,

The real-life impact of data breaches

When it comes to data breaches, we know that the impact can be serious and long-lasting. Because, every day, our solicitors help people with data breaches that have had a devastating effect on their lives.

The vast majority of these breaches are caused by small mistakes, such as a company sending an email to the wrong person. Sometimes they happen because staff wilfully break data protection rules and access information they have no right to view (e.g. to spy on a neighbour or ex-partner). In other cases, cybercriminals might have hacked a company’s systems and stolen data to exploit. But regardless of why a data breach happened, the impact can be overwhelming.

A data breach can cause serious distress

If a criminal came into your home and stole your private information, you would be distressed.

In fact:

  • It takes around 8 months for those who have been burgled to feel safe at home again[1]
  • 1 in 8 never recover emotionally[2]
  • 43% say they feel violated[3]
  • 44% are scared it may happen again[4]
  • A third of people suffer a huge knock to their confidence[5]

A personal data breach is a 21st-century version of being burgled. And many people feel just as upset at having their online data stolen or violated.

Let’s face it, the amount of information we share with organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So it’s no surprise that we are worried about what could happen if this gets into the wrong hands. Often, victims of data breaches go on to suffer from anxiety, and existing mental health conditions can be made worse.

People can suffer serious losses following a data breach

A data breach can result in financial theft. With your bank/credit card info, cybercriminals can steal directly from you. But, even without this they might be able to apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And getting your money back isn’t always easy.

People are often not taken seriously after a data breach

All too often, people who have had non-financial data stolen and make a data breach claim are accused of “trying to get something for nothing”. But non-financial data breach cases can have a huge impact. For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

We are on your side

The good news is that the law recognises the amount of damage that can be caused by having your information stolen. And, at Hayes Connor Solicitors, we help our clients to make compensation claims after their data privacy rights have been violated.

Something has to be done to make companies accountable for any harm done and make the necessary improvements. Especially as most data breaches happen because of a failure to implement reasonable and robust processes.

If you have been the victim of a data breach find out how we can help you to recover any losses or give us a call to discuss your case in more depth.


[1] Allianz Insurance

[2] MoneySuperMarket

[3] MoneySuperMarket

[4] MoneySuperMarket

[5] UIA Insurance

,

Does a drop in data breach reporting mean data privacy has improved?

In January last year, a report from the Information Commissioner’s Office (ICO), told us that the number of reported data protection breaches had almost doubled since the introduction of the General Data Protection Regulation (GDPR). Of course, GDPR made self-reporting of data breaches mandatory, so this increase was to be expected. However, according to the latest ICO report[1], there was a steady drop in data security incidents between January and March 2020. So, does this mean that data privacy is finally improving?

Not necessarily. Because, according to the ICO, “these figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents.” And, what is becoming more and more apparent is that many organisations do not know that a data breach has occurred until much later. In fact, according to one study[2], on average, companies take about 197 days to identify a data breach. In some cases, it can even take years.

Common causes of data privacy violations

The latest ICO report states that the volume of some cybersecurity incidents has increased considerably year-on-year. It lists the following common causes of data violations:

  • Phishing
  • Ransomware
  • Unauthorised access
  • Hardware/software misconfiguration.

However, just as with earlier reports, despite fears about cybercrime, it is human error that is still the leading cause of data breaches. And, the main culprits are:

  • Data being sent to the wrong recipient
  • Data posted/faxed to the wrong recipient
  • Failure to redact data
  • Failure to use bcc when sending an email
  • Loss of theft of paperwork
  • Unencrypted devices being lost or stolen.

These are the same data process failures that were occurring last year.

Which sectors report the most data protection breaches?

The sectors most affected by data protection breaches are:

  • Healthcare
  • Education & childcare
  • Finance insurance and credit
  • Legal
  • Local government
  • General business
  • Retail and manufacture

What can you do if you are the victim of a data protection breach?

The ICO can impose hefty fines on organisations that don’t meet their obligations under the Data Protection Act. However, the ICO does not award compensation to victims.

If you have suffered damage, distress or a loss of privacy caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And, at Hayes Connor Solicitors, we know what it takes to make a successful data breach compensation claim.

Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you.

We also understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. That’s why we remove the jargon from the process and make sure you always know what’s happening with your case. Of course, it goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.

START A DATA BREACH CLAIM


[1] https://ico.org.uk/action-weve-taken/data-security-incident-trends/

[2] IBM

, , ,

Hold EasyJet to account, even if you haven’t lost any money

At Hayes Connor Solicitors, we have received hundreds of enquiries from people who have had their right to data privacy destroyed in the EasyJet data breach. In some cases, victims of this breach believe that they are not entitled to compensation. Usually because they have read reports like this one in the media.

But, while this reporter states that: “Generally, victims of a cyber-attack are only entitled to be reimbursed for any financial losses they suffer as a result of their card being compromised”, this is not true.

The theft and/or use of your personal data without your consent can cause distress, embarrassment and violation.  And you have a legal right to hold the guilty party to account.

Here’s what you need to know about claiming for emotional distress and breach of privacy caused by the EasyJet data hack.

Claiming for emotional distress following the EasyJet data breach

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So it’s understandable that people feel upset at having their personal online data taken. Especially if EasyJet effectively gave the thief the keys.

And the effects can be very real. For some people, a data breach can cause a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move to a new house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

What’s more, living with the threat of “what if” after a data breach can develop/ exacerbate mental health conditions. Victims of the EasyJet all now face living with heightened concern about their personal data being used for online scams, fraud and phishing attempts. And, at a time when the coronavirus pandemic is already having an impact on mental health, this additional worry is proving devastating for some.

So, while some people might believe that claiming for emotional distress is an over-reaction, this is not true. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish.

Claiming for breach of privacy following the EasyJet data breach

As data breaches continue to rise, we must hold organisations to account for their violations of trust when it comes to your valuable information. Indeed, while cybercriminals often target organisations to steal their data, in most cases the hackers are only successful because nobody put a “lock on the door”.

But just because EasyJet didn’t prioritise data security doesn’t mean you shouldn’t.

Data breach and cybercrime claims are not frivolous. As we have discussed, the emotional impact can be devastating, even without losing any money. But even if a privacy violation doesn’t cause you damage or distress, that doesn’t mean you shouldn’t do anything about it. Your data has value and organisations are legally obliged to look after it.

Something has to be done to make companies accountable for their data protection failures. And, in many cases, taking action against these organisations is the only way to make them improve their security processes.

As such, if EasyJet failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

Has EasyJet failed to look after your data?

At Hayes Connor, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

EasyJet data breach victims reporting financial losses

According to Action Fraud – the UK’s national reporting centre for fraud and cybercrime  as of last month there were 51 reports in relation to the EasyJet data breach, with a total of  £11,752.81 in stated lossesOne customer lost £2,750 following the cyberattack.  

That’s despite the airline claiming that there was no evidence of any financial damage caused by the incident. The Action Fraud stats were shared recently.   

Action Fraud has warned those involved in the EasyJet data breach to be vigilant 

Action Fraud has provided advice and guidance if you think you have been affected. A statement on its website says:  

Action Fraud has been made aware by the National Cyber Security Centre of the cyber breach affecting EasyJet customers. We’re currently monitoring our system for EasyJet related reports to see if there has been a significant increase.

At this time we’re advising the public that if they think they’ve been a victim of fraud as a result of a data breach, to report it Action Fraud via the online reporting tool or by calling 0300 123 2040.

Here is what to do if you think you have been affected:

    • Phishing – Criminals may use your personal details to target you with convincing emails, texts and calls. Be suspicious of unsolicited requests for your personal or financial details. If you receive an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk.
    • Financial details – If your financial data was compromised, be vigilant against any unusual activity in your bank accounts or suspicious phone calls and emails asking for further information. If you notice any unauthorised transactions, notify your bank or card company.  
    • Passwords –Customers should ensure their passwords are secure. If you have been affected, you may want to consider changing passwords for key accounts such as banking. See Cyber Aware’s advice on creating a good password that you can remember, or read the NCSC’s blog post for help on using a password manager.
    • Report - If you think you have been a victim of fraud or cybercrime, report it to us. 

