, , ,

What information was stolen in the LOQBOX data hack?

The information stolen in the LOQBOX Data Hack includes

  • Customer names
  • Postal addresses
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Two digits of the bank account number used to make payments to LOQBOX
  • Payment card expiry dates.

According to some reports, the first six and last four digits of customer card numbers may also be at risk[1]. This information is very valuable to cybercriminals. For example, the first six digits identify the financial provider. This information is often used in phishing scams (see more on this below).

LOQBOX funds have not been affected by this data breach.

What can cybercriminals do with this data?

LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”. However, the Fintech does acknowledge that this data could be used for phishing scams.

What is phishing?

Phishing is where a fraudster poses as a legitimate organisation, your bank, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords.

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information (to commit identity or financial fraud).

Typical phishing scams include:

  • Where fraudsters contact you posing as your bank to trick you into giving them sensitive financial data
  • Where fraudsters contact you posing as a company (e.g. LOQBOX) and encourage you to hand over sensitive information (e.g. passwords)
  • Where scammers send out an email with a fraudulent link. This email instructs you to click on a link which leads to a fake page that collects more of your sensitive data
  • Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment.

You can find out more about Phishing here.

The full impact of the LOQBOX data hack is not yet known

Phishing scams can lead to your personal and sensitive data getting into the wrong hands. In the worst cases, this can lead to you falling victim to financial fraud and identity theft.

Dealing with hundreds of different types of data breach cases, one thing that has become apparent to our solicitors is that the full impact is often not felt until months after the initial violation.

The impact of a phishing scam can be devastating, and we have seen cases where the financial losses only start to occur three to six months later. This is often because the data stolen is used in batches over time.

What’s more, many clients involved in phishing cases go on to suffer from distress and/or psychological trauma as a result of having their details stolen and used in fraudulent activity.

Speaking about the possible consequences of the LOQBOX data hack, expert data protection solicitor Richard Forrest said: “At this stage, we cannot say with any certainty that the LOXBOX breach will not result in future fraud and financial loss. So, while LOQBOX might want to play this hack down, it must face up to its responsibilities and be held accountable for any data security failures that made the attack possible.”

Are you at risk because of the LOQBOX data hack?

If you are a LOQBOX customer, or if you have been a LOQBOX customer in the past, then you are affected by this cyber-attack. If you are in any way concerned you should contact the LOQBOX dedicated support team at help@loqbox.co.uk.

LOQBOX also works in partnership with a number of banks (e.g. Natwest, TSB and Monzo). Customers from these banks who use LOQBOX may have had their data stolen.

Make a LOQBOX data breach compensation claim

LOQBOX has told customers it is not currently offering compensation for the loss of personal data. Although it did say it was “extremely sorry”.

However, at Hayes Connor Solicitors, we are considering launching a no-win, no-fee group litigation action to help compensate victims of the LOQBOX data hack. We can take on your claim on a no-win, no-fee basis.

To become part of our LOQBOX group action – and receive updates on what is happening in this case – we need you to register with us. This ensures that you will form part of any LOQBOX breach group action compensation claim lodged by us.

Our process is fully compliant with ICO guidance, there is no obligation to proceed, and we never put your details at risk.

Register Now


[1] https://www.theregister.co.uk/2020/03/02/financial_startup_loqbox_data_breach/

, , , ,

You might be involved in the Equifax data breach but not know it

Equifax is the second-largest credit reference agency in the UK. But, in March 2017, a staggering data breach demonstrated how weak the company’s security processes were. This happened when the personal data of hundreds of millions of people was stolen from the credit reporting giant.

Luckily for Equifax, the breach happened pre-GDPR (General Data Protection Regulation). So, while the Information Commissioner’s Office (ICO) did fine Equifax £500,000 for its security failures, this punishment could have been much, much higher.

The fact that the Equifax data breach happened under old data protection laws has proved to be even more fortuitous for the company. Not least because Equifax didn’t have to adhere to newer, more stringent, consumer rights guidelines.

