data breach appeal
, ,

Morrisons loses data breach appeal

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

The Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

 

Where Next

Over the last 18 months, we have seen numerous examples of significant personal data loss. Many of these violations have been able to occur due to weaknesses contained in companies’ IT software.

As the trend towards a cashless society accelerates, this will only continue as retailers and other businesses seek quicker and slicker interfaces with their consumers. Both at the point of sale and throughout their customer journey.

In the case of Morrisons, significant steps were taken to protect data, but those steps failed. In this instance, the data was lost at the hands of an employee turned hacker. However, data is also at threat simply due to careless employees going about their day-to-day business.

The latest ruling is the tip of a very large iceberg. Mass data breach actions are also being made against Ticketmaster and British Airways among others. Such actions, when properly prepared and investigated, will have significant financial consequences in terms of damages and costs.

Data breaches on a large scale are a real and pressing threat. In response, the clear and overwhelming view of the Court of Appeal is that such events must be foreseen by companies, and insured against.

The reaction of the insurers to such events, their provision of cyber cover and premium costs is now under the spotlight. Indeed, we predict a situation where the volume of exclusions to policies will increase.

Companies must now protect themselves better from data loss. But they also need to be extremely vigilant as to the activities and errors of their employees to be afforded the cover they pay for, or think they pay for.

 

If you have been affected by this or any other data breach then you can get in touch with our experts today

data breach solicitors
,

Morrisons loses data breach challenge

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

 

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

Today, the Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

Why is this case so important?

In 2015 – in the first group litigation of its kind in the UK – over 5,000 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

In December 2017, despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was liable for its omissions such as not ensuring the proper security measures to protect the data.

The judge in the original case also ruled that Morrisons was “vicariously liable” for the employee’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

The decision to hold Morrisons vicariously liable is important, as it gives victims more opportunities to seek compensation (companies are more likely to be insured against such liability than employees).

The case also paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

 

Morrisons has now said that it will now appeal to the Supreme Court. If that appeal fails, those affected will be able to claim compensation for “upset and distress”.

The latest decision is good news for people who want to hold businesses to account for a failure to protect personal and sensitive data.

The judgement has been referred to as a “wake-up call for businesses” and Morrisons could now face a hefty compensation bill.

 

uk breach
, ,

Why join our Equifax UK breach group action claim?

Hayes Connor Solicitors has launched an Equifax UK breach group action claim as millions of people seek to hold the business to account.

What happened in this case?

In 2017, a cybersecurity incident at Equifax resulted in hackers potentially stealing 143 million US citizens’ data and the personal details of up to 15 million Brits.

This sensitive information included email addresses, passwords, driving license numbers and phone numbers. Equifax has also admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

What did the Equifax UK breach investigation find?

The Information Commissioner’s Office (ICO) investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

The Information Commissioner, Elizabeth Denham said Equifax showed a “series disregard” for its customers and their personal information. In response, Equifax was fined £500,000 by the ICO.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

What’s next?

At Hayes Connor Solicitors, we have launched an Equifax UK breach group action claim. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Crucially, as we are experts in data breach cases, once you have registered with us, we might uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Why have we launched a group action following the Equifax UK breach?

A group action is the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis. This helps to strengthen their overall position and increases their chances of success.

Even better, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

Find out more about group actions.

What should you do now?

For anyone worried that Equifax has exposed their data, you should contact Hayes Connor Solicitors ASAP.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Find out more about no-win, no-fee.

To join our Equifax UK breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and how much compensation you can claim.

 REGISTER NOW

 

data breach solicitors
, ,

Equifax UK data breach: what did the investigators find?

In 2017, a cybersecurity incident at Equifax resulted in hackers stealing the personal data of up to 143 million US citizens’ and 15 million Brits. Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) has now fined Equifax £500,000.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

But what failures were uncovered during the investigation, and what can you do if your details were put at risk by Equifax?

What did the Equifax UK data breach investigation find?

The ICO investigation, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency. For example,

  • Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data
  • Measures which should have been in place to manage the personal data were found to be inadequate and ineffective
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched.

The Information Commissioner, Elizabeth Denham, said Equifax showed a “series disregard” for its customers and their personal information. She also said that: “The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce.

“This is compounded when the company is a global firm whose business relies on personal data.

“We are determined to look after UK citizens’ information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”

What can you do following the Equifax UK data breach?

