social media scam
,

Would you fall for this social media scam?

Cybercriminals are targeting people’s social media accounts in a bid to steal money and personal details. In fact, according to reports, a staggering 53% of all logins on social media websites are fraudulent, and 25% of all new accounts are fake[1]. And, while we have all heard about how people are using Facebook and other channels to spread fake news and influence elections, for some people, the consequences are much closer to home. So how can you protect yourself from social media scams?

Facebook PayPal Fraud

In one recent case, a Facebook user received a message from a friend on Facebook claiming he was having trouble with his PayPal account. The friend asked if he would accept some eBay payments on his behalf, and then send the money on to him.

While many of us might be suspicious if we were asked to give money to someone, most people are far less likely to worry about receiving cash. So, being the good friend he was, he accepted two payments and sent them on to the bank details provided.

However, as soon as the money had left his account, he got a message from PayPal saying that the payments he had received were fraudulent, and as such, were being reversed. This left the unwitting victim £300 out-of-pocket. Needless to say, his real friend had never asked for, or received any money.

To make matters worse, PayPal took no responsibility for the stolen cash. And, the young man learned the hard way that you should never take any requests to send money at face value, even if they seem legit.

What can you do to protect yourself from similar social media scams?

When using technology, we must be conscious of the data we are sharing, and how it can be used. Here are some quick tips to keep you safe on social media.

  • Don’t assume a message is authentic. Just because someone knows some personal information about you (i.e. your address, mother’s maiden name etc.), that doesn’t mean they are genuine
  • Don’t accept friend requests from people you don’t know
  • Be careful about what you share online (e.g. avoid answering questions like “what was your mother’s maiden name” and “what was the name of your first pet”. Even if they seem to be part of a harmless quiz or post)
  • Remove location data from your posts
  • Use a different password for all your accounts
  • Use two-factor authentication
  • Check the privacy settings of all your accounts
  • Don’t download suspicious apps
  • Think twice before clicking on any links
  • Read the T&Cs of any games or apps you want to use
  • Always check with friends (offline) if they ask you to send money or do anything you are unsure about
  • Keep an eye out for fraudsters looking to gather personal information about you or someone you know
  • Never disclose security details such as your PIN or full banking password to anyone (including anyone claiming to be from your bank)
  • Know that banks or other trusted organisations will never contact you and ask you to transfer money to a secure account
  • If something doesn’t feel right listen to your instincts
  • If you’re worried that you may be at risk, report it to your bank, the Police or Action Fraud straight away.

Today, social media is part of everyday life. So, we would never suggest that you stop using it. But following these simple steps can help you to stay safe.

Get digitally aware

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of an online scam, contact us find out how we can help you to recover any losses.


[1] Arkose Labs

cybercrime help
,

How to stay safe from cybercrime

With cybercrime rarely out of the news, it’s only natural that people are worried. Here’s are some top tips to help keep you safe from cybercrime and hackers.

Protect your finances from cybercriminals

  • Contact your bank or credit card provider if you are at all worried that your financial information could be at risk. For example, if you discover that you are the victim of a cybercrime or data breach
  • Keep an eye out for any bills or emails showing goods or services you haven’t ordered
  • Check your bank statements regularly for any unfamiliar transactions and alert your bank or card provider immediately if there is any suspicious activity
  • Be careful who you trust – criminals may try and trick you by telling you that you’ve been a victim of fraud. Cybercriminals often use this to draw you into the conversation, to scare you into acting and to reveal your security details
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Keep an eye on your credit score for any unexpected changes
  • Understand that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Know that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you

Protect your personal data from cybercriminals

  • Do not click on any suspicious links. This could result in you giving a fraudster access to your personal or financial details
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Always question uninvited emails, calls, etc. in case it’s a scam. If you are at all unsure, contact the company directly using a known email or phone number
  • Don’t assume an email, phone call, text or social media message is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Don’t accept friend requests from people you don’t know on social media
  • Regularly review your privacy settings on any social media platforms, website and apps you use
  • Change your passwords regularly
  • Use a different password for every account. If you are worried about remembering them all you could sign up to a password manager
  • Make sure your devices are protected by up-to-date internet security software
  • Know that cybercriminals can make any telephone number appear on your phone handset, so even if you recognise a name or number, or if it seems authentic, it might not be genuine
  • Listen to your instincts. If something feels wrong, then it is right to question it and refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it

What if you think you are already the victim of a hacker or fraudster?

  • Report any suspected fraud to Action Fraud
  • If you have had money stolen, contact the police
  • Contact the ICO to let them know about your concerns if you are worried that a data breach has put your data at risk of cybercrime. The ICO might investigate the data breach and, while it does not award data breach compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  • Make sure that if you are offered any form of compensation or free services from the organisation that put your data at risk, you check the small print. Be careful that in accepting an offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  • If you want to make a cybercrime compensation claim – for loss of money or emotional distress – you should contact Hayes Connor Solicitors.