Equifax hasn’t informed everyone that was impacted by the data breach

Two sets of data were hacked. And, following the breach, Equifax wrote to 693,665 customers in the UK to confirm that they had their data stolen. Equifax also wrote to a further 167,431 UK consumers whose landline telephone numbers were already published in the public Phone Book and were accessed as part of the cyberattack. Many people who received this letter have since contacted Hayes Connor to claim Equifax data breach compensation.

But not everyone put at risk by the breach has been informed.

Today, in our post-GDPR world, companies must tell people if their personally identifiable data is involved in a security breach. But, before the GDPR was introduced on 25 May 2018, these businesses were only advised to do so.

Following its investigation into the Equifax data breach, the UK’s data privacy regulator (the ICO), said that millions of people in the UK could be affected by the hack. So, many victims will not have received a letter from Equifax to let them know that their data was put at risk.

Did you use an Equifax security product between 2015 and 2017?

Following investigations into the breach, it has come to light that anyone who used an Equifax security product between 2015 and 2017 could have had their data exposed.

But, if you haven’t had a letter, how can you find out if you were involved?

The good news is that Equifax knows exactly who was impacted by this breach. And it is legally required to tell you if your data was involved. The bad news is that you have to ask Equifax for this information.

Making an Equifax subject access request

In the UK, you have a legal right to find out if and how an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this information. This is called making a subject access request (SAR).  You can make a SAR to find out if your data was involved in a hack or breach.

The ICO has provided a handy template to help you to make a SAR.

However, sometimes, defendants like to swamp people with information in response to SARs. And this can make it very difficult to find the information required in the info supplied.

So, to make sure the process is as straightforward as possible, when you appoint Hayes Connor as your data protection lawyers, we’ll provide the exact wording needed to get the information you require from Equifax – and only this data.

Don’t let Equifax get away with it

There are many failings from Equifax that led to this breach being one of the largest disclosed. It is entirely down to these vast number of failings that the breach is so large and that the attack went undetected for so long.

In the US, a settlement required Equifax to pay $1.4 Billion into a fund to compensate affected consumers. And, if you live in the UK and were impacted by the Equifax data breach, we believe that you should also be compensated.

Register today to join our No-Win, No-Fee Equifax data breach

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that we have all the experience necessary to get the best possible result for you.

We are dealing with all Equifax data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.  What’s more, if your claim is successful, we expect to be paid by the offending party (Equifax). So, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means there are no solicitor’s fees win or lose.

There are strict time limits in place for making Equifax breach compensation claims, so it’s essential to act now.

REGISTER NOW

 

, , ,

Another Marriott data breach sees 5.2 million guest records stolen

In 2018, a huge data breach put 339 million Marriott International customers at risk.  And, while you think the hotel giant would have learned its lesson, this doesn’t seem to be the case. In fact, Marriott has confirmed that it has suffered another data breach – this time involving the personal information of 5.2 million guests.

In this breach, hackers obtained the login details of two employees, and broke into a Marriott franchise property system during mid-January.

What do we know about the latest Marriott data breach?

On Tuesday 31st March, Marriott announced that it was notifying some guests of a security incident involving an unspecified system at a franchise hotel. In a statement, the hotel chain said:

“At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.

“Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers”.

What data was exposed in the breach?

The following information may have been compromised in the hack. Although Marriott states that not all of this information was present for every guest involved:

  • Contact details (e.g. name, mailing address, email address, and phone number)
  • Loyalty account information (e.g. account number and points balance, but not passwords)
  • Additional personal details (e.g. company, gender, and birthday day and month)
  • Partnerships and affiliations (e.g. linked airline loyalty programs and numbers)
  • Preferences (e.g. stay/room preferences and language preference)

Are you affected by the latest Marriott data hack?

Marriott believes that up to 5.2 million guests may have been affected. It will be sending these people an email to confirm their involvement. You might find this email in your spam folder.

Where to get help/further information

Marriott has set up a dedicated website and call centre resource to support victims of the data breach. The website can be accessed here

Marriott customers living in the UK who are concerned about the data breach should call 08003457018. The call centre will be staffed during ordinary business hours in the United States, 8:00am-8:00pm EDT Monday through Friday. Language support will be provided in English and French, and additional translation services will be available upon request.

