Hayes Connor appointed as data protection supplier to Communication Workers Union

Hayes Connor appointed as data protection supplier to Communication Workers Union

Data breach and cybercrime specialist Hayes Connor Solicitors has been appointed to deliver data protection claims support to nearly 200,000 members of the Communication Workers Union (CWU).

CWU is the largest union for the communications industry in the UK and includes members from the postal, telecoms, mobile, administration and financial sectors. Members of the organisation include the Royal Mail, Telefonica 02, UK Mail and BT, EE, Virgin Media and Santander. Read more

Law Gazette, 30th July 2019

Hayes Connor featured on the Law Gazette with news of our data breach claim against the Legal Ombudsman after it circulated an email to a number of recipients exposing all their email address details.


Business Up North, 30th July 2019

Kingsley Hayes comments on Business Up North about the hidden dangers of internet use and the predicted rise in data breach claims against businesses who not only hold, but distribute data including manufacturers of equipment such as smartphones.

Today’s Legal Cyber Risk, 30th July 2019

We were very pleased to be appointed by the Communication Workers Union (CWU) to provide data protection representation for its members following incidents of a data breach. The organisation has more than 200,000 members including Royal Mail, Santander and EE.

Legal Futures, 25th July 2019

We featured in Legal Futures following news that Equifax faced £multi-million fines in America following its data breach. Kingsley Hayes explains why the hefty penalty was entirely preventable.

Lpvl data breach
, ,

Estate agency fined £80,000 for LPVL data breach

A London estate agency has been fined £80,000 by the Information Commissioner’s Office (ICO) after it left 18,610 customers’ personal data exposed for almost two years. LPVL only alerted the ICO to the breach when it was contacted by a hacker.

While this fine is significant, the breach took place before the new data protection regulations came into force. So, the punishment could have been much harsher. For example, in the last few weeks, we have seen the ICO warn both British Airways and Marriott Hotels that it is planning to issue fines of £183.39m and £99.2m respectively for data protection failures.

What happened in the LPVL data breach?

In this case, the data breach occurred when Life at Parliament View Ltd (LPVL) transferred the personal information from its server to a partner organisation. By failing to switch off an ‘Anonymous Authentication’ function, access restrictions were not implemented. As a result, anyone online could have accessed all the data between March 2015 and February 2017.

What information was put at risk in this data breach?

The details exposed by LPVL included bank statements, salary details, copies of passports, dates of birth and addresses of both tenants and landlords. If this data has fallen into the wrong hands the results could be devastating.

What has the ICO said about the data breach?

Investigating this breach, the ICO uncovered a catalogue of security errors. Crucially, it found that LPVL had failed to take appropriate technical and organisational measures to protect the data.

The ICO concluded that LPVL was guilty of a severe infringement of data protection laws.

Commenting on this case, Steve Eckersley, Director of Investigations at the ICO, said:

“Customers have the right to expect that the personal information they provide to companies will remain safe and secure. That simply wasn’t the case here.

“As we uncovered the facts, we found LPVL had failed to adequately train its staff, who misconfigured and used an insecure file transfer system and then failed to monitor it. These shortcomings have left its customers exposed to the potential risk of identity fraud.

“Companies must accept that they have a legal obligation to both protect and keep secure the personal data they are entrusted with. Where this does not happen, we will investigate and take action.”

What should you do if you are affected by the data breach?

If you have been the victim of the LPVL data breach, it is vital that you know how to react. Here’s what you should do as soon as you find out that your data has been breached.

  • Follow any security instructions provided to you by LPVL
  • Contact your bank or credit card provider and let them know what has happened
  • Keep an eye out for any bills or emails about goods or services you haven’t ordered
  • Check your bank statements regularly and alert your bank if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Do not click on any suspicious links. This could result in you giving a fraudster even more access to your personal or financial details
  • Always question uninvited emails, calls etc. in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords and use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by up-to-date internet security software

Make a LPVL data breach compensation claim

If you want to make a compensation claim following the LPVL data breach, you should contact Hayes Connor Solicitors. You can make a data breach claim for loss of money or emotional distress.

