data breach solicitors
, ,

Can you claim compensation for the Police Federation data breach?

Last month, the Police Federation of England and Wales (PFEW) admitted that it suffered a severe data breach across a number of its databases. This data privacy violation happened as a result of a ransomware cyber-attack. A criminal investigation has now been launched into the Police Federation cyber-attack.

What happened in the Police Federation data breach?

In a Twitter statement, posted on 21st March, the PFEW said: “We can confirm we have been subject to a malware attack on our computer systems. We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading.”

The statement also included a press release with more information about the attack. You can read this in full here.

However, people were soon pointing out that the PFEW took 12 days to inform its members about the attack. And the way some members found out was also questioned.

 

“So this happened on 9th March and it is only now the 21st March that you tell your paying members?? Absolutely disgraceful handling by the federation.”

@RonanDonohue1

“I’d rather my OH not be told via a press release, but direct contact from federation! Press releases are for the public not the potential victims”.

@lucycdoyle

“So if the attack was discovered on 9th March, why did it take 12 days to alert everyone? I assume you have reported your data breach to the information commissions office?”

@ RPUSC2

“Members are always last to find out. Why has it taken over 11 days to inform your members…”

@CopsAgainstXtr

 

What information was exposed in the PFEW data breach?

The names, email addresses, National Insurance numbers, ranks and serving forces of around 120,000 police officers may have been exposed. The breach affects officers at all levels up to the rank of chief inspector.

Also, any guests who stayed at the PFEW conference and hotel facilities in Leatherhead between 1 September 2018 and 9 March 2019 may also have had their financial details (credit card number and expiry date) put at risk.

In addition, the PFEW claims case management system has also been compromised. So any members who requested PFEW assistance for any investigation, inquiry or complaint could have had their name, address, National Insurance number, and bank details accessed.

However, the PFEW claims that there is no evidence at this stage that any data was extracted from PFEW’s systems, although this cannot be discounted.

Local Federation branches have not been affected.

How is the PFEW ransomware attack impacting police systems?

Ransomware is a type of malicious software. Typically cybercriminals use ransomware to threaten to publish the victim’s data, or to block access to it unless a ransom is paid. Ransomware attacks are becoming more widespread.

As a result of this ransomware attack, the PFEW has suffered severe disruption to services. Backup data was also deleted. Indeed, following the breach the PFEW has made the “difficult decision” to cancel its national conference in June. A statement on Twitter read:

“Experts in business recovery estimate it takes 4 – 6 months to recover from a cyber-attack and with annual conference due in 9 weeks it would not be possible to deliver this on time.”

Can you claim compensation for the Police Federation data breach?

The Information Commissioner’s Office (ICO) is aware of the situation. However, while it has the power to impose hefty fines on organisations who fail to meet their data protection requirements, the ICO does not award compensation.

But, should the ICO find that the PFEW did not meet its data protection requirements, you could have a claim for compensation.

Indeed, even if there is no immediate evidence that personal and sensitive data was successfully extracted from PFEW systems, that doesn’t mean that there will be no impact on those officers affected. In many data breach cases it can take months for the full implications and losses to become apparent. We have seen instances where the financial losses only start to occur three to six months later. This is often because data stolen is used in batches over time.

What’s more, simply knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. Experiencing a data breach can result in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. For police officers knowing that their personal information could be in the hands of criminals is bound to be even more distressing.

How to make a claim following the Police Federation data breach

At Hayes Connor Solicitors, we are experts in data breach cases. Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, we are now considering launching a no-win, no-fee group action to compensate victims of the Police Federation cyberattack.

Find out more about group actions.

 

By now those who have been affected should have been emailed. If you have received this email then you may be able to claim compensation once the matter has been investigated.

To ensure that you are fully informed and kept up-to-date, simply fill in our quick form and we will notify you about the investigation and your legal rights when making a claim.

