Law firms still getting to grips with data security and AI

Law firms still getting to grips with data security and AI

The legal sector has been undergoing significant change in recent years with the increasing use of artificial intelligence creating a significant challenge for firms according to a data breach specialist. As firms integrate artificial intelligence to streamline practices and create greater efficiencies, the growing use of AI also presents unique challenges as lawyers and their […]

data breach
, ,

Data breach help & support

Most of us use the internet to help make our day-to-day lives better. But despite its benefits, the more information we put online, the more likely it is that something will go wrong. At Hayes Connor, our expert solicitors deal with a significant number of data breach cases every day. During our work, we see many different types of claims. So we understand how data breaches can affect people in different ways. If you have suffered because of a data breach – regardless of whether this was caused by cybercriminals or human error – it’s essential that you get the data breach help you need to get you through this difficult time.

Committed to reducing the amount of data privacy violations, and supporting victims wherever we can, here is a list of websites you can turn to for data breach help, advice and support – before, during and after a data breach.

Where to get data breach help & support

Victim Support

Victim Support is the leading independent victim’s charity in England and Wales. It helps people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims of crime across the UK.

Hayes Connor is working with Victim Support to help those affected by cybercrime and data breaches. Ultimately, it’s about ensuring victims have access to the support they need when they need it. Victim Support and Hayes Connor also help to raise awareness of the threat to keep people safe online.

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is an independent authority, set up to uphold information rights in the public interest, and to promote openness by public bodies and data privacy for individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties. You have the right to ask the ICO to assess if an organisation breached the Data Protection Act.

At Hayes Connor Solicitors we often work with the ICO to gather as much evidence as possible to help our clients succeed.

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime. Victims of online offences such as scams and financial/identity fraud should contact Action Fraud to report their loss. You can do this online or via telephone.

For any other form of cybercrime such as online stalking, harassment, or fears about sexual grooming, you should contact the police directly.

National Security Cyber Centre (NSCS)

The NSCS is helping to make the UK the safest place to live and work online.

It supports the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, it provides effective incident response to minimise harm, help with recovery, and learn lessons for the future.

Cyber Aware

Cyber Aware is a cross-government awareness and behaviour change campaign. It aims to help small businesses and individuals to adopt simple, secure online behaviours to help protect themselves – and their customers – from cybercriminals.

Cyber Essentials

Cyber Essentials is a government-backed scheme that helps to protect organisations, whatever their size, against a whole range of the most common cyber-attacks.

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety. It contains lots of helpful guidance to protect you and your data from the threat of fraud, identity theft and abuse.

Have I Been Pwned

Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised.

Net Aware

Created by the NSPCC and O2, Net Aware provides simple, no-nonsense guidance to parents and guardians on the social networks their kids use. It helps parents and guardians stay up to date and keep their children safe in today’s digital world.

No More Ransom Project

Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. The No More Ransom Project has created a repository of keys and applications that can decrypt data locked by different types of ransomware. It also has advice on how to protect you from this threat in the first place.

Take Five To Stop Fraud

Take Five offers straight-forward and impartial advice and helps everyone in the UK to protect themselves against financial fraud.

Hayes Connor Solicitors

If you need data breach help, at Hayes Connor, we have created a wealth of advice, news and other resources to raise awareness of the importance of data protection. We encourage individuals and organisations across the UK to use this information to help keep everyone safe.

Alternatively, for more data breach help and advice, follow us on Twitter and Facebook.

If you have been the victim of a data breach or cyber fraud, you can also contact us to find out how we can help you to recover any losses.

Today’s Legal Cyber Risk, 29th May 2019

We featured in Today’s Legal Cyber Risk looking at how the changing legal landscape has affected law firms. Many are still getting to grips with the increasing use of artificial intelligence to enhance clients’ experience and to create more efficient, streamlined services. Kingsley Hayes comments on what this means for data privacy.

Pro Privacy, 29th May 2019

Kingsley Hayes talked to Pro Privacy about the importance of data protection and the impact on individuals who have suffered either financially or psychologically following a data breach. The piece looks at how some tech workers are choosing to quit working for employers who don’t value data privacy.


data breach
, ,

Is your local council doing enough to protect your data?

Wokingham Council has suffered its fifth data breach in a year. This demonstrates why more and more residents are looking to sue for breach of data protection.