Our data protection solicitors are also warning people about the risks, with advice on what to do to protect yourself. You can read our guidance here 

Crucially, the effects of a data hack might not be immediately apparent, as stolen data is often used in batches over time. So, even if you have not yet suffered a loss, this doesn’t mean you are safe. You must take steps to protect yourself if you were involved in the EasyJet data breach.  

Make an EasyJet compensation claim

In addition to implementing the suggested security steps, if EasyJet has failed to uphold your data security rights, you should also consider making a compensation claim. 

At Hayes Connor Solicitors, we are watching this case with interest, and, if it transpires that EasyJet has failed to protect its customers, we will launch a no-win, no-fee group litigation action. Group actions can be a powerful tool and can have a bigger impact than a single claim.

We have already been contacted by people concerned that their data has been breached by EasyJetmanywho are understandably upset and anxious about the breach.

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen. 

If you were a part of this breach you should have been contacted by EasyJet by 26th May 2020.Everyone who received this confirmation can make a data breach claim with Hayes Connor Solicitors.

There are no costs to register and no obligation to proceed. 

REGISTER NOW

, , ,

What evidence do you need to join our EasyJet breach group action?

By now, EasyJet should have contacted everyone involved in its data breach to let them know. Certainly, at Hayes Connor, we have been inundated with queries from victims of the EasyJet breach, many of whom are understandably upset and anxious. On another page, we have attempted to answer some of the most frequently asked questions we have received so far. Here, we provide more guidance on the evidence we’ll ask you to provide if you join our claim.

1. Confirmation that you were involved in the EasyJet data breach

When you register to join our group action, one of the first things we’ll ask, is whether you have received notification from EasyJet that your details have been breached. Everyone who had their financial information hacked was informed in early April. And, by now, the nine million people who had their travel data compromised (this includes your name, email address, origin airport, destination, and departure date), should also have been informed.

If EasyJet hasn’t been in touch, it is unlikely that you were involved in this breach. However, if you booked a flight with EasyJet from 17 October 2019 to 4 March 2020, you should check your spam folder just in case.

We will require this confirmation to add you to our data breach group action.

2. Details of any phishing attacks or scams you might have experienced that you believe are linked to the data breach

Phishing criminals and other scammers could target victims of the EasyJet breach. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

Because of COVID-19, there is heightened concern about the personal data in this hack being used for online scams. And cybercriminals will likely try to take advantage of people who are cancelling flights because of the pandemic.

If you experience any phishing or other scam attempts that you believe are linked to this data breach, please make a note of these and keep any evidence. If you decide to make a data breach claim, we can use this to support your case. In particular, let us know of any fraudulent communications purporting to come from easyJet or easyJet Holidays.

However, you do not need this to join our EasyJet data breach group action.

3. Details of any money lost because of the EasyJet breach

Over 2,200 customers had their credit card details stolen in the EasyJet data hack. Some of these people may have had their card information used fraudulently. Even if your financial data wasn’t included in the breach, you could still have suffered a loss if a phishing scammer was able to use your personal data against you.

If you experience any financial loss because of this data breach, please make a note of this and keep any evidence (e.g. bank statements, correspondence, etc.). However, contrary to what we have seen reported in the media, you do not need to have lost money to make a data breach claim.

4. Details of any mental health conditions caused or made worse because of the EasyJet data breach

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic. A personal data breach is a 21st-century version of being burgled.

If you experience emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach).

5. Details of any expenses or inconvenience incurred

Following a data breach, people often have to spend a significant amount of time on the phone to their bank. Or to the credit reference agencies to rectify any dips. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim.

It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, please keep a hold of anything that might be useful just in case.


Join our EasyJet breach group action

We are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

EasyJet took four months to warn customers that hackers had their personal information. So, you might have already experienced phishing attempts and financial losses because of the breach. Even if you didn’t know that was the reason before now. If this has happened to you, we encourage you to let us know. However, the full impact of a data breach is often not felt until months after the initial violation, so once you join our group action, we will give you plenty of opportunities to update us should your situation worsen.