REGISTER HERE

 

VICTIMS
,

Businesses must invest in cyber insurance to protect victims of data breaches

It’s almost impossible to pick up a newspaper or turn on the television without finding out about how some big company has been hacked. But, while it might seem that data breaches are a new and pressing concern, the issue of how to maintain the integrity of information stored on computers is nothing new.

In fact, in a recent article by the Financial Times, the author shares how, as far back as 1979, economist (and former CIA analyst), Mark Skousen published the ‘Complete Guide to Financial Privacy’. In this book, he warned about the relentless collection of information and the need to recognise the need to protect against “unwarranted intrusion into sensitive information”.

Fast forward to today, and as the FT article states, “there is no company or product that doesn’t have cyber risk attached to it.”

The impact of data breaches on business

A data breach can be devastating for victims. And, at Hayes Connor, every day we hear about how privacy violations are causing misery and upset to people across the UK. Crucially, in most cases, these breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors.

But it’s not just victims of data breaches that suffer long-term effects following a cyber problem. Organisations of all types and sizes can also find it difficult to recover.

Here are just some of the possible consequences faced by companies that fail to keep their data safe:

  • Loss of time and money due to having to repair affected systems and disruption to trading
  • Loss of reputational damage and sales (lack of trust from current and potential customers)
  • Loss due to the legal consequences of a data breach (e.g. fines, legal fees and compensation payments)
  • Loss of competitive advantage due to the theft of trade secrets or copyrighted material
  • Having to pay fraudsters (cyber extortion)
  • Rises in insurance premiums.

Worryingly, according to the latest statistics, almost 30 million cyber-related crimes were launched in the last quarter of last year.[1] And nearly half of all UK businesses fell victim to cyberattacks or security breaches[2].

43% of UK organisations surveyed had experienced a cyber security breach or attack in the last 12 months

  2018 Cyber Security Breaches Survey

Standard insurance policies do not cover cyber risk

Despite the rise in cybercrime, many UK organisations are still failing to insure themselves against the threat of a data breach. In fact, according to the article in the FT, only 9% of UK companies are said to have specific cyber insurance. Standard insurance policies do not cover cyber risk.

When it comes to data privacy violations, it is clear the problem isn’t going away. And with prevention better than cure, as well as improving security processes and IT governance, every business, regardless of size or ownership, must now consider cyber insurance. Because if a data breach claim is made against a company, and it is found liable for data privacy errors, the consequences of not being covered could be catastrophic.

The impact on individuals

The introduction of the General Data Protection Regulation (GDPR) in May 2018 coincided with a significant increase in reported data breaches. So the GDPR has created greater public awareness about individual rights.

Indeed, at Hayes Connor, we are currently dealing with over 200 enquiries per month from consumers. Complaints range from the inappropriate use of email to the deliberate or inadvertent disclosure of sensitive, financial, and medical information to third parties.

We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

In most of these cases, the victim of the data breach will have tried to engage with the organisation that has committed the violation and been either rebuffed or provided with a wholly inadequate excuse. In almost all cases the organisation at fault fails to recognise the damage caused by the breach and loss.

Often this failure to provide adequate redress to the victims of data breaches comes from fear. Fear that giving proper compensation could put an organisation out of business. But, with the right insurance in place – alongside improved data security processes – both companies and individuals would be better protected.

Leading by example

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are helping to raise awareness of this issue and educating people and businesses to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] Kaspersky

[2] 2018 Cyber Security Breaches Survey

compensation
,

Banks to pay push payment scam compensation

A number of leading banks have agreed to contribute to a fund for victims of push payment scams.

Push payment scams happen when cybercriminals trick someone into sending them money by pretending to be someone else. Push payment scams saw £148 million lost in the first half of 2018.

Banks that have signed up to the new push payment scam compensation fund include Barclays, HSBC, Lloyds and RBS. Other banks such as Santander and Nationwide, have also made a similar commitment.

Historically, banks have avoided paying push payment scam compensation to victims unless there was a fault in their processes. This is because the customer authorised the payments.