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Equifax £multi-million US fine entirely preventable_

Equifax £multi-million US fine entirely preventable

It was announced this week that the credit score giant faces a fine of $700 million (£561 million) following its 2017 data breach – a hefty penalty that could have been avoided. Reports have stated that Equifax was warned in March 2017 that one of its databases was vulnerable to hackers. It acted quickly ordering […]

data encrypted
, ,

Is your data encrypted?

Human error is the leading cause of data breaches. In response, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff. At Hayes Connor Solicitors, we’re sharing some of the tips included in this toolkit. For example, having data encrypted.

In doing this, we hope to raise awareness of the importance of this issue. And help organisations across the UK improve their data protection processes.

Tip: When sending information out of the office – make sure it’s securely encrypted


The risk of not encrypting your data

Data encryption translates data into another form or code. Once encrypted, only people with access to the right key or password can read it. Data encryption is a simple tool, and it’s a good way to protect sensitive and personal information. But all too often organisations are overlooking even this simple step.

For example, in May last year, the Information Commissioner’s Office (ICO) issued a £325,000 fine following the loss of recorded police interviews by the Crown Prosecution Service (CPS).

In this case, DVDs containing interviews with 15 victims of child sex abuse were sent by tracked delivery from Guildford to Brighton for a trial. But, the delivery was made outside of office hours, and they were left at an office reception in a shared building. Shockingly, the recordings were unencrypted. The failure to protect such sensitive information has led to concerns that a “loss in trust could influence victims’ willingness to report serious crimes”.

Quick tips

  • Employers must understand the importance of data protection. And put strict policies and procedures in place to ensure the safe processing of information. Both in and out of the office
  • In many cases, if staff abide by the data protection principles of their businesses, data breaches can be avoided. But it is up to employers to make sure that all staff receive regular data protection training. This will help to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses.  Or give us a call to discuss your case in more depth.

Equifax agrees to settle data breach for £561 million
, , ,

Equifax agrees to settle data breach for £561 million

Equifax has agreed to pay up to £561m ($700m) to settle its data breach case in the US. The 2017 incident resulted in hackers stealing the personal data of millions of people. Up to 143 million US citizens and 15 million Brits were affected by the Equifax data breach.

The Federal Trade Commission believes that the credit reference firm failed to take reasonable steps to secure its network. The huge fine is the FTC’s largest data-breach settlement to date.

Find out more about the Equifax data breach.

What has happened in the US case?

According to FTC spokesperson: “Equifax failed to take basic steps that may have prevented the breach.” For example, while Equifax’s security team ordered that systems be patched within 48 hours after being informed of the discovery, the firm failed to check that this was done. As a result, hackers were able to exploit the flaw and steal consumers’ personal details over many months.

The FTC added: “This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

At least $300m of the fine will go towards paying for identity theft services and other related expenses incurred by victims of the data breach. The rest will be used to cover consumer’ losses, to pay state penalties, and to pay a penalty to the Consumer Financial Protection Bureau.

The deal also requires Equifax to boost its cybersecurity systems. As part of the settlement Equifax had agreed to:

  • Carry out an annual audit of security risks
  • Submit to an external assessment every two years
  • Ensure that third-parties with access to personal data also have adequate data protection measures in place.

What has happened in the UK case?

Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) fined Equifax £500,000.

However, because of when this breach happened, the UK investigation was carried out under old data protection legislation rather than the new General Data Protection Regulation (GDPR). As such, the £500,000 fine was the maximum penalty allowed. So, many believe that Equifax got off lightly.

The ICO investigation also revealed multiple failures at the credit reference agency.

Can you claim compensation for the Equifax data breach in the UK?

Hayes Connor Solicitors has launched an Equifax data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big companies like Equifax do more to uphold their obligations and keep people safe.

Equifax sent letters to everyone who had their personal details accessed to let them know that they were affected. To join our group action, you will need to provide evidence that you received notification that your details formed part of this breach.

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you win £1,500, you get all of the compensation. There are no solicitor’s fees – win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Once you register with us, a member of our team will be in touch to explain the next steps.


The Drum, 23rd July 2019

Fun apps such as TikTok and FaceApp are increasingly popular, however, users are at risk of having their personal data exploited. We talked to The Drum about the associated risks.