Hayes Connor Solicitors has launched an Equifax UK data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Find out more about group actions.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

REGISTER NOW

Hayes Connor Solicitors
,

What’s happened in the latest Facebook data breach?

Just when the Facebook/Cambridge Analytica scandal had stopped making the headlines, the social media giant has been struck by another data breach disaster.

It has been revealed that 50 million people’s accounts have been exposed due to an error in Facebook’s code. This vulnerability meant that hackers could take over people’s accounts and see their most private information.

Facebook found the flaw on Tuesday last week but admitted that it could not say how the bug was used or by who. The vulnerability allowed hackers to access the ‘View As’ privacy tool that allows users to see how their profile looks to other people.

According to a Facebook spokesperson: “Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.”

The company has said that it is sorry, and informed the relevant authorities. But this is unlikely to help the millions of people now worried about cybercriminals having access to their most personal information.

Have you been affected by the latest Facebook data breach?

According to Facebook, the bug has now been fixed, and anyone who broke into an account has now been kicked out.

If your information has been compromised, Facebook will have logged you out. Facebook has also said that it will notify affected users in a message on top of their News Feed about what happened. The social network has also logged out everyone who used the ‘View As’ feature since the exposure was introduced as a “precautionary measure”.

However, it has been suggested that even more than 50 million people could potentially be affected. So it’s better to remain vigilant.

A Facebook spokesperson said: “people’s privacy and security is incredibly important, and we’re sorry this happened”. However, following the Cambridge Analytica data breach – which enabled the harvesting of information on around two billion users – sorry is unlikely to be good enough for many users.

What can you do to protect your Facebook account?

It has yet to be determined whether any accounts were misused or any information accessed. But, in the meantime, it’s a good idea to change your password. Although that may not undo the impact of this attack. If you haven’t already, you should also enable two-factor authentication

If you’ve used Facebook to login to other accounts or apps, you should also disable these. You can do this by going to ‘settings’ and selecting ‘apps and websites’. All the apps you use Facebook to log in with will be listed. If you have been affected, you should also change the passwords for those accounts.

Facebook compensation claim

Facebook could now face compensation claims from millions of users. In fact, some experts are predicting that this breach could be a lot larger than the Cambridge Analytica scandal.

What’s more, people can make a compensation claim if they have struggled emotionally following a data breach, even if they have not experienced any financial loss.

Here in the UK, the latest data breach will be dealt with under the most recent EU data protection laws. The GDPR deals only with specific information, but as it looks like names etc. were accessed, Facebook could face a substantial fine.

At Hayes Connor Solicitors, we are carefully watching this case and may put together a group action to seek compensation. If you are a Facebook user and are concerned that your data has been accessed, get in touch. We’ll let you know if and when you can claim.

REGISTER NOW

data breach experts
,

Has the Bupa data breach put your privacy at risk?

Last month, Bupa was fined £175,000 by the Information Commissioner’s Office (ICO). The latest data breach fine handed out by the regulator came after a rogue Bupa employee inappropriately copied and removed customer information to sell on the dark web.

A subsequent investigation by the ICO found that the health insurance provider failed to have adequate security measures in place to protect its customers’ personal information.

547,000 Bupa Global customers were affected, and 43,000 of those customers had a correspondence address in the UK.

If you are a Bupa customer whose data was put at risk, you should now consider a data breach compensation claim.

What happened in the Bupa data breach case?

Between 6 January and 11 March 2017, a Bupa employee stole the personal information of 547,000 Bupa customers and offered it for sale on the dark web. The member of staff extracted information from Bupa’s customer relationship management system and sent to this to his personal email account.

The compromised information included names, dates of birth, email addresses and nationality.

Bupa was alerted to the breach by an external partner who spotted customer data for sale. The advertisement on the dark web said:

 “DB [database] full of 500k+ Medically insured persons info from a well-known international blue chip Medical Insurance Company. Data lists 122 countries with info per person consisting of Full name, Gender, DOB, Email Address plus Membership Details excluding CC Details”

Bupa informed the ICO that its data had been compromised and an investigation was launched. The employee was dismissed, and the police told about the crime.

What was the result of the Bupa data breach investigation?

Commenting on the Bupa data breach, ICO Director of Investigations, Steve Eckersley, said:

“Bupa failed to recognise that people’s personal data was at risk and failed to take reasonable steps to secure it.

“Our investigation found material inadequacies in the way Bupa safeguarded personal data. The inadequacies were systemic and appear to have gone unchecked for a long time. On top of that, the ICO’s investigation found no satisfactory explanation for them.”