Making a cybercrime compensation claim

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid cybercrime compensation claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe from cybercrime, follow Hayes Connor Solicitors – the data protection experts – on Twitter and Facebook.

cybercrime
,

99% of cybercrime insurance claims are successful

The Association of British Insurers (ABI) – an organisation that represents the insurance industry – has asked that anonymised cyber breach data be made publicly available. The ABI feels that this is necessary for insurers to accurately gauge the level of risk when it comes to cybercrime, and set the price of cyber insurance.

Why is cyber insurance important?

Data breaches and cybercrime can be devastating for victims. At Hayes Connor, every day, we hear about how privacy violations are causing misery and upset to people across the UK; often because of simple human errors.

But it’s not just victims of data breaches that suffer long-term effects of cybercrime and privacy violations. Organisations of all types and sizes can also find it difficult to recover.

Some of the possible consequences faced by companies that fail to keep their data safe include:

  • Loss of time and money due to having to repair affected systems and disruption to trading
  • Loss of reputational damage and sales (lack of trust from current and potential customers)
  • Loss due to the legal consequences of a data breach (e.g. fines, legal fees and compensation payments)
  • Loss of competitive advantage due to the theft of trade secrets or copyrighted material
  • Having to pay fraudsters (cyber extortion)
  • Rises in insurance premiums.

What has changed?

Until recently, the impact of a data breach on a business, while damaging, probably wasn’t too bad. But, since the introduction of the General Data Protection Regulation (GDPR), fines have skyrocketed.

The Information Commissioner’s Office (ICO) has announced that it plans to fine the Marriott hotel nearly £100m. And British Airways is being fined £183 million for its high-profile data breach.

Also, according to the ABI, fewer and fewer companies are getting away with privacy violations, with claims payout rates reaching 99%. This is one of the highest claims acceptance rates across all insurance products.

In 2018, nearly half of all UK businesses fell victim to cyberattacks or security breaches[1]. And, almost 30 million cyber-related crimes took place in the last quarter of last year[2]. So, it is clear why insurance companies are now asking for this data.

Standard insurance policies do not cover cyber risk

Despite the rise in cybercrime, many UK organisations are still failing to insure themselves against the threat of a data breach. In fact, according to the ABI, only 11% of UK companies are said to have specific cyber insurance.

But standard insurance policies do not cover cyber risk. So, every business must now consider cyber insurance to take preventative measures in the face of hackers. Because if a data breach claim is made against a company, and it is found liable for data privacy errors, the consequences of not being covered could be catastrophic.

What happens now?

A spokesperson for the ABI said: “Data is key to insurers’ ability to better understand and more accurately price cyber risk. We need the ICO to work with us to find what data can be shared to help insurers provide more cover to the many businesses that need it in this digital age”.

The ICO has yet to agree to the request from the ABI, but a solution must be found to help protect everyone involved. Because cybercrime and data breaches are not going away.

Cyber insurance helps victims of cybercrime

At Hayes Connor, we’ve seen cases where experiencing a data breach has resulted in adverse life events. For example, losing money, having to move to a new house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can be emotionally and financially stressful.

In most cases, victims try to engage with the organisations responsible, but are rebuffed or provided with wholly inadequate excuses. In almost all cases, the organisation at fault fails to recognise the damage caused by the breach and loss.

Often this failure to provide adequate redress to the victims of data breaches comes from fear. Fear that giving proper compensation could put an organisation out of business. But, with the right insurance in place – alongside improved data security processes – both companies and individuals would be better protected.

For more advice on how to keep your data safe, follow Hayes Connor Solicitors on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.


[1] 2018 Cyber Security Breaches Survey

[2] Kaspersky

cybercrime
,

Common types of cybercrime to watch out for

According to police statistics, more than £190,000 a day is lost in the UK by victims of cybercrime. If you are worried about the threat of cybercrime, here is some useful info on some of the most common types of cyber-scams to watch out for.

The ’Nigerian’ scam (419 Fraud)

 This is one of the oldest and most popular internet scams. Typically people will receive an email, text or social media message claiming to be from an official government member, a businessman or a member of a very wealthy family member.

The scammer asks for help in retrieving funds in exchange for a very large sum of money. Typically, requests for money for additional services increase, but the promised payback never arrives.

Our advice: If you receive a letter, text or e-mail asking you to send banking information or money, do not reply in any manner.

Phishing attacks

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information.