The scheme will be introduced as an interim measure until a permanent solution can be agreed. It is expected that banks will reimburse somewhere between £30million and £40million more in push payment compensation in 2019 as compared to last year.

How to protect yourself from push payment fraud

Action Fraud – the national fraud reporting service – recommends taking the following advice to stay safe:

  • Be suspicious of requests to transfer money by bank transfer or virtual currency instead of safer methods (e.g. credit card or payment services such as PayPal)
  • Trust your instincts. If something feels wrong then it is right to question it
  • Don’t pay for goods or services unless you know and trust the individual or business
  • Be aware that personal information obtained from data breaches is making it easier for cybercriminals to create highly targeted phishing messages and calls
  • Don’t assume a person/organisation is genuine just because they’re able to provide some basic details about you
  • Always be suspicious of unsolicited requests for your personal or financial information.

Also, it’s important to understand that your bank would not:

  • Ask you to share any sensitive information about yourself or your accounts, like your PIN or full banking password
  • Ask you withdraw or transfer money for safekeeping
  • Send someone to your home to collect cash, a PIN, cards or cheque books
  • Try to panic you out of taking security checks.

A win for consumers

Commenting on the new push payment scam compensation fund, a spokesperson at consumer group Which?, said: “This long-awaited move to ensure victims of bank transfer scams are properly reimbursed when neither they nor the bank is at fault is a major victory for consumers.

“The banks must now act to ensure this scheme is implemented swiftly so consumers can have confidence that losing life-changing sums of money to this type of fraud is a thing of the past.”

What can you do if you are the victim of push payment fraud?

If you have been the victim of an attempted push payment scam, you should contact Action Fraud. However, if you have lost money as a result of the scam, you must also report it as a crime. You should also notify your bank ASAP.

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a push payment scam, find out how we can help you to recover any losses or give us a call our office to discuss your case in more depth. We can help you to claim compensation and steer you through the aftermath of a bank or credit card scam – minimising the impact on you as much as possible.

data breach
,

Financial Services data breaches have risen by 480%

According to recent research[1], UK financial services firms reported a whopping 480% more data breaches in 2018 than in 2017. And, in the sector, retail banking saw the most substantial rise in the number of data breach reports, jumping a staggering 2400%.

But why are we seeing this increase?

Financial data breaches are on the rise

Hacking is now big business and organisations that hold financial data are a particularly lucrative target. For example:

But in many cases, its human error rather than cybercrime that is the biggest cause of financial data breaches. And, these errors are just as likely to happen offline. In a recent case, our solicitors saw the impact of what can happen when a person’s financial information was sent to the wrong address by mistake.

Cybercriminals are becoming increasingly sophisticated

While the majority of attackers are still going after easy “low-hanging fruit” there are signs that cybercriminals are becoming increasingly sophisticated.

For example, AI-assisted imposters are set to become an increased threat. With machine-learning helping to make existing cyber-attack efforts like identity theft, denial-of-service attacks and password cracking faster, more formidable, and more effective.

Furthermore, as we move deeper and deeper into the Internet of Things (IoT), more and more devices and data are going to be connected to the internet. Keeping these safe from hackers is going to be an ongoing challenge.

Self-reporting has increased

The General Data Protection Regulation (GDPR), now requires organisations to report data breaches within 72 hours or face penalties. This is also likely to be a critical factor in the increase of reports. It is also probable that we will continue to see a dramatic increase in data breach reports now that self-reporting is mandatory.

On a positive note, some experts suggest that businesses are getting better at identifying and reporting cyberattacks. And if the financial services industry is now taking cybersecurity more seriously, this can only be a good thing for customers.

Awareness is crucial

At Hayes Connor, we believe that raising awareness of the growing cybersecurity threat will help organisations across the UK improve their data protection processes. But it’s also vital that we all do our bit to protect ourselves as individuals.

When it comes to protecting yourself from financial fraud, UK Finance offers the following advice:

  • Never disclose security details, such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret.