Was financial information exposed?

Marriott says there is “no reason” to believe payment data was stolen. However, the information that is at risk could be used by cybercriminals to extract additional financial data. For example, fraudsters may pose as a legitimate organisation to trick victims into handing over sensitive information (phishing).

As such, anyone affected by this breach must take additional steps to protect themselves.

  • Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances
  • Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  • Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  • Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  • Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  • Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from Marriott
  • Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  • If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  • If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
  • Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Can you claim compensation following the Marriott data breach?

Yes. If an organisation breaches the Data Protection Act you have a right to claim compensation. Marriot carries cyber insurance, and the company says that it is working with its insurers to assess coverage. However, while it also says that it does not currently believe that its total costs related to this incident will be significant, it is far too early to say.

The impact of a data breach can be both long-lasting and significant. A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Furthermore, many victims go on to suffer from stress, anxiety and distress. And, according to Victim Support, the effects of crime can last for a long time.

To make matters worse, this isn’t the first time Marriott has been responsible for failing to protect its customers. Last year, the Information Commissioner’s Office (ICO) announced plans to fine the hotel group £99.2million for failing to secure its systems. And the regulator is unlikely to look favourably on a further breach.

Why choose Hayes Connor Solicitors?

At Hayes Connor Solicitors, we have the expertise to investigate the impact of such breaches. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that we have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

REGISTER NOW

, ,

How to keep safe after the 118118 Money data breach

This week, many people contacted our data protection solicitors, concerned about how the 118118 Money data breach might affect them. This comes after 118118 Money informed customers about a security incident at the company.

In an email headed “Important information about your account”, 118118 Money confirmed that:

  • On Friday 20th March, illegal access to the network which includes 118118Money.com was discovered
  • The data obtained was call recordings. So, people who had called the 118118 Money customer service line could be affected
  • The customer service calls were accessed by the criminals responsible for the cyber attack
  • The data compromised could include names, addresses and dates of birth
  • Other personal information discussed in calls might also be at risk.

If you are a 118118 Money customer, you might find this email in your spam folder. It is also important to note that, while the breach was discovered on 20th March, it is not yet clear how long the hackers had access to the network before then.

Is financial data at risk after the 118118 Money data breach

While 118118 Money does not mention financial details, we have spoken to people who have confirmed that they did share their bank account info with the company over the phone. So, it is very likely that this sensitive information is in some recordings.

118118 Money states that it believes that there is a “low risk of your data being used fraudulently”. And that, “since the data is held in the form of call recordings, it would be extremely time-consuming for anyone to attempt systematically to extract or copy your personal information”.

However, there is absolutely no way of knowing this. And, sophisticated technology does exist to help cybercriminals extract specific pieces of data from conversations. So, anyone impacted by this breach is right to be worried.

One customer we have spoken to said that there was cash taken out of her credit card account around the time of the breach.

Protect yourself from cybercriminals after the data breach

To help protect customers, 118118 Money is offering complimentary access to the Experian ‘Identity Plus’ fraud monitoring service for the next 12 months. But, while we would recommend using such a service, we would advise customers to check the small print to make sure that, by accepting this offer, they do not sign away their rights to make a compensation claim.

Customers are also being warned that:

“Fraudsters may claim to be 118118 Money and attempt to contact you over phone or email. This is known as “phishing”.Please be aware that we will never call or email you to request your financial information. You should report any such requests to Action Fraud, the UK’s national fraud and cybercrime reporting centre on 0300 123 2040.”

In addition, at Hayes Connor, our data protection experts recommend that anyone affected by this breach follows these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.

  1. Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances. This may include organising a replacement bank card
  2. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  3. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  4. Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  5. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  6. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  7. Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  8. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  9. Change your passwords and make sure your devices are protected by up-to-date internet security software
  10. Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Can you claim compensation for the 118118 Money data breach?

Since the breach, 118118 Money has been liaising with the relevant regulators and authorities (as it is legally obligated to do). At Hayes Connor Solicitors, we are watching this case with interest, and, if 118118 Money has failed to protect its customers, we will launch a no-win, no-fee action.