Our advice: Always question uninvited emails, calls, texts, etc. Instead, contact the company directly using a known email or phone number. Find out more about phishing attacks.

Lottery scam

This is another common type of scam that is still doing the rounds. With a lottery scam you receive an email letting you know that you won a huge amount of money.  But, to claim your winnings, you need to pay a small fee.

Our advice: If you did not play, either by buying a ticket or playing online, you cannot win. If the email does come from a company know to you (e.g. the National Lottery), login to its website using the Google web address (not the one provided in the email) to check your winnings. You will never be asked to pay a handling fee or any sort of charge by a legitimate company for your winnings to be released.

Social media fraud

Cybercriminals are targeting people’s social media accounts in a bid to steal personal details and leave victims at risk of identity theft.

Our advice: It is absolutely right that we are demanding that organisations look after our data with respect, but it is also crucial that we apply the same standards to our own behaviour if we want to stay safe. For example, when using technology, we must be conscious of the data we are sharing, and how it can be used. Find out if you are sharing too much on social media.

Bank and credit card takeover fraud

Takeover fraud happens when a criminal uses another person’s account information (e.g. a credit card number) to buy products and services. Takeover fraud is also used by scammers to extract funds from a person’s bank account.

Our advice: Takeover fraud can be hard to avoid. Often because victims may have had their data exposed in a data breach. If you have been a victim of this form of cybercrime, Hayes Connor Solicitors can help you to understand what you should do about the takeover fraud. Find out more about takeover fraud and how we can help.

Push payment scams

Push payment fraud (also called APP fraud) happens when cybercriminals deceive individuals into sending them money. Because the victim believes the fraudster to be genuine, they authorise the handover of cash.

Typical push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

Our advice: Find out more about push payment fraud here. 

Blackmail

This type of scam is becoming increasingly common. Cybercriminals will send you an email saying that they have compromising videos/photographs of you and will send them to everyone you know unless you pay up. To create the appearance of danger, the message is often filled with details about your life. In many cases, this information has been collected from a personal blog or social media account.

Our advice: Do not reply in any manner.

Romantic scams

Many people use the internet to find love. Be that an online dating site or social media platforms like Facebook, Twitter and Instagram.

But you need to be very careful, because you never know who you might meet online and scammers are using the internet to target victims all over the world.

Our advice: Find out more about dating fraud and how to protect yourself here.

Malware attacks

Typically, cybercriminals send emails to their target users, encouraging them to download malware onto their computers inadvertently. Once installed, these criminals can use the malware to spy on online activities, steal personal and financial information or hack into other systems.

Our advice: Never click on any suspicious links – even if it looks like they have been sent by someone you know.

What to do if you are the victim of a cybercrime

If you have been the victim of a cyber scam, you should contact Action Fraud ASAP. Action Fraud is the national fraud reporting service. However, if you have lost money as a result of the scam, you must also report it as a crime.

For a much bigger list of know scams, check out Action Fraud’s A-Z of fraud here.

Helping to keep you safe from cybercriminals

For more advice on how to keep your data safe, follow Hayes Connor Solicitors on Twitter and Facebook.

Alternatively, if you are the victim of cybercrime, you may be able to claim compensation. At Hayes Connor Solicitors, we’ve been helping people to achieve the redress they deserve for over 50 years, so we know what it takes to make a successful cybercrime claim.

FIND OUT MORE ABOUT CYBERCRIME COMPENSATION

cybercrime
, ,

Has your bank warned you that you are being scammed? Watch out!

Cybercriminals are getting increasingly clever. And over the last few months, we have heard about some really smart and dangerous scams and cybercrime.

One such example is where people get calls from “their bank”, warning them that they are in the process of being scammed. But, in a panic to make sure they don’t become a victim, these individuals often give criminals access to the very data they need.

Google Pay Scam

One of our team helped to stop such a scam when a friend shared her experience on Facebook. The post read:

“Just had a call off the bank. Someone has set up two phones with a Google Pay account on my card!  They can now make contactless payments with their phones! They are cancelling everything now and calling me back once done!”

But, while this might look like the bank was stopping a cybercrime from happening, it didn’t ring true to our data protection expert! So, she warned her friend that this might be a scam. And she advised her to contact her bank using the telephone number on the back of her bank card to check. She also told her not to transfer money to a safe account if asked to do so.

The friend was initially sure that the call from the bank was legitimate. This was because they didn’t ask for any details and knew things like her home address etc. Instead, they had promised to send out a code to allow the bank to shut down the Google Play account.

But cybercriminals will often play the long game to make sure you trust them. And, after a second warning, the friend called the bank using its legitimate number to check that everything was genuine.

It wasn’t. And the scammers were stopped in their tracks.