In addition, we would suggest that you also:

  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Make sure you read your credit card statements and other letters that come from your bank

If your identity has been stolen, you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call our helpline number to discuss your case in more depth.

 

[1] RPC

PUSH PAYMENT
,

Scheme to better protect banking customers from push payment scams is delayed

Push payment scams happen when cybercriminals trick someone into sending them money. They do this by contacting you via phone, email or social media and pretending to be someone else.

Last year push payment scams cost nearly £150million in the first six months alone.

Typical push payment scams include:

  • Sending fake invoices that look exactly like ones people are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official (e.g. such as a solicitor when buying a house)
  • Conning people to move cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

In response, a new system which alerts anyone making a payment if the recipient’s name doesn’t match their bank account number is being introduced. The Confirmation of Payee system has been designed to protect banking customers from push payment scams better.

However, a UK Finance boss has told MPs that the new system will be delayed because it requires a complex change in banks’ IT and processing systems.

Why are push payment scams so popular with cybercriminals?

In most cases, the push payment scam is successful because the victim believes the fraudster to be genuine. And because only account numbers and sort codes are currently used to establish where payments are being sent, the banking system makes it easy for scammers to trick people into sending them money.

However, the new system will alert customers when they are about to transfer money into the account of someone with a different name to the one they believe they are sending a payment to.

Can people get their money back after push payment scams?

Historically, banks and other organisations have avoided paying push payment scam compensation to victims. This is because the customer authorised the payments. However greater protections have now been introduced to help victims of push payment scams to secure compensation. But, to get your money back, you must be able to show that you were not to blame for the fraud.

What is happening to protect people from push payment scams?

As well as the new Confirmation of Payee system there are some other changes to be aware of. For example, in the past, you could only complain to your own bank if you were scammed into transferring money. However, you can now also complain to the bank that received your cash (the bank that the fraudster used). This rule has been introduced to encourage banks to do more to identify when cybercriminals are using their services.

If you’re not happy with the response from the banks, you can also refer your complaint to the Financial Ombudsman.

The Ombudsman has highlighted the “increasing sophistication of criminals’ methods”. It argues that in many such scams, “people are often manipulated into thinking their money’s at risk”. And that this is something it will “think carefully about before deciding whether someone’s acted in a way that goes beyond what might be described as careless.”

However, even where you do have a claim for reimbursement, fraud victims whose banks refuse to refund their losses can see the appeal process drag on for months. In fact, the average wait for those taking their case to the Financial Ombudsman Service is a staggering 215 days.

So banking customers must remain vigilant.

How to protect yourself from push payment fraud

  • Understand that your bank (or the police etc.) will never:
    • Ask you to share any sensitive information about yourself or your accounts, like your PIN or full banking password
    • Ask you to withdraw or transfer money for safekeeping
    • Send someone to your home to collect cash, a PIN, cards or cheque books
  • Always question who you’re talking to. If in any doubt call them back using trusted contact details (you can usually find these on your bank cards)
  • Be aware that scammers might have information about you such as your name, email address, phone number etc.
  • Don’t be pressured or rushed into anything. A legitimate organisation would never try to panic you out of taking security checks
  • Leave the conversation if it makes you at all uncomfortable.

Reporting push payment fraud

If you have been the victim of an attempted push payment scam, you should contact Action Fraud ASAP. Action Fraud is the national fraud reporting service. However, if you have lost money as a result of the scam, you must also report it as a crime.

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a push payment scam, find out how we can help you to recover any losses or give us a call our helpline to discuss your case in more depth. We can help you to claim compensation and steer you through the aftermath of a bank or credit card scam – minimising the impact on you as much as possible.

 

cyberattack
,

Tesco fined over £16 million following cyberattack

Tesco Bank has been fined a whopping £16.4m fine following a cyber-attack. The incident, which took place in November 2016, resulted in cybercriminals stealing £2.26m from 9,000 people.

Following an investigation into the data breach, the Financial Conduct Authority (FCA) has now penalised Tesco for the ‘avoidable’ cyber-attack.