You do not need to have suffered any financial loss to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. So, should personal data be found to be compromised, customers can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

Why should you choose Hayes Connor as your solicitors?

At Hayes Connor Solicitors, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. So, we are confident that our team has all the experience and know-how necessary to get the best possible result for you.

We also help steer you through the aftermath of a data breach – minimising the impact on you as much as possible. Our process is fully compliant with ICO guidance, and we never put your details at risk.

To become part of any future action against 118118 Money, we need you to register with us. There are no costs to do this and no obligation to proceed.

REGISTER HERE

 

 

, ,

Your personal information is at risk during the coronavirus pandemic

Hayes Connor has raised concerns about a potential increase in data breaches during the coronavirus pandemic. Primarily, our expert data breach solicitors believe that personal information is at risk in four different ways.

An increase in phishing emails and coronavirus scams

Hayes Connor has warned people to be on their guard in case of coronavirus scams and phishing messages. Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Find out more about this, and how to protect yourself from coronavirus scams here.

An increase in coronavirus apps

As the UK enters a period of full lockdown, a number of Covid-19 apps have been launched, one promises to check users’ symptoms remotely and to provide the latest guidance, while another seeks to help researchers identify hotspots and non-typical symptoms.

This follows similar apps being launched in other countries including Taiwan which is utilising technology during the global pandemic to monitor quarantined users’ movements, alerting the police if they leave their homes.

Talking about this, Kingsley Hayes, our managing director and data protection expert, said:

“Technological innovation during this unprecedented period of crisis may help official health organisations learn more about the coronavirus contributing to the global effort to contain and tackle the disease.

 “Caution should be taken by users however, in relation to how personal information such as gender, age, medical information and location will be stored, processed and shared. At a time of crisis, these and other developments will be introduced quickly and will likely be adopted rapidly by the general public as we all come to terms with significant disruption.

 “The organisations behind the apps should be transparent about how the collected confidential data will be used, stored and shared both during the pandemic and after.

 “While technological advancements mean that some have been able to respond quickly to the crisis by introducing apps which may prove helpful, protecting confidential data – even in times of crisis – should remain a priority.”

An increase in human error – the leading cause of data breaches

As the coronavirus situation escalates, we are all feeling more anxious than usual. Human error is the greatest cause of data breaches at the best of times, so it is to be expected that such instances might increase when people are worried and confused.

For example, when sending out an email to residents to inform them of changes to services during the coronavirus outbreak, Watford Community Housing Trust inadvertently leaked the personal details of 3,545 tenants. It did this by attaching a spreadsheet containing their highly sensitive and personal data. Watford Community Housing has apologised unreservedly for this breach, but had it implemented some simple security measures (e.g. password controls/encryption on sensitive data), any damage could have been alleviated.

So, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place.

An increase in data breaches due to homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Kingsley Hayes said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far-reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

What to do if you are the victim of a personal information breach

If you want to claim compensation following a data breach, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have.

We also understand that making a compensation claim can be stressful; especially where sensitive information is already breached. So, we remove the jargon and make sure you always know what’s happening with your case.

The UK’s leading data breach law firm, we may be able to act for you on a NO WIN, NO FEE basis – so you have nothing to lose.

Register to tell us about how a data breach has affected you. Or contact us on 0330 041 5131*.

*Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

, ,

Hayes Connor warns of coronavirus scams

Following warnings from the police that “individuals may be taking advantage of the vulnerable by posing as door-to-door coronavirus testers in order to gain access to people’s properties”, Hayes Connor has also warned people to be on their guard in case of coronavirus scams and phishing emails.

Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Types of coronavirus scams

In a recent blog post, Action Fraud listed the types of scams it has been seeing in relation to COVID-19. They include:

  • Online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived
  • Phishing emails purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area. To access this information the victim needs to either click on a link which redirects them to a credential-stealing page, or make a donation of support in the form of a payment into a Bitcoin account
  • Phishing emails from fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates
  • Phishing emails from fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn. For example, emails entitled “the positive impact on staying home (Corona-virus), make thousands a day trading Bitcoin”
  • Phishing emails from fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details.