To become part of our EasyJet breach action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Where to get help following the EasyJet data hack

Following a data breach at budget airline EasyJet, the personal details of nine million people have been accessed and 2,208 individuals have also had their credit card details stolen. Since the EasyJet data hack, Hayes Connor has been contacted by many customers, many of whom are upset and anxious about the breach.

The emotional impact of a data breach can be significant

The impact of data breaches goes much further than financial losses. Many victims experience stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic, and a personal data breach is a 21st-century version of being burgled.

Furthermore, the psychological effects of a data hack might not be immediately apparent. Knowing that your information has been “burgled”, living with the increased risk and the extra vigilance needed can all cause distress to victims over time.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. However, following the EasyJet data breach, victims must keep an eye on their emotional wellbeing to ensure that their mental health doesn’t suffer.

To help, our data protection solicitors have listed some helpful links to ensure victims of the EasyJet data breach know where they can turn.

Help & support for people following the EasyJet data breach


Information Commissioner’s Office

The Information Commissioner’s Office (ICO) protects the data privacy rights of individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties. You have the right to ask the ICO to assess if an organisation breached the Data Protection Act. At Hayes Connor Solicitors we often work with the ICO to gather as much evidence as possible to help our clients succeed. The ICO has also provided advice on its website on how victims of the EasyJet breach can spot phishing scams.

www.ico.org.uk


Victim Support

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims across the UK.

www.victimsupport.org.uk


Samaritans

The Samaritans are a group of passionate volunteers working together to make sure fewer people die by suicide. If you are struggling emotionally after a data breach, they can help. You can call them free from any phone.

https://www.samaritans.org/


Mind

The Mind Community Support Service provides advice, information, onward referral and holistic support to people who are experiencing mental ill-health and drug/alcohol difficulties (which could be exacerbated following the EasyJet hack). The service can also provide support to people who have been a victim of crime.

https://www.mind.org.uk/


Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety. It contains lots of helpful guidance to protect you and your data from the threat of fraud, identity theft and abuse.

www.getsafeonline.org


Take Five to Stop Fraud

Take Five offers straight-forward and impartial advice to help everyone in the UK protect themselves against financial fraud. Following the EasyJet data breach, cybercriminals might use contact information to try and extract financial data from victims.

www.takefive-stopfraud.org.uk


Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime. Victims of online offences such as scams and financial/identity fraud following the EasyJet data hack should contact Action Fraud to report their loss. You can do this online or via telephone. Victims of data breaches do sometimes become the targets of criminals, so it’s important that anyone affected by the EasyJet data breach is vigilant.

www.actionfraud.police.uk


How can Hayes Connor help you after the EasyJet data hack?

At Hayes Connor, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


,

Babylon app has breached patient confidentiality

A GP video appointment app has given some users access to videos of other patient consultations. The app, which is provided by Babylon Health has more than 2.3 million registered users in the UK. Babylon Health has admitted that the app has suffered a data breach and has apologised for the privacy violation. But, with many patients sharing confidential medical information via the app, users are understandably very distressed. What do we know about the Babylon app data breach so far?

What happened in the Babylon app data breach?

The Babylon app provides access to doctors, therapists and other health specialists via video calls and texts. It is available via the NHS and as part of private health insurance packages.

The app has become especially popular during the COVID-19 pandemic, as it provides an alternative to visiting the doctor in person.

Babylon Health became aware of the problem after a user of the service discovered he could view about 50 videos of other peoples’ appointments. Speaking to the BBC, he said:

“You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”

He flagged the issue and the firm investigated the incident and discovered that some people could see consultations that they should not have had access to.  A spokesperson for Babylon Health said:

“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording.”

“Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.

“This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.

“Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required.”

It is believed that the issue happened by error when a new feature was introduced.

What happens now?

Babylon Health has notified the ICO, and there is likely to be an enquiry into why the violation was able to happen.

But users of the app are now very concerned. Certainly, the man who discovered the breach said that he would not use the service again.

Have you been affected by the Babylon GP app data breach?