This is the first time that the FCA has issued a fine against a company for online fraud.

If you have suffered damage or distress caused by Tesco’s failings you might be able to claim compensation.

What happened in the Tesco data breach?

In 2016, Tesco suffered an “unprecedented” attack on its online accounts. During this attack cyber-criminals used an algorithm to generate authentic Tesco Bank debit card numbers and then, using those “virtual cards”, they carried out thousands of unauthorised debit card transactions.

Altogether, fraudsters stole a total of £2.26million.

What was the result of the Tesco data breach Investigation?

While Tesco was a victim of the cyber-attack, the FCA investigation has revealed that the attackers were able to exploit “deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team to carry out the attack”. As a result, these deficiencies left Tesco personal current account holders vulnerable.

The FCA also listed a catalogue of errors at the bank, including:

  • Not taking appropriate action to prevent the fraud from happening in the first place
  • Not responding to the attack with sufficient “rigour, skill and urgency”
  • Making a number of mistakes when dealing with the crisis
  • Ignoring warnings.

According to a spokesperson at the FCA, “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started.

“This was too little, too late. Customers should not have been exposed to the risk at all.”

What should you do now?

While Tesco has refunded customers for any financial losses, if you have suffered damage or distress caused by its failings, you may be able to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

In this case, some victims were unable to access their funds when they needed them most, so were unable to pay for essentials such as food.

Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So you should seek compensation for a failure to look after your information correctly.

At Hayes Connor Solicitors, we are considering launching a group action to help victims of the Tesco data breach to claim compensation. If we believe you have a substantial group action case we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

REGISTER NOW TO FIND OUT HOW WE CAN HELP YOU.

 

cybercrime claims
,

Cybercrime losses up 24% in just six months

According to the police, £34.6 million was reported stolen from UK victims of cybercrime between April and September 2018. That’s a whopping 24% increase on the previous six months.

What do the latest statistics reveal?

  • More than £190,000 a day is lost in the UK by victims of cybercrime
  • Over a third of the victims affected had either their social media or email accounts hacked
  • People hacked via their social media and email accounts lost a total of £14.8 million
  • 13,357 people in the UK reported cybercrimes over six months.

According to a police spokesperson, cybercriminals were targeting people’s social media accounts “in a bid to make money and steal personal details”. This could leave victims “at risk of identity theft”.

The City of London Police, which runs Action Fraud, has warned people to:

  • Keep separate passwords for each of their online accounts
  • Make sure that they use the latest software and app updates
  • Be suspicious of unsolicited requests for personal or financial information (phishing)
  • Never call numbers or follow links provided in unsolicited texts or emails.

What is Action Fraud?

Action Fraud is the UK’s national reporting centre for fraud and cybercrime[1]. Victims of online offences such as scams and financial/identity fraud should contact Action Fraud to report their loss. You can do this online or via telephone. For any other form of cybercrime such as online stalking, harassment, or fears about sexual grooming, you should contact the police directly.

What else is Action Fraud saying?

In addition to the sixth-monthly figures, reports on Action Fraud’s website also warn us that:

  • A staggering £50,766,602 was lost to romance fraud in 2018 with an average of £11,145 per victim and a 27% increase on the previous year. Action Fraud is warning people to be aware of romance scams in the run-up to Valentine’s Day
  • Fraudsters are targeting the growing over 55 population because they are more likely to have money to invest. Traditionally scammers cold-call but contact can also come from online sources (e.g. email or social media)
  • Fraudsters are sending the public fake TV licensing emails to steal their personal and financial information.

What can happen if you are scammed?

Cybercrime can result in both financial and/or identity theft. And, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

We all worry about what could happen if scammers get access to our bank accounts. But the impact of data breaches goes much further than financial losses.