In total, Action Fraud has received over 200 reports of coronavirus-themed phishing emails.

How to protect yourself from coronavirus scams

As we all try to navigate this difficult time, it’s essential that individuals remain vigilant to protect themselves from coronavirus scammers. This means:

  • Never clicking the links or attachments in suspicious emails or texts
  • Never responding to unsolicited messages and calls that ask for your personal or financial details
  • Understanding that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Knowing that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  • Not assuming that an email, text or call is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Being careful about who you trust. Criminals often try and trick people by telling them that they have been a victim of fraud and scaring them into revealing their security details
  • Knowing that criminals can make any telephone number appear on your phone handset, so even if you recognise a number, or it seems authentic, it might not be genuine
  • Not being rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Listening to your instincts. If something feels wrong, then it is right to question it
  • Having the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
  • Never hesitating to contact your bank or financial service provider on a number you trust, such as the one listed on their website or the back of your payment card
  • Being careful when making a purchase from a company or person you don’t know and trust
  • If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases
  • Always installing the latest software and app updates to protect your devices from the latest threats.

Reducing the risk of data breaches while homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Recognising the increased risks around data protection for employees working outside the office environment and implementing simple measures to mitigate the risk of a data breach is essential.

Kingsley Hayes, managing director at Hayes Connor Solicitors and data breach expert said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

For more advice on how to keep your data safe, follow Hayes Connor on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.

 

, ,

The Tesco Clubcard data breach shows the value of personal data

Tesco Clubcard holders have been contacted after a security issue was discovered and some customers had their accounts accessed unlawfully. Tesco is also issuing new cards to 600,000 Clubcard account holders as a precautionary measure. However, in this case, it doesn’t appear that Tesco was responsible for the data breach.

An email from Tesco to Clubcard account holders reads:

“We recently became aware of some fraudulent activity on your Clubcard account, which included an attempt to access your Clubcard vouchers. We picked this up quickly and, to be on the safe side, blocked your account immediately.

 This means that, when you next try to sign in, you’ll be asked to reset your password. As an extra precaution, we’ll reissue you with a new Clubcard number.”

Some Tesco customers have criticised the email for being ambiguous. However, when delving into the details of this incident, it seems that Tesco’s systems remain secure, nothing has been compromised, and the supermarket giant has not been hacked. Instead, Tesco believes that cybercriminals are using data that has been stolen in other breaches to try and break into customer accounts and steal loyalty points/Clubcard vouchers.

Tesco also believes that, in some instances, these criminals might have been successful.

Your data has value

Speaking about this issue, Hayes Connor MD and expert data protection solicitor Kingsley Hayes said:

“As expert data breach lawyers, at Hayes Connor one argument we often hear from companies that have had data stolen from them, is that it’s not really a big deal. For example, in the Equifax data breach, the credit reference agency is claiming that any losses are ‘DE Minimis’. This means that they think the information stolen and the losses suffered in this case are so little that it is not worth the Courts time to compensate people for the breach of their data privacy rights. But, while there is a misconception that some forms of personal data are not as valuable as financial data, this isn’t necessarily the case.

“All too often, cyber-criminals use names and email addresses stolen in a data protection act breach to extract additional information from victims (such as banking details). And, the Tesco Clubcard data breach shows how criminals are using stolen data for nefarious purposes and seeking to steal peoples’ “financial value”.  

“What’s more, fraudsters are becoming increasingly sophisticated and are now capable of piecing together different bits of data to build a complete profile on a person. And, once they have that, they are using this information to carry out further attacks and theft”.

How do cybercriminals use stolen data?

Too many people use the same, simple passwords and logins for many different accounts. So, when a data breach occurs, it is relatively easy for criminals to use this information to carry out further crimes. In our experience cyber-criminals can do extensive damage with just names and email addresses.

Common tactics deployed following a data breach include:

  • Phishing. Where a fraudster poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords. This is much easier to do if they already have some information about you.
  • Brute force attacks. Where criminals use leaked common password combinations against the emails to try to break into other personal accounts.