When it comes to cybercrime, not everyone has a data protection expert at hand

While it’s not clear exactly how the criminals intended to defraud their potential victim, the effects could have been devastating. And not everyone has a data breach expert on hand to give them advice.

So, with criminals becoming increasingly savvy, what can you do to protect yourself from similar cyber scams?

What can you do to protect yourself from similar online scams?

  • Never disclose security details such as your PIN or full banking password to anyone (including anyone calling from your bank)
  • Don’t assume an email, text or phone call is authentic. Just because someone knows some personal information about you (i.e. your address, mother’s maiden name etc.), that doesn’t mean they are genuine
  • Know that, just because they haven’t asked you for any information, or asked to do anything, that doesn’t mean you are safe
  • Know that banks or other trusted organisations will never contact you and ask you to transfer money to a secure account
  • Be aware who you’re sharing your personal information with. Only give out details to a service you trust and that you’ve contacted directly or are expecting to be contacted by. Even then, do not hand over sensitive information
  • Don’t be rushed into handing over personal or financial information
  • If something doesn’t feel right listen to your instincts. Leave the conversation if it makes you at all uncomfortable. A legitimate organisation would never try to panic you out of taking security checks
  • Never automatically click on a link in an unexpected email or text
  • If you’re worried that you may be at risk, report it to your bank, the Police or Action Fraud straight away.

Also, always question who you’re talking to. And always call a bank back using trusted contact details (you can usually find these on your bank cards) to check everything is genuine. Better safe than sorry.

Push Payment Fraud?

This could have been an attempt at push payment fraud. This happens when cybercriminals trick people into transferring money to them. Because the individual thinks the cybercriminal is genuine, they authorise the handover of cash. The money is then swiftly moved to different accounts, often abroad, which makes getting it back almost impossible.

PIN Scam

Or, it could have been a PIN scam. In such cases, people often get calls from their “bank” claiming to have noticed suspicious transactions. They recommend cancelling the card, but require the customer to verify his or her PIN to do so. A genuine bank will never ask for a customer’s PIN.

Whatever the type of cybercrime, often these scams are highly targeted and come after a person’s data has already been exposed in a data breach. This data is then exploited to convince individuals that the fraudsters are genuine.

Get digitally aware and protect yourself from cybercrime

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of an online scam, contact us find out how we can help you to recover any losses.

faqs about hcs
, , ,

FAQs about HCS

Here at Hayes Connor Solicitors, our core aim is to help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences.

To give you an idea about how we do this, here are some of the most common questions we get asked about our firm and the work we do.

Cybercrime is quite new. How can Hayes Connor Solicitors be compensation experts?

Over the past year, our firm has established itself as the only niche provider of legal services in this area. A relatively new and evolving area of law, this is all we do, and we have become a true specialist in data breach law. As such, we lead our field when it comes to understanding the complexities involved.

But before that, we worked on different types of compensation claims. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you. Both in terms of damages achieved and service delivered.

What type of cybercrime and data breach cases do Hayes Connor Solicitors do?

At Hayes Connor, our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways. There are two main ways we get compensation for our clients:

Group actions

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. However, in many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

Find out more about our NO WIN, NO FEE group actions.

Individual cases

In most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be devastating.

Take a look at our case studies to see how we are helping people across the UK to win the compensation they deserve – often on a NO WIN, NO FEE basis.

Will Hayes Connor Solicitors keep my data safe?

Absolutely. We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you.

Once we have your details, we treat these with the utmost care, compassion, and privacy.  We never pass on these details to third parties for marketing purposes – or indeed for any other reason without express permission. This commitment to ensuring our customers’ peace of mind is absolute.

As well as making sure all personal details are protected/confidential, we also deal with all enquiries sensitively and professionally, and we never ask unnecessary or intrusive questions.

Is it difficult to make a data breach or cybercrime compensation claim?

At Hayes Connor Solicitors, we understand that making a compensation claim can be stressful. As such, we’ve created a handy step-by-step guide to help explain the process.

Read our step-by-step guide to making a data breach claim.

Also, we understand that you want a fast, efficient, no-nonsense service – and that’s precisely how we deliver legal services to our clients. As such, we use the latest technology and a highly-trained team to provide excellence of service.

How much do Hayes Connor Solicitors charge to make a data breach or cybercrime compensation claim?

Access to professional legal advice is a fundamental right. That’s why it’s important that everyone can afford to make a data breach or cybercrime compensation claim should they need to.

Removing the financial risk, at Hayes Connor Solicitors, we provide our services on a no-win, no-fee basis to help our clients get the compensation they deserve. But what does this actually mean and are there really no costs if you appoint us?

Read our ‘Explaining No Win, No Fee’ guide.