According to Victim Support, the effects of crime can last for a long time. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

How to protect yourself from cybercriminals

In addition to the advice provided by Action Fraud, here are a few additional steps to help protect your personal information:

  • If you are worried that your financial details have been exposed, contact your bank/credit card provider immediately and ask them to keep a close eye on your account and request a new card
  • Report any suspected phishing attempts to the police and relevant authorities (Action Fraud)
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips (register for updates)
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Register with a suitable fraud prevention service
  • Regularly change your passwords on all your accounts (you might want to use a password security tool to help you to do this).

 

Leading by example

At Hayes Connor, we want to stop cybercriminals in their tracks. To do this, we are helping to raise awareness of this issue and educating people to prevent similar crimes from happening.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] England, Wales and Northern Ireland

data breach claims
,

The impact of data breaches are often being felt months after the initial violation

A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. Not least because, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

In response, at Hayes Connor Solicitors, we help our clients to make compensation claims after their data has been put at risk by the organisations they trust to look after it.

Dealing with hundreds of different types of data breach cases, one thing that has become apparent to our solicitors is that the full impact is often not felt until months after the initial violation.

What are we seeing?

Over the last six months, we have received more than 2,500 enquiries from customers who have suffered as a direct result of a data breach. These cases saw breaches of personal, financial and sensitive data. But it is becoming increasingly clear that the impact and losses people sustain following a data breach are not always immediately obvious.

Indeed, at Hayes Connor, we have seen cases where the financial losses only start to occur three to six months later. This is often because data stolen is used in batches over time.

For example, some nine months after Ticketmaster data breach, we have discovered that:

  • 63% of all the clients we took on have suffered multiple fraudulent transactions on their payment cards
  • 31% of all clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Not just financial

We all worry about what could happen if scammers get access to our bank accounts. But the impact of data breaches goes much further than financial losses.

According to Victim Support, the effects of crime can last for a long time. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. And, like financial losses, this is often happening months after the initial breach was revealed.

With major breaches now occurring weekly, we expect this situation to escalate. As such, more must be done to protect customers following a data breach – and this cannot be a short-term fix.

Leading by example

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are helping to raise awareness of this issue and educating people and businesses to prevent similar mistakes from happening.

Ways to check if someone has stolen your identity include:

  • Checking your credit record to see if there are any searches that you don’t recognise
  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Making sure you read your credit card statements and other letters that come from your bank.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

cybercrime
,

Five cybersecurity trends to watch in 2019

Scrutinising the cybersecurity landscape, here are some of the key trends you can expect in 2019.

  1. Cybersecurity is now a threat to every organisation

Cybersecurity has been brought into the mainstream. Modern criminals are no longer content with targeting banks and other financial institutions. Instead, they are affecting all kinds of organisations from hospitals to law firms, local authorities to businesses.

Common threats include ransomware, phishing and malware.

You can check out the latest data security incidents by sector on the ICO’s website.

  1. Hefty fines are coming

Since the introduction of the GDPR, the ICO has taken a proactive stance when it comes to commenting on large-scale breaches. But, as yet it is still focused on supporting organisations to take appropriate action in the immediate aftermath of any privacy violation. And helping to prevent breaches from happening in the first place.

So, we haven’t yet seen the enormous fines promised for those that don’t look after our data properly. But you can be sure they are coming. And, according to data protection lawyers, the Ticketmaster data breach could be a real test to see if the legislation will hold companies to account.

  1. Methods of attack are becoming increasingly more sophisticated

While the majority of attackers are still going after easy “low-hanging fruit” there are signs that cybercriminals are becoming increasingly sophisticated.

For example, last year two friends were jailed after breaching the TalkTalk website in 2015 as part of a group of hackers. During the raid, the pair managed to get away with the names, addresses and dates of birth of 1.6 million customers, before sharing much of the data online. And while TalkTalk was fined £400,000 by the Information Commissioner’s Office (ICO) for not appropriately securing the data, the “significant, sophisticated systematic hack” is thought to be one of the biggest data breaches in history.

AI-assisted imposters are also set to become an increased threat. With machine-learning helping to make existing cyber-attack efforts like identity theft, denial-of-service attacks and password cracking faster, more formidable, and more effective.

Furthermore, as we move deeper and deeper into the Internet of Things (IoT), more and more devices and data are going to be connected to the internet. Keeping these safe from hackers is going to be an ongoing challenge.

  1. The law is still evolving when it comes to data protection

 In 2019, it is much easier to bring compensation claims for distress, rather than as an add-on to a financial loss claim. What’s more, the courts are looking at a wider-range of factors when deciding on appropriate compensation.

There is also more emphasis on the relationship between privacy rights and data protection from a legal perspective. This is good news for individuals as it means they can start a claim based on more than one ground (i.e. for the misuse of private information and for breach of data protection obligations).

  1. Cybersecurity is now political

We’ve all read about how Facebook was allegedly used to corrupt our democratic process following the Cambridge Analytica scandal. With questions raised over whether our data was used to influence the outcome of the Brexit referendum.

What’s more, a recent parliamentary committee warned that our critical national infrastructure is at risk from cyber attackers. And, The National Cyber Security Centre (NCSC) cautioned that hostile states are likely to target British infrastructure.

For example, experts are predicting that smart energy meters could leave householders vulnerable to cyber-attacks and higher bills. Perhaps even more concerning, in March 2018 the National Grid was put on alert amid fears of a Russian cyber-attack, and given advice on how to boost its defences to prevent power cuts and avoid a catastrophic attack.

Awareness is crucial

At Hayes Connor, we believe that raising awareness of the growing cybersecurity threat will help organisations across the UK improve their data protection processes. But it’s also vital that we all do our bit to protect ourselves as individuals.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

 

libel
,

Online defamation and libel: know your rights

Defamation is a bit of a hot topic at the moment. Earlier this year, writer and food blogger Jack Monroe won a libel action against Katie Hopkins, and was awarded £24,000 damages, for tweets which suggested that Monroe approved of defacing a war memorial during an anti-austerity demonstration in Whitehall. As a result of the fine, Hopkins had to apply for an insolvency agreement to avoid bankruptcy. Libel is a form of defamation.

Other instances where defamation has been brought into the public eye include where high-profile celebrities or businesspeople have brought an injunction to prevent the publication of material that would be damaging to their reputation (so-called gagging orders).

If you have been the victim of online defamation, it’s vital that you know your rights and what you can do to protect your reputation and achieve redress.

What is defamation?

Defamation is an all-encompassing term that covers any statement that damages someone’s reputation.

A defamatory statement can be made in:

  • Verbal form. This is classed as slander because only the spoken word is involved. Slander can be difficult to prove
  • Written form. This is classed as libel. A case for libel is easier to bring because evidence can be documented.

Defamation makes an ordinary person modify their opinions of another person as a direct result of hearing or reading the statement. Under UK law it is possible to defame businesses as well as individuals. A person that has suffered a defamatory statement can sue the person that made the statement under defamation law.

What is libel?

Online defamation tends to involve libel. You could accuse someone of libel against you if they:

  • Sent an email, or an email attachment defaming you, where that email is widely posted or forwarded
  • Made defamatory material available via a web page
  • Posted defamatory material to an email list or newsgroup
  • Streamed defamatory audio or video.

Anyone who actively transmits defamatory material may also be liable as part of any legal action.

What about freedom of expression?

It is accepted in a democratic society that individuals have a right to express their views and preferences. The internet offers great potential to do this.

Defamation is an abuse of this freedom of expression; where untrue statements may have a harmful impact on a person’s reputation.

It is critical to ensure that unfounded claims should not be allowed to damage a person’s reputation, but it is also vital for the law to balance such protections with the rights to freedom of expression. As such, the issue of defamation has become a much contested topic.

Of course, there is a balance to be had between one person’s right to protect their good name and another person’s freedom of speech. However, if someone has made an untrue statement about you, which was published on the internet, and which caused you injury, then you are entirely in your rights to sue for online defamation.