Keeping your data safe

Follow these tips to prevent cybercriminals from using your stolen data against you:

  1. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  2. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  3. Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  4. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  5. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  6. Understand that a legitimate bank or other financial organisation will never contact you to ask for your PIN or full password. Nor will they ask you to move money to another account for fraud reasons
  7. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  8. Register with the Cifas protective registration service
  9. Change your passwords regularly and consider using a password manager to generate and store different passwords for each account
  10. Use two-factor authentication (2FA) wherever possible.

Upholding your data privacy rights

Hayes Connor Solicitors is a law firm operating in the data breach and protection sector. We help our clients to claim data breach compensation following data protection violations, GDPR breaches and other cyber offences.

Our firm has established itself as the leading niche provider of legal services in this area. A relatively new and evolving area of law, this is all we do. Consequently, we have become a specialist in data protection law and data breach compensation claims, and, we lead our field when it comes to understanding the complexities involved. This means you get the very best level of legal support available.

With all the experience and expertise needed to win against even the biggest of companies, we work with you to protect your rights and hold organisations to account for their failures.

For more information on how to keep your data safe, follow us on Twitter and Facebook.

, , ,

What are the data protection experts saying about the LOQBOX breach?

Since the LOQBOX breach was made public, the data protection experts at Hayes Connor have been contacted by many LOQBOX customers. Most of who are concerned that they are now at risk of financial fraud, phishing attacks and further privacy violations.

So far, the details about what happened in the LOQBOX breach remain scarce. So, it’s hard to say with certainty what the long-term impact of this hack will be. But, by using their unique experience and understanding of what can happen following a data privacy infringement, our cybersecurity solicitors share their thoughts on the possible consequences.

Richard Forrest, data protection solicitor, Hayes Connor Solicitors

“Over the past few weeks, I’ve been contacted by many LOQBOX customers who have had their personally identifiable information breached. Understandably, the one thing that most of them share is that they are now suffering a high degree of stress and anxiety.

“When a hack occurs, people often worry about their finances. And, as the LOQBOX breach includes some degree of financial information, it’s only natural that people will be concerned. LOQBOX has even admitted that, while the data exposed in the breach cannot be used on its own to access a person’s bank account, it could be used for phishing scams.

“The bottom line is that, despite assurances from LOQBOX, we cannot say with any certainty that the breach will not result in future fraud and financial loss. And, without that certainty, people will be subject to increased levels of stress and apprehension.

“Even if the customers involved in the LOQBOX breach never have anything else stolen from them (other than their private data), the sheer worry about what might happen can be debilitating. Of course, everyone reacts differently, but for some people, the effects of a data breach can include a lack of sleep, feeling ill, unsettled or confused. I’ve seen situations where the level of stress suffered after a privacy violation has affected a person’s relationships with their friends and family, and even their ability to do their job. So, while LOQBOX might want to play this hack down, it must face up to its responsibilities and be held accountable for any data security failures that made the attack possible.”

Kingsley Hayes, managing director, Hayes Connor Solicitors

“Despite the increased risk to customers following the hack – a risk that has been acknowledged by LOQBOX – it took over a week before many people found out that their data had been breached.

LOQBOX said that it wanted to let people know sooner. But it felt doing so would have been irresponsible because, without knowing more, LOQBOX would not have been able to advise customers on what measures they should take to protect themselves.

“At Hayes Connor, we would question this decision. Our experience is that any delay in contacting victims of a data breach immediately places people at increased risk of fraud and causes more long-term distress.

“Furthermore, Loqbox themselves state that they have bank level security in their marketing material. There are significant questions to ask about that security if that is indeed the case given the breach that occurred.”

Customers are at risk following the LOQBOX breach

A huge amount of personal and highly sensitive data was accessed during the LOQBOX data hack. And the damage that could be caused should this fall into the wrong hands should not be underestimated.