Babylon says that it has already been in touch with everyone involved. So, if you haven’t heard from the firm, it is unlikely that your data was compromised.

However, if your information was exposed in this breach, you have a right to be concerned.

Commenting on the breach, specialist data protection solicitor Kingsley Hayes said:

“Healthcare is rapidly going digital. But, amidst this online information revolution, there must be robust protections in place. This is essential to secure confidential and sensitive medical data. Especially because, should such information become public, this could cause considerable distress and embarrassment to those involved. And, it might even be exploited by criminals.

 “By allowing GP sessions to become public, Babylon has breached the data protection act, and doctor-patient confidentiality. The healthcare sector handles some of our most sensitive personal data. And, as patients, we have the right to expect this will be taken care of. Babylon failed to do this, so saying sorry isn’t really enough.”

 Claim compensation for the Babylon app data breach

In most cases – as with the Babylon app – medical data breaches happen because of human error and a failure to implement reasonable and robust processes. As such, if Babylon failed to protect your data, you can make a data breach compensation claim.

Claiming compensation isn’t just in your best interests. It is the only way medical organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Our professional, friendly team will advise you on whether you have a valid claim against Babylon. Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

CONTACT US

, , ,

Why you shouldn’t accept EasyJet data breach compensation

EasyJet has admitted that the personal details of nine million customers and the financial data of 2,208 passengers have been accessed in a sophisticated cyber-attack. Those involved booked flights from 17th October 2019 to 4th March 2020. And, while the airline doesn’t appear to want to offer EasyJet data breach compensation to the vast majority of victims (and we’ll get to that…), it might have offered a settlement to those at significant financial risk. Especially as, according to the BBC, the “stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”. So, the results could be disastrous for these cardholders.

But, even if EasyJet does offer you compensation, you might not want to accept it. Here’s why…

Are you being fobbed off by EasyJet?

All too often, organisations that have suffered a data breach are more concerned about limiting their exposure to liability than helping victims. So, while they might give you some money after a data breach, they are less concerned about ensuring you are fully reimbursed for the long-term and often psychological effects.

Indeed, in our experience, we often see companies make low offers of compensation in an attempt to get people to accept a small sum and prevent group litigation.

But, in 2020, we would expect any large business to have insurance in place to protect itself against cyberattacks and data breaches. Let’s face it, there are very few companies that don’t face cyber risk in this day and age. So EasyJet should be able to compensate victims properly.

Cybercriminals can do serious damage with your financial data

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments using your data, and even apply for credit/loans.

Some financial information can also be used in targeted scams in an attempt to extract additional information from victims (phishing). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety and distress due to living with the added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

At Hayes Connor, we understand that the full impact of a data breach is often not felt until months after the initial violation, so, we refuse to let people be fobbed off in such a way. We believe that your suffering should be taken seriously.

The amount of compensation you get should reflect the losses you have suffered

We take a long-term view when it comes to claiming compensation on your behalf. This means we look at a whole range of factors so you don’t lose out financially. This includes:

  • The privacy violation itself
  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

What’s more, when we review a client’s experience following a data breach, we often uncover information that allows us to increase the value of their claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law. That’s why it’s vital that you don’t simply accept a low offer that could be designed to make you go away.

Why hasn’t everyone been offered compensation?

On its website, EasyJet says that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proves that EasyJet is not taking responsibility for failing to protect its customers. The airline might think that there is “no evidence that any personal information of any nature has been misused” but, as we have already established, the impact of data breaches goes much further than financial losses. And, it does these nine million customers a disservice to assume otherwise.

Following a robbery, people often feel shock, anger, fear, helplessness and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated. And a personal data breach is a 21st-century version of being burgled. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What’s more, the law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

What’s more, even if your financial data hasn’t been stolen, your personal information could still be used for nefarious purposes. According to a report in the Independent:

“Experts suggest that personal information “drives a higher price on the dark web” – the area of the internet inaccessible by mainstream search engines – and could be used for organised crime or ransomed.”

So, the risk to everyone involved – regardless of whether they have had their financial or personal data accessed – is very real.