Can’t I just make a claim without a solicitor?

You can make a data breach or cybercrime claim on your own. What’s more, if you go ahead and no settlement is reached, you can even represent yourself in court. In fact, the number of people doing this in recent years has increased.

The legal term for representing yourself this way is called ‘litigating in person’ (LiP). However, while there has been a rise in the number of people doing this, this is often because they don’t think they have any choice due to a lack of alternative funding options.

At Hayes Connor, we believe that the best way to make organisations pay for their failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

Firstly we have the legal expertise needed to take on big players such as Ticketmaster, Dixons Carphone and Equifax. And, where enough people come forward, we might even launch a group action against a company.

We believe that a group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team will get the results you deserve.

On the other hand, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession, and this could ultimately see you lose out financially as a result.

Crucially, we deal with all breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

How much will Hayes Connor Solicitors charge me if I win?

To cover our costs, if we win your claim, we will charge a success fee. This is capped at 25% of any compensation you receive. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

In some larger group actions, we expect to be paid by the offending party and might even be able to work at no charge to you. This means, when you win, unlike with a claims management company, you could receive 100% of the compensation awarded to you.

Will you explain everything in plain English?

Absolutely, we are committed to keeping you informed, every step of the way. In fact, we have created loads of content to ensure you always know what’s happening.

We do this because we want our clients to have as much information as possible before making a claim so that they feel fully informed at all times. Through this approach, we ensure that the process of making a data breach claim is understood, straightforward and stress-free.

Read our latest News & Resources.

Will you pressure me into making a data breach or cybercrime compensation claim?

No way. We hate spam and pushy lawyers!

At Hayes Connor Solicitors, we only ever deal with organic enquiries. We never buy data, cold call, or send spam texts or emails. Even our PPC campaigns are monitored to reduce the spam effect, and we never pressure anyone into making a claim. We feel this is essential when it comes to protecting our clients, and upholding the standards of the legal profession.

Will you help me to recover from a data breach or cybercrime?

Yes of course. This is why we believe that it’s vital that people seek compensation to help them get their lives back on track as soon as possible. But we don’t believe that our obligation to our clients stops there. So, we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

We also work with Victim Support to help those affected by cybercrime and data breaches. The partnership sees us provide the charity with regular expertise and advice on its legal content.

Lancaster University data breach. What do we know?
, ,

Lancaster University data breach. What do we know?

Lancaster University has become the latest organisation to suffer at the hands of cybercriminals after a “sophisticated and malicious phishing attack”. The university, which offers a GCHQ-accredited degree in security, is now withdrawing non-business-critical access to a breached student database. However, questions must be asked over why this is only happening now – more than a week after the Lancaster University data hack took place.

What happened in the Lancaster University data breach?

The Lancaster University data breach has affected between 12,000 and 20,000 people. This includes undergraduate applicants for 2019 and 2010, as well as some current students. The personal information accessed includes names, addresses, phone numbers and email addresses. Worryingly, the university has also admitted that fraudulent invoices “had been sent to some undergraduate applicants”.

Find out more about phishing scams. And what you can do if you have received a fake invoice claiming to be from Lancaster University.

The student and applicant records database hit by the data breach (LUSI) was developed in-house. It has been operational for about five years.

A spokesperson for the university said: “In response to the recent cyber incident, we are taking steps to enhance the security of all University systems. We are therefore in the process of limiting users’ access to data and functionality in LUSI.”

Have you been affected by the Lancaster University data breach?

In a prepared statement, the university said:

“Lancaster University has been subject to a sophisticated and malicious cyber-attack which has resulted in breaches of student and applicant data. The matter has been reported to law enforcement agencies and we are now working closely with them.

We are aware of two breaches of data:

  1. Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as their name, address, telephone number, and email address. We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.
  2. A breach has also occurred of our student records system and at the present time we know of a very small number of students who have had their record and ID documents accessed. We are contacting those students to advise them what to do.

We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation. It was immediately reported to the Information Commissioner’s Office. Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.

We are advising applicants, students and staff to contact us if they receive any suspicious communications via email: admissions-advice@lancaster.ac.uk or phone: 01524 510044.

Because this is a live investigation we will not be making any further comment at this stage.”

Has Lancaster University made a bad situation worse?

A suspect has been arrested following the data hack. However, this does not justify the university not taking measures to revoke access to the compromised system before now.

Cybercrime attacks have become increasingly difficult to avoid. But, all too often, they are only successful because an organisation has not put the necessary prevention methods in place to keep data safe. To make matters worse, many are falling short of what we would expect when a failure in data privacy occurs.

At Hayes Connor Solicitors, our experience shows that the quicker such incidents are responded to and security tightened following a cyberattack, the better. Leaving compromised systems exposed is just asking for trouble. Faster incident response and breach handling must become a priority if organisations are serious about their data protection responsibilities.

How can Hayes Connor Solicitors help?

If you have been a victim of the Lancaster University data breach, we can help you to claim compensation for any financial losses or distress. Claiming compensation isn’t just in your best interests. The only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

Our professional, friendly team will be pleased to answer any questions you might have about claiming. We will also go through your options and let you know about our NO WIN, NO FEE agreements.

We understand that making a compensation claim can be stressful; especially where you have already been the victim of a crime. That’s why we make sure you always know what’s happening and remove the jargon from the process.

Our process is fully compliant with data protection requirements. And we never put your details at risk.

START YOUR CLAIM

 

 

 

,

Have you been affected by the GateHub cryptocurrency data breach?

Cryptocurrency wallet service GateHub has been involved in a huge data hack. In this case, it is reported that cybercriminals managed to steal 24 million XRP Tokens (commonly referred to as ‘Ripple’) from more than 200 individual GateHub user accounts. In total, the theft is thought to be valued at over $US 10 million.

Media reports suggest that there were between 80 and 90 victims, however, we suspect there could be many more – including UK residents. In some cases, the losses for a single victim run to six-figures.

What happened in the GateHub cryptocurrency data breach?

In June 2019, a statement published on the GateHub blog admitted that some customers had had their ledger wallets hacked and funds stolen. GateHub offers a digital wallet to store cryptocurrencies. It claims that its customers’ money is “always safe and 100% backed” and that, as a company, it is “deeply committed to protecting your personal data”.

The GateHub statement said:

Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.

Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.

We already sent out an email to all users that might be affected as a result of suspicious API calls with instructions on how to protect their funds.

If you have received an email from us, please read it carefully and act accordingly. IMMEDIATELY transfer all of your existing balance from XRP Ledger wallets to a hosted wallet. You can find instructions on how to do so here.

If you have not received an email from us, then we have no reason to believe your account was compromised.

While the investigation is still underway and we can not post any official conclusions just yet here are a couple of findings so far.

API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.

All access tokens were disabled on June 1st after which the suspicious API calls were stopped.

At the moment we estimate that approximately 100 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.

To conclude the investigation as soon as possible, we are working closely with a professional IT forensics team to determine whether our system was compromised or not.

Appropriate Law Enforcement Agencies were also notified about these thefts, and we will work diligently with them to help track the perpetrator who did this.

We will post an official statement after the internal investigation has been completed.

Last but not least, we would like to thank the community for offering continuous help.

Can you get your money back for the GateHub hack?

If it can be shown that inadequate security at GateHub made this hack possible, people affected by the cryptocurrency data breach may be able to claim compensation.

Despite common belief, cryptocurrency crimes do not represent an investigative dead-end. We work with leading technical specialists to investigate cryptocurrency cases and secure justice for victims. These specialists help us to:

  • Understand and evidence how such crimes occurred (including the extent to which any party was negligent)
  • Assess damages
  • Identify offenders
  • Recover assets.

GateHub has already sent out an email to all users that might be affected by the hack. If you are one of the victims, you can find out more about making a cryptocurrency compensation claim here.

Read our GateHub cryptocurrency wallet data breach FAQs to find out more. 

How to protect yourself from cryptocurrency fraud.

Anyone entering the cryptocurrency market must take steps to avoid becoming a victim of theft. This includes:

  • Keeping private keys safe and secret. Whoever knows your private key can access and spend/move your cryptocurrency
  • Keeping your wealth private. This will make you less likely to become the victim of a hack, extortion or ransom attack
  • Practising good online security practices (e.g. password management, protection from viruses and malware, not clicking on dodgy links, etc.)
  • Understanding that Exchanges are not secure and, as such, have become a particular target of crypto thieves
  • Not storing too much in desktop or mobile wallets as these are susceptible to hackers
  • Using a paper wallet (offline wallet). Because they are offline, they are less vulnerable to attacks. There are paper wallet generators to help you to do this
  • Using a hardware wallet. These are more secure than desktop or mobile wallets (hot wallets) and are only accessible with your private key
  • Splitting your wealth into different wallets to reduce the damage should your wallet become vulnerable
  • Being wary of any offers to buy your crypto assets at way over the market price. There are examples of such transactions taking place face-to-face with sellers being coerced into making the transfer without payment. If it sounds too good to be true, it probably is.

How can Hayes Connor Solicitors help?

If you have been a victim of the GateHub cryptocurrency data breach we are here to help – whether or not you are a UK resident.

Our professional, friendly team will be pleased to answer any questions you might have about making a claim against GateHub. We will also go through your options and let you know about our NO WIN, NO FEE agreements.