If your info has been exposed, our expert data protection solicitors recommend that you follow these tips on how to spot phishing attacks and prevent cybercriminals from causing more damage:

  1. Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances
  2. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  3. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  4. Beware of emails and websites with poor spelling and grammar. This is one of the most common signs that an email/site isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email/site from a real one
  5. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  6. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from LOQBOX
  7. Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  8. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  9. If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
  10. Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Making a LOQBOX breach compensation claim

At Hayes Connor Solicitors, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. As such, we have all the experience and know-how necessary to get the best possible result for you.

We are watching this case with interest and are considering launching a no-win, no-fee group litigation action.

To become part of our LOQBOX group action – and receive updates on what is happening in this case – we need you to register with us. This ensures that you will form part of any LOQBOX breach group action compensation claim lodged by us.

Our process is fully compliant with ICO guidance, there is no obligation to proceed, and we never put your details at risk.

Register now

, , ,

LOQBOX data breach. What do we know so far?

Fintech startup LOQBOX – a company that helps people to improve their credit ratings – has suffered a cyber-attack. At Hayes Connor, we have been contacted by many LOQBOX users, concerned that their data is now in the hands of criminals. The full details of what happened in the LOQBOX data breach will emerge over time, but what do we know about this data privacy failure so far?

When did the LOQBOX data breach happen?

The cyber-attack on the LOQBOX computer system took place on 20th February 2020.

What data was accessed in the LOQBOX data hack?

The information included in the LOQBOX data hack includes:

  • Customer names
  • Postal addresses
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Two digits of the bank account number used to make payments to LOQBOX
  • Payment card expiry dates.

According to some reports, the first six and last four digits of customer card numbers may also be at risk[1]. This information is very valuable to cybercriminals. For example, the first six digits identify the financial provider. This information is often used in phishing scams (see more on this below).

LOQBOX funds have not been affected by this data breach.

Who is affected by the LOQBOX data breach?

If you are a LOQBOX customer, or if you have been a LOQBOX customer in the past, then you are affected by this cyber-attack. If you are in any way concerned you should contact the LOQBOX dedicated support team at help@loqbox.co.uk.

LOQBOX also works in partnership with a number of banks (e.g. Natwest, TSB and Monzo). Customers from these banks who use LOQBOX may have had their data stolen.

What can cybercriminals do with this data?

The damage that could be caused should this information fall into the wrong hands should not be underestimated. Indeed, while LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”, it does acknowledge that this data could be used for phishing scams.

Phishing is where a fraudster poses as a legitimate organisation, your bank, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords. Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Phishing is a serious crime, and victims can suffer both financial loss and distress.

You can find out more about Phishing here.

How did LOQBOX react to the data breach?

The company has taken additional steps to improve the defences of the LOQBOX computer system. And it is liaising with the relevant regulators – the FCA (Financial Conduct Authority) and the ICO (Information Commissioner’s Office). It has also reported the incident to the police.

Following the attack, LOQBOX also contacted customers to let them know that the company had been hacked and that as a result, some of their personal information may have been compromised. However, there was a delay in doing this and it took over a week before many people found out that their data was at increased risk.

In its defence, LOQBOX said that it could not contact users and let them know about the hack until it knew more about how people had been affected. But, in our experience, any delay in contacting customers (and former customers) immediately, places these individuals at increased risk of fraud and causes more long-term distress.

Can you claim compensation for the LOQBOX data breach?

LOQBOX has told customers it is not currently offering compensation for the loss of personal data. Although it did say it was “extremely sorry”.

However, at Hayes Connor Solicitors, we are watching this case with interest, and, if LOQBOX has failed to protect its customers, we will launch a no-win, no-fee group litigation action. We can take on your claim on a no-win, no-fee basis.

 We have already been contacted by people concerned that LOQBOX has breached their data; all of whom are understandably upset and anxious about the breach. To become part of our LOQBOX group action, we need you to register with us. This guarantees that you will form part of the group action compensation claims that will be lodged by us.

REGISTER HERE

What can you claim compensation for?

You do not need to have suffered any financial loss or emotional distress to claim against LOQBOX. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. So, should personal data be found to be compromised, customers can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

What is a group action?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant (in this case, LOQBOX). These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

How can you protect yourself following the LOQBOX data breach?

Follow these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.

  1. Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances. This may include organising a replacement bank card
  2. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  3. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  4. Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  5. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  6. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from LOQBOX
  7. Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  8. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  9. If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
  10. Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.


Register today to join our no-win, no fee LOQBOX data breach action

At Hayes Connor Solicitors, we have the expertise to investigate the impact of such breaches. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, at Hayes Connor, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve. We have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

Register now


[1] https://www.theregister.co.uk/2020/03/02/financial_startup_loqbox_data_breach/

, , ,

10 steps to protect yourself following the LOQBOX data hack

On 20th February 2020 there was a cyber-attack on the LOQBOX computer system. Following the attack, LOQBOX contacted customers to let them know that the company had been hacked and that as a result, some of their personal information may have been compromised. The information included in the LOQBOX data hack includes:

  • Customer names
  • Postal addresses
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Some digits of the bank account number used to make payments to LOQBOX
  • Payment card expiry dates.

Customers (and former customers) are at risk following the LOQBOX data hack

A huge amount of personal and highly sensitive data was accessed during the LOQBOX data hack. And the damage that could be caused should this fall into the wrong hands should not be underestimated.

Indeed, while LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”, it does acknowledge that this data could be used for phishing scams.

Despite this, LOQBOX claimed that it could not contact users and let them know about the hack until it knew more about how people had been affected. So, it took over a week before many people found out that their data was at increased risk of being used in phishing scams.

In a statement, LOQBOX said:

“The simple reason it took the time it did to respond is that we had to get our response right. We had cyber-security experts going through our systems, almost immediately, in order to understand what happened and who had been affected, but this took time. We instructed a specialist law firm to make sure that we were compliant with all the relevant regulations. We also made sure that the Information Commissioner’s Office and the Financial Conduct Authority were informed about exactly how we were responding. We really wanted to let you know sooner but felt it would have been irresponsible to contact our customers with only a partial picture because you would not have known what measures you should take to protect yourselves”.

At Hayes Connor, our experience is that any delay in contacting customers (and former customers) immediately, places these individuals at increased risk of fraud and causes more long-term distress.

What is phishing?

This is where a fraudster poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords.

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Typical phishing scams include:

  • Where fraudsters contact you posing as your bank
  • Where fraudsters contact you posing as a company (e.g. Microsoft) and encourage you to complete steps that let them gain access to your computer
  • Where scammers send out an email from a service you use (e.g. PayPal, Google Drive, Dropbox, etc.). This link instructs you to click on a link which leads to a fake page that collects your login details
  • Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment
  • Where scammers pretend to be from someone in the same company as you in a bid to steal the private data of your customers.

Phishing is a serious crime, and victims can suffer both financial loss and distress.

FIND OUT MORE ABOUT PHISHING

Ten steps to protect yourself following the LOQBOX data hack

Follow these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.

  1. Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances
  2. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  3. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  4. Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  5. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  6. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from LOQBOX
  7. Understand that a legitimate bank or other financial organisation will never contact you to ask for your PIN or full password, or ask you to move money to another account for fraud reasons
  8. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  9. If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
  10. Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Making a LOQBOX data hack compensation claim

At Hayes Connor Solicitors, we are watching this case with interest, and, if LOQBOX has failed to protect its customers, we will launch a no-win, no-fee group litigation action.

We can take on your claim on a no-win, no-fee basis.

We have already been contacted by people concerned that LOQBOX has breached their data; all of whom are understandably upset and anxious about the breach.  But you do not need to have suffered any financial loss or emotional distress to claim against LOQBOX. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. So, should personal data be found to be compromised, customers can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

To become part of our LOQBOX group action, we need you to register with us. This guarantees that you will form part of the group action compensation claims that will be lodged by us.

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant (in this case, LOQBOX). These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

Register today to join our no-win, no fee LOQBOX data breach action

At Hayes Connor Solicitors, we have the expertise to investigate the impact of such breaches. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, at Hayes Connor, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve. We have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

Register now