Has EasyJet put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their financial or personal data; many of whom are understandably upset and anxious about the breach. We believe that EasyJet may have failed to uphold your data security rights and we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Is EasyJet deliberately downplaying the impact of its data breach?

EasyJet hit the headlines when it was revealed that the email addresses and travel details of nine million people and the financial details of 2,208 customers had been breached. But at Hayes Connor, we’re not convinced that the budget airline comprehends how significant this breach is. Or, if it does, it certainly isn’t owning up to it.

EasyJet claims there is no evidence that any personal information has been misused

In a statement admitting to the EasyJet data breach, the company said that “there is no evidence that any personal information of any nature has been misused”. But it can’t possibly know what the impact of this hack will be. Just because it doesn’t look like the data has been misused yet, doesn’t mean that it won’t be.

According to an article in The Independent, personal information “drives a higher price on the dark web” and “could be used for organised crime or ransomed”. Another article claims that “Airlines hold valuable personal information [that] could all be used by criminal organisations to commit identity fraud or further phishing campaigns as part of a larger operation”. Furthermore, most cybersecurity experts agree that it is too soon to say what has and will happen with EasyJet’s hacked customer data.

Certainly, we would advise anyone involved to beware of the following risks:

  • The risk of phishing. Victims of the EasyJet data hack could be targeted by phishing scammers. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information. In particular, EasyJet is advising customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays
  • The risk of financial fraud/theft. Over 2,200 customers had their credit card details accessed in the EasyJet data hack. With enough financial information, cybercriminals can set up fraudulent bank accounts and access your existing accounts. They can also make payments using your data, and even apply for credit/loans
  • The risk of COVID-19 scams. Hackers will likely try to take advantage of people who are cancelling flights because of the pandemic. What’s more, people are more susceptible to scans when they are already anxious, and the combination of being hacked and coping with the pandemic is likely to cause additional stress. So you must be on your guard.

EasyJet isn’t acknowledging the potential emotional impact of the data breach

On its website, EasyJet says that it won’t be paying compensation to most customers. It states that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proves that EasyJet is not taking responsibility for its failure to protect personal customer information.

The impact of the EasyJet data breach is likely to go much further than financial losses. And, EasyJet does the nine million customers who haven’t had their financial data stolen a disservice to assume otherwise.

A personal data breach is a 21st-century version of being burgled. And, following a robbery, people often feel shock, anger, fear, helplessness and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated.

Renowned clinical psychologist Professor Hugh C. H. Koch is an expert on the typical psychological effects experienced by victims of data breaches. He told us:

“Data breach victims typically experience high levels of anxiety, specific to the data breach but also generalised to other aspects of dealing with correspondence, telephone and digital communication and payment for services. Victims experience social anxiety, with difficulties dealing with friends and neighbours, tradesmen, shopping transactions and can develop oversensitivity or paranoia in their communications with others. They can also develop varying aspects of mood disturbances or depression especially including poor sleep and tearfulness.”

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What’s more, the law recognises the emotional damage that can be caused by a data protection failure, so EasyJet shouldn’t be allowed to get away with it.

EasyJet took months to let customers know they were at risk

EasyJet knew about the hack as far back as January. So why did the airline take four months to warn customers that hackers had their personal information? Especially as, under the General Data Protection Regulation (GDPR), if a breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms”, organisations inform those individuals without undue delay.  Even customers who had their credit card details stolen in this hack were not told until early April.

 


Do you want to hold EasyJet to account?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their data; many of whom are understandably upset and anxious about the breach.  In response, we are now registering victims of this breach to a no-win, no-fee group action.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Know the risks & stay safe following the EasyJet data hack

Highly sophisticated hackers have successfully carried out a cyber-attack on the discount airline. The breached information includes the email addresses and travel details of nine million people and the financial details of 2,208 customers. All passengers involved in the EasyJet data hack will be contacted by 26th May at the latest (anyone who has had their financial data compromised has already been told).

If you are informed that your information has been breached, it’s essential that you understand the risks, and what to do to protect yourself.