The latest data breach happened when a woman had her benefit payment details leaked to another resident. Just a month earlier, the council had to apologise after a sex abuse victim had her data shared with her attacker. This happened not once but twice and could have caused significant upset and harm for the victim.

Worryingly, when talking about the failures, the council’s customer service team said that “it happens”.

A spokesperson for the council has since apologised for the data breaches. And the local authority is implementing measures to safeguard sensitive information.

But, people have the right to expect that councils across the UK have already established robust privacy processes. Why do people have to sue for breach of data protection before councils give this issue the attention it so obviously needs?

Local authority data breaches

The truth is, at Hayes Connor know that councils are neglecting people’s privacy all the time.

For example:

Local governments must do better if they don’t want people to sue for breach of data protection

Despite the threat of crime, all too often it is human error that is to blame for council data breaches. And, while in many cases local councils argue that the violations are “low risk”, we believe that playing down the risk is the wrong approach to take.

Instead, councils must understand the harm caused when they don’t look after our data correctly. The impact of such negligence can’t be underestimated.

Just having access to an individual’s name and address can result in financial fraud and/or identity fraud. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. A data breach can also lead to distress and psychological trauma.

What’s more, even if nothing has been done with that information as yet, it doesn’t mean the data is safe. Working exclusively on data breach and cybercrime cases, it has become clear to our solicitors that the impact and losses people sustain following a data privacy violation are not always immediately apparent. We see instances where the effects only became clear months later.

What can you do to stop a breach of data protection from happening to you?

If you are concerned that your data might be at risk by a local authority, you can ask for a copy of the data the council holds about you. This is called a subject access request (SAR).

This won’t guarantee that an error doesn’t result in your information being exposed, but it is a reasonable safety precaution to take. You can also ask the council for a copy of their acceptable use policy and data protection policy.

Not just hackers

Our local governments were hit by almost 100 million cyber-attacks over five years. And one in four council systems were successfully breached. But, while the threat of cybercrime is something that the public sector needs to take seriously, it must also do more to address the issue of human error.

Waiting until a data breach happens is simply not good enough.

For advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud and you want to sue for breach of data protection, contact us. We will answer any questions you might have and discuss your case in more depth.

Legal Futures, 24th May 2019

Kingsley Hayes comments on the research findings of the 2019 Data Breach Investigations Report revealing that small businesses are at a high risk of data breaches despite the media headlines focusing on high profile incidents involving large brands.


Businesses underestimating the true cost of cyber attacks

According to a government report, organisations are yet to recognise the full financial consequences and damage to their business following a cyber attack. The Cybersecurity Breaches Survey 2019 found that the mean annual cost of a cyber attack leading to a negative outcome for medium businesses was £9,270 and £22,700 for larger organisations.

Data breach leads to neighbour harassment

Small businesses are at greater risk of data breaches

News of significant data breaches impacting large organisations is increasingly commonplace, a recent report however, has found that small businesses are at greater risk. The 2019 Data Breach Investigations Report, published by Verizon, found that amongst the 41,686 security incidents in both the public and private sector organisations in 86 countries, 43% affected small businesses.

, ,

An update on Cybersecurity in the UK

The government has published the results of the Cyber Security Breaches Survey 2019. This looks at how UK organisations approach cybersecurity, and the impact of breaches.

Trends in cybersecurity in the UK in 2019

According to this report:

Cyber-attacks are a persistent threat to businesses and charities

Around a third of businesses and two in ten charities report having cybersecurity breaches or attacks in the last 12 months. Among those organisations facing breaches or attacks, the most common types are:

  • Phishing attacks
  • Others impersonating an organisation in emails or online
  • Viruses, spyware or malware, including ransomware attacks.

For businesses, the proportion identifying breaches or attacks is lower than in 2018. The survey is unclear why this has happened. It could be because companies are generally becoming more cyber secure. However, another possibility is that more attacks are being focused on a narrower (though still numerous) range of businesses. The survey also suggests that some companies may be less willing to admit to having cybersecurity breaches following GDPR.

Where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017

When looking at cybersecurity in the UK, the report states that among those businesses recording breaches or attacks, in 30% of cases this resulted in a negative outcome (e.g. a loss of data or assets). For charities, this happened 21% of the time.

The average cost to a business which lost money following a cyber-attack was £4,180. This is higher than in 2018 (£3,160) and 2017 (£2,450). However, for larger firms this jumped to £22,700 in 2019. For charities, the average cost was £9,470.

So, the costs of cybersecurity breaches can be substantial. But more than this, the survey also states that: “the indirect costs, long-term costs and intangible costs of breaches – things like lost productivity or reputational damage – tend to be overlooked. This means that, when organisations reflect on their approaches to cybersecurity, they may be undervaluing the true cost and impact of cyber security breaches”.

More businesses and charities than before have taken positive steps to improve their cybersecurity

This is in part linked to the introduction of GDPR. However, while this report found that security is increasingly a priority issue for organisations (78% of business and 75% of charities), it does not appear that actions are reflecting this shift.

In fact, only 30% of businesses and 37% charities have made improvements to their cybersecurity since GDPR.

Of those who have made improvements in a bid to stop cyber-attacks and data breaches:

  • 60% of business and charities have created new policies
  • 15% of businesses and 17% of charities have had extra staff training or communications
  • 6% of businesses and 10% of charities have improved their contingency plans.

However, in more positive news, there are year-on-year improvements in these areas.

There is still more that organisations can do to protect themselves from cyber risks

So, the increasing prioritisation of cybersecurity has not always been matched by increased engagement and action. In fact, according to the findings:

  • Just 35% of businesses and 30% of charities have a board member or trustee with specific responsibility for cyber security
  • Only around 18% of businesses and 14% of charities require their suppliers to adhere to any cyber security standards
  • Just 16% of businesses and 11% of charities have formal cyber security incident management processes in place.

Organisations are open to receiving guidance or checklists. However, they expect such guidance to be pushed out to them

 Today, UK organisations are open to improving their cybersecurity processes, but they still appear to be reluctant to take responsibility for doing this. Just 59% of businesses 47% of charities have sought external information or guidance on cybersecurity in the last 12 months.

You can read the report in full here.

Helping individuals and organisations to become more cyber aware and cyber safe

Hayes Connor Solicitors is a niche firm operating in the data breach sector. We help our clients to claim the compensation they deserve following data protection breaches and other cyber offences such as computer fraud, identity theft, defamation, hacking and phishing scams.

A relatively new and evolving area of law, our specialist solicitors lead our field when it comes to understanding the complexities involved.

We make sure our clients have as much information as possible before claiming so that they feel fully informed at all times. And we provide a wide range of information to help our clients protect themselves once a breach has occurred. We also raise awareness of the growing threat of cybercrime and data breaches, as the more people are aware of the risk, the better-protected everyone will be.

For advice on how to keep your data safe, follow us on Twitter and Facebook. Or, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.


Eu Settled status
, ,

Home Office guilty of EU Settled Status data breach

In a recent blog, we looked at how an administrative error by the Home Office exposed the email addresses of hundreds of Windrush migrants. And the department hasn’t learned from its mistakes. An EU Settled Status data breach has now endangered the details of hundreds of EU citizens in the UK.

EU Settled Status data breach

In the latest “administrative error”, the Home Office failed to conceal email addresses in a group communication. This email was sent to applicants of the EU Settled Status scheme. The controversial scheme allows EU nationals and their families to secure their rights in the UK after Brexit.

In total around 240 email addresses were revealed.

The breach happened on Sunday 7 April. It occurred because the department failed to use the ‘bcc’ function when sending a bulk email. The breach is likely to have made a stressful situation even worse. Particularly as these applicants had already faced technical difficulties while trying to keep their rights in the UK.

The Home Office has since apologised to those affected. The Information Commissioner’s Office (ICO) is aware of the breach. It will now decide whether or not to launch a full inquiry.

What have people said about the EU Settled Status data breach?

Nicolas Hatton, from the 3 Million campaign group said: “It feels like it adds insult to injury”. While one recipient of the email told the BBC that she was outraged and was considering returning to Germany.

Shadow Home Secretary Diane Abbott said: “Data breaches are now a matter of routine, while all those who are unfortunate enough to have to deal with the Home Office face a combination of indifference, incompetence and the hostile environment.”

Conservative MP Alberto Costa has called on the Government to scrap the “morally repugnant” system.

What can you do if you have suffered because of the EU Settled Status data breach?

Experiencing a data breach can result in significant stress and anxiety. And this can lead to a diagnosable psychological injury.

For people who are already worried about their rights being removed following Brexit, knowing that their personal information has been violated could be particularly distressing.

If you have suffered damage or distress caused by the EU Settled Status data protection breach you could have a right to claim compensation. To find out how we can help you recover any losses, contact us to discuss your case.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.