We understand that making a compensation claim can be stressful; especially where you have already been the victim of a crime. That’s why we make sure you always know what’s happening and remove the jargon from the process.

Our process is fully compliant with data protection requirements, and we never put your details at risk.

START YOUR CLAIM

 

 

 

staying safe online
,

An essential guide to staying safe online

Today, most of use the internet to help make our day-to-day lives better. But despite its benefits, the more information we put online, the more likely it is that something will go wrong. In response, TITAN, the North West Regional Organised Crime Unit has created a handy guide about staying safe online.

The guide has the support of www.getsafeonline.org, the UK’s leading source of unbiased, factual and easy-to-understand information on online safety. It contains lots of helpful guidance to protect you and your data from the threat of fraud, identity theft and abuse.

As well as encouraging you to share the booklet with your friends and family, TITAN also suggests that it can be used as a memory-jogger whenever you need a quick reminder.

What does the guide tell us about staying safe online?

Protecting your devices

To ensure you are safeguarded, the booklet suggests that you follow the following ‘golden rules’:

  • Choose, use and protect your passwords carefully
  • Use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Never share your passwords with anyone
  • Make sure your devices are protected by internet security software
  • Keep internet security software up-to-date
  • Never give away too much personal or financial information
  • Don’t click on any links or attachments unless you are 100% sure you can trust the source
  • Take your time and think twice to keep yourself safe.

Online shopping

Online shopping can be risky business if you are not sure what to look out for. Follow these handy tips to keep your financial information safe:

  • Look for third-party reviews or get recommendations from people you trust to make sure an online retailer is reputable
  • Check that the payment page is secure (is there a padlock in the browser frame and does the page address start with https://)
  • Never pay by bank transfer into a seller’s bank account unless you know and trust them
  • Don’t buy anything online via an unsecured Wi-Fi connection such as a hotspot in a café. Instead, make sure you are connected via your secure Wi-Fi or a 3G/4G connection
  • Know that if you pay by credit card you are afforded greater protection
  • Choose, use and protect your passwords carefully and use a different password for every online shop in case your details get hacked
  • Logout after you’ve finished your shopping session
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise.

Banking

Banking fraud is in the rise, so it’s vital that you know how to protect yourself online. For example:

  • Never share any sensitive information about yourself or your accounts, like your PIN or full banking password. Your bank would never ask for this information
  • Never be talked into withdrawing or transferring money for safekeeping
  • Don’t use online banking via an unsecured Wi-Fi connection such as a hotspot in a café. Instead, make sure you are connected via your secure Wi-Fi or a 3G/4G connection
  • Don’t click any links that claim to be from your bank. Always go to your bank’s website by entering its proper address
  • Don’t let friends, family or anyone else borrow your payment cards
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise.

Social media

When it comes to social media, too many of us are still willing to hand over our information without thinking about the consequences. To protect yourself online:

  • Don’t accept friend requests from people you don’t know
  • Don’t be talked into any activity that makes you uncomfortable (e.g. sending images or extremist behaviour)
  • Being careful about what private information you share online – either about yourself or your friends/family
  • Don’t post anything that might offend or embarrass you or someone else. What goes online stays online, and this could cause you problems now and in the future
  • Review your privacy settings regularly
  • Review your contact list regularly
  • Use a different email account to register with the different social media platforms
  • Never post abusive comments that might offend individuals or groups of society. In some cases trolling is a criminal offence
  • Being aware of common phishing techniques and keeping an eye out for fraudsters who attempt to gather additional personal information.

Keeping children safe online

Today’s children are digital natives – and they use technology from a very early age. But we still need to keep them same online. To help do this:

  • Work with children, educating them as they grow about the benefits and risks of the internet
  • Be on hand to answer any questions they might have
  • Put safeguards in place such as parental controls and filters
  • Be digitally aware and informed about the latest apps, platforms etc.
  • Speak to other parents to share information.

Running a business

When you’re running a business, the last thing you want to think about is the possibility of things going wrong. But the right preparation won’t just reduce the likelihood of data breaches occurring; it will also limit the fallout should the worst happen. To help keep your business safe online:

  • Run regular online safety and data protection training for all employees
  • Encourage staff to question anything they are unsure about or which seems irregular
  • Make sure physical access to devices and servers is strictly controlled
  • Introduce an Acceptable Use Policy for mobile devices
  • Carry out regular backups
  • Enforce strict access to company, employee and customer data
  • Have a software policy in place that covers usage, updates, licences, etc.
  • Make sure you safely dispose of hardware and data.

You can find more helpful information about staying safe online at www.getsafeonline.org.

Reporting cybercrime

Action Fraud is the UK’s national reporting centre for fraud and cybercrime.

Victims of online offences such as scams and financial/identity fraud should contact Action Fraud to report their loss. You can do this online or via telephone.

For any other form of cybercrime such as online stalking, harassment, or fears about sexual grooming, you should contact the police directly.

Not just hackers

While the threat of cybercrime is something that everyone needs to take seriously, human error remains the leading cause of breaches. And, these errors (which are just as likely to happen offline) must also be addressed.

At Hayes Connor, our expert solicitors deal with a significant number of data breach cases every day. During our work, we see many different types of claims and understand how data breaches can affect people in different ways.

TAKE A LOOK AT OUR CASE STUDIES TO FIND OUT MORE ABOUT THE TYPES OF DATA BREACHES THAT ARE OCCURRING ACROSS THE UK.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

cybersecurity
, ,

An update on Cybersecurity in the UK

The government has published the results of the Cyber Security Breaches Survey 2019. This looks at how UK organisations approach cybersecurity, and the impact of breaches.

Trends in cybersecurity in the UK in 2019

According to this report:

Cyber-attacks are a persistent threat to businesses and charities

Around a third of businesses and two in ten charities report having cybersecurity breaches or attacks in the last 12 months. Among those organisations facing breaches or attacks, the most common types are:

  • Phishing attacks
  • Others impersonating an organisation in emails or online
  • Viruses, spyware or malware, including ransomware attacks.

For businesses, the proportion identifying breaches or attacks is lower than in 2018. The survey is unclear why this has happened. It could be because companies are generally becoming more cyber secure. However, another possibility is that more attacks are being focused on a narrower (though still numerous) range of businesses. The survey also suggests that some companies may be less willing to admit to having cybersecurity breaches following GDPR.

Where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017

When looking at cybersecurity in the UK, the report states that among those businesses recording breaches or attacks, in 30% of cases this resulted in a negative outcome (e.g. a loss of data or assets). For charities, this happened 21% of the time.

The average cost to a business which lost money following a cyber-attack was £4,180. This is higher than in 2018 (£3,160) and 2017 (£2,450). However, for larger firms this jumped to £22,700 in 2019. For charities, the average cost was £9,470.

So, the costs of cybersecurity breaches can be substantial. But more than this, the survey also states that: “the indirect costs, long-term costs and intangible costs of breaches – things like lost productivity or reputational damage – tend to be overlooked. This means that, when organisations reflect on their approaches to cybersecurity, they may be undervaluing the true cost and impact of cyber security breaches”.

More businesses and charities than before have taken positive steps to improve their cybersecurity

This is in part linked to the introduction of GDPR. However, while this report found that security is increasingly a priority issue for organisations (78% of business and 75% of charities), it does not appear that actions are reflecting this shift.

In fact, only 30% of businesses and 37% charities have made improvements to their cybersecurity since GDPR.

Of those who have made improvements in a bid to stop cyber-attacks and data breaches:

  • 60% of business and charities have created new policies
  • 15% of businesses and 17% of charities have had extra staff training or communications
  • 6% of businesses and 10% of charities have improved their contingency plans.

However, in more positive news, there are year-on-year improvements in these areas.

There is still more that organisations can do to protect themselves from cyber risks

So, the increasing prioritisation of cybersecurity has not always been matched by increased engagement and action. In fact, according to the findings:

  • Just 35% of businesses and 30% of charities have a board member or trustee with specific responsibility for cyber security
  • Only around 18% of businesses and 14% of charities require their suppliers to adhere to any cyber security standards
  • Just 16% of businesses and 11% of charities have formal cyber security incident management processes in place.

Organisations are open to receiving guidance or checklists. However, they expect such guidance to be pushed out to them

 Today, UK organisations are open to improving their cybersecurity processes, but they still appear to be reluctant to take responsibility for doing this. Just 59% of businesses 47% of charities have sought external information or guidance on cybersecurity in the last 12 months.

You can read the report in full here.

Helping individuals and organisations to become more cyber aware and cyber safe

Hayes Connor Solicitors is a niche firm operating in the data breach sector. We help our clients to claim the compensation they deserve following data protection breaches and other cyber offences such as computer fraud, identity theft, defamation, hacking and phishing scams.

A relatively new and evolving area of law, our specialist solicitors lead our field when it comes to understanding the complexities involved.

We make sure our clients have as much information as possible before claiming so that they feel fully informed at all times. And we provide a wide range of information to help our clients protect themselves once a breach has occurred. We also raise awareness of the growing threat of cybercrime and data breaches, as the more people are aware of the risk, the better-protected everyone will be.

For advice on how to keep your data safe, follow us on Twitter and Facebook. Or, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.