The risk of phishing

Victims of the EasyJet data hack could be targeted by phishing scammers. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

In particular, EasyJet is advising customers to be cautious of any communications purporting to come from easyJet or easyJet Holidays.

You should also follow these tips to protect yourself from phishing scams:

  • Always question uninvited approaches in case it’s a scam and don’t assume an email or phone call is authentic
  • Know that, just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Never disclose security details, such as your PIN or full banking password
  • Don’t click any suspicious links that claim to be from your bank (or anyone else). Always go to the organisation’s website by entering its proper address (or searching for it in Google)
  • Make sure your devices are protected by internet security software and keep this up to date
  • Be aware of common phishing techniques and keep an eye out for fraudsters who attempt to gather additional personal information
  • Listen to your instincts and stop conversations immediately if you are at all worried. A reputable organisation will never stop you from carrying out security checks.

The risk of financial fraud/theft

Over 2,200 customers had their credit card details accessed in the EasyJet data hack. With enough financial information, cybercriminals can set up fraudulent bank accounts and access your existing accounts. They can also make payments using your data, and even apply for credit/loans.

According to the BBC: the “stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”. This is especially worrying as it makes it much easier for cybercriminals to misuse card information.

EasyJet warned customers whose credit card details were stolen in early April. If you were told your data was included in this breach and you haven’t already put steps in place to protect your finances, you must do so immediately. This includes:

  • Contacting your bank or credit card provider to let them know your data was violated (you should be issued with a new card and the bank might put additional security steps in place)
  • Keeping an eye on your transactions and contacting your bank or credit card provider immediately if you spot any unfamiliar or suspicious activity
  • Keeping an eye on your credit score for any unexpected dips
  • Contacting all the major credit reference agencies to ensure credit isn’t taken out in your name
  • Understanding that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password, or ask you to move money to another account for fraud reasons
  • Registering with the Cifas protective registration service if you want to put an additional layer of security in place. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

In addition, you should look out for phishing scams that attempt to use your financial data against you.

If you experience any financial loss or fraud attempts that you believe are linked to this data breach, please make a note of these and keep any evidence. If you decide to make a data breach claim, we can use this to support your case.


The risk of COVID-19 scams

Because of COVID-19, there is heightened concern about personal data being used for online scams. And hackers will likely try to take advantage of people who are cancelling flights because of the pandemic.

What’s more, people are more susceptible to scams when they are already anxious, and the combination of being hacked and coping with the pandemic is likely to cause additional stress. Hackers may try to take advantage of this, so you must be on your guard.

As well as being careful of any communications that claim to come from easyJet or easyJet Holidays, people should beware in case the data accessed in this hack is used in additional COVID-19 scams. Here are just some of the coronavirus scams you should look out for.

If you are targeted by scams and believe these are linked to this data breach, please note what has happened and keep any evidence. If you decide to make a data breach claim, we can use this to support your case.


The risk of developing/ exacerbating mental health conditions

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic. A personal data breach is a 21st-century version of being burgled.

Furthermore, the psychological effects of a data hack might not be immediately apparent. Knowing that your information has been “burgled”, living with the increased risk, and the extra vigilance needed can all cause distress to victims over time.

Renowned clinical psychologist Professor Hugh C. H. Koch is an expert on the typical psychological effects experienced by victims of data breaches. He told us:

“Data breach victims typically experience high levels of anxiety, specific to the data breach but also generalised to other aspects of dealing with correspondence, telephone and digital communication and payment for services. Victims experience social anxiety, with difficulties dealing with friends and neighbours, tradesmen, shopping transactions and can develop oversensitivity or paranoia in their communications with others. They can also develop varying aspects of mood disturbances or depression especially including poor sleep and tearfulness.”

So, following the EasyJet data breach, victims must keep an eye on their emotional wellbeing to ensure that their mental health doesn’t suffer.


Has the EasyJet data hack put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their data; many of whom are understandably upset and anxious about the breach.

Making things worse, EasyJet took four months to warn customers that hackers had their personal information. So, it is possible that you might have already experienced phishing attempts and financial losses because of the breach. If this has happened to you, we encourage you to let us know.

We are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW