ticketmaster data breach, two high street banks are sending out replacement credit and debit cards for customers who might have been put at risk.

The Royal Bank of Scotland (RBS) and NatWest have written to some customers informing them that they will be issued with replacement cards following last year’s Ticketmaster breach.

The letters state that replacement cards are being sent to anyone who used their card at Ticketmaster, while noting that this is a precautionary measure and that in some cases there is no indication that their information has been accessed.

What happened in the Ticketmaster data breach?

The hack hit around 40,000 people in the UK and compromised personal and financial information including customer names, addresses, email addresses, phone numbers, payment details and account login details. Some customers have already had their cards used by cybercriminals.

Find out more about the Ticketmaster data breach.

However, some customers of NatWest and RBS have taken to social media to complain about the way the incident has been handled.

Concerns include:

  • That this is the first time some customers have heard of the breach
  • Customers being unsure whether the letters are genuine
  • The length of time it has taken the banks to address this issue (banking start-up Monzo requested replacement Mastercards for all affected customers in April 2018).

How to protect your bank details from hackers

Following the Ticketmaster data breach, here are a few steps to help protect your cards from being used by hackers:

  • If you are worried that your banking details have been exposed, contact your bank immediately and ask them to keep a close eye on your account
  • Request a new card from your bank
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • Never automatically save your card details online.

Lessons learned

Obviously, RBS and NatWest are in no way responsible for the Ticketmaster data breach. But as such hacks become increasingly common, how banks react to protect their customers following such violations has never been more important.

Since the start of the Ticketmaster breach we’ve advised clients to request new cards from their bank. But it cannot just be left to victims of data theft to protect themselves. At Hayes Connor, we would argue that a speedier response is now needed and that this is something all credit and debit cards providers must address.

Make a Ticketmaster compensation claim with Hayes Connor Solicitors

At Hayes Connor we are already representing people who have been put at risk due to the Ticketmaster data hack.

IF YOU WISH TO BE A PART OF THIS CLAIM THEN REGISTER YOUR DETAILS TODAY.

notjusthackers
, , ,

Make sure you enter your email address correctly when signing up online!

According to a recent report, people are unwittingly “handing over the keys to their digital life”. BBC News has revealed that journalists were able to see details of a stranger’s credit report after an individual entered the wrong email address when signing up to the online service.

In this case, a person signed up to a credit service, but when doing so, entered a slightly incorrect email address. This email address then doubled as the account username.

When an email was sent from the credit service to confirm the account, it was, therefore, sent to the wrong person. Someone whose email address was almost the same as theirs.

And because this stranger had full access to the account, they could get into the account and even change the password. So, one small mistake let the wrong person see a huge range of personal information including the date of birth and previous addresses of the actual account holder, as well as information about their applications for credit.

The problem with email

Most of us hand over our email addresses in return for services. And we do so willingly. But our email address provides a way into our digital life. Just one wrong letter or a dot in the wrong place could mean that our personal and sensitive information falls into the wrong hands.

In most cases, if someone with a name like yours gets access to a service you signed up for they are likely to delete it (often thinking it might be spam). But are you willing to take that risk?

In this case, the information accessed would be extremely valuable to cybercriminals, who could use it to apply for loans and other credit in your name.

How to protect yourself

At present, most businesses have processes in place to respond to errors and stop fraud from happening. But what if you don’t know you have made a mistake until it is too late?

Valuable data is being put at risk by people inputting the wrong email address. So simply having a few words of warning on a site asking people to check that they have entered the right details isn’t working.

In response, companies are being urged to find other ways to check their customers are who they say they are (e.g. two-factor authentication and ensuring people signing up for a service enter their email address twice  – with no cut and paste option).

But to keep yourself safe online it’s vital that you do everything you can to protect yourself from fraud, and become more vigilant when signing up online.

For more advice on how to keep safe online, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895.