The investigation also uncovered that Bupa’s systems put 1.5 million records at risk.

Bupa has been fined £175,000 for the data breach. But, due to the timings of the offence, the case was not dealt with under the new GDPR. The current data protection laws allow the ICO to hand out much more substantial fines so it could be argued that Bupa got away lightly.

What should you do now?

Bupa has said that it has contacted all affected customers. And, if you have suffered damage or distress caused by Bupa’s breach of the Data Protection Act, you have a right to claim compensation.

You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So you should seek compensation for a failure to look after your information correctly.

How much compensation could you get for the Bupa data breach?

At Hayes Connor Solicitors we have already been contacted by Bupa customers distressed that their personal information was not looked after as carefully as it should be.

And, because we’ve been helping people to get the compensation they deserve for over 50 years, we know what it takes to make a successful data breach claim.

Data breaches often have severe consequences for those affected, and in this case, you could be entitled to around £1,500 (or more depending on your circumstances). And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

REGISTER NOW TO FIND OUT HOW WE CAN HELP YOU.

nhs digital data breach
,

Can you make a NHS data breach claim?

Last month it was revealed that 150,000 patients had their confidential data used without their consent. This NHS data breach was the result of GP practices using software that failed to prevent information being used for research purposes despite patients objecting.

This shocking error is a breach of the Data Protection Act and those affected are within their rights to start a claim for compensation. Any patients affected will have received a letter from NHS Digital.

However, this isn’t the only time our health service has failed to protect the people it is supposed to. In fact, earlier this year we reported on another NHS data breach, after it was revealed that the Bayswater Medical Centre left sensitive patient records, registration forms and repeat prescription information in an empty and unsecured building for over a year.

In this case, the Information Commissioner’s Office (ICO) fined the healthcare provider £35,000 for its negligence. And, with medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre should also be looking to claim compensation.

NHS data breaches are on the rise

Across the UK, our healthcare is rapidly going online. And, this is a good thing when it comes to providing services that are fit for purpose in our digital age. However, as the online information revolution sees our medical organisations move away from paper record keeping, it is vital that there are adequate and robust protections in place.

However, over the last few years, healthcare and the NHS has proved a profitable target for hackers, leading to a rise in medical data breaches. So much so that one in 13 patients will have their records stolen after a healthcare provider data breach.

The healthcare industry is one of the most vulnerable to cyber-attacks as two high profile data breaches highlight.

  • In March 2017, an IT system widely used by GPs allowed access to patient records by anyone using the same platform. This meant that the sensitive and confidential records of 26 million patients could be viewed by thousands of receptionists, clerical staff and pharmacists, even if they had no medical reason to review them
  • In May 2017, the WannaCry ransomware attack severely disrupted NHS operations, leading to cancelled appointments, diverted patients and suspended A&E services.

You can see a list of other NHS data breaches on the ICO website.

How do you make a NHS data breach compensation claim?

At Hayes Connor, we can help you make claims against a wide range of healthcare organisations already fined by the ICO. We can also keep you updated on upcoming and current healthcare data breach claim investigations.

We can make medical data breach claims against:

  • GPs
  • Pharmacies
  • Hospitals/NHS Trusts
  • Dentists
  • Opticians
  • Individual healthcare staff
  • Private health companies.

To claim compensation in a medical data breach case, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm, as well as anguish and anxiety. In fact, if you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful NHS data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

claim against Equifax
,

Everything you need to know about making a Group Action Claim against Equifax

In September 2018, Equifax was fined £500,000 by the Information Commissioner’s Office. The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

The fine came after Equifax’s failure to fix a security flaw in one of its online systems resulted in hackers accessing the personal details of millions of people in the UK and US.

But, while the fine is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

But, if you were a victim of the Equifax data breach, how should you go about doing this?

In this short guide, our helpful team of online fraud and data protection solicitors have set out everything you need to know about making a Group Action Claim against Equifax.

Who can make a data breach group action claim against Equifax?

Following the data breach, Equifax sent a letter to those affected, informing them that their data was put at risk. The sensitive information exposed includes email addresses, passwords, driving license numbers and phone numbers. Everyone who has received this letter can claim compensation.

However, since the hack was first uncovered, Equifax has admitted that far more people were put at risk than first thought. This includes:

  • The sensitive details of up to 694,000 Brits
  • The passwords and partial credit card details of 15,000 UK customers
  • The personal data of a further 14 million UK users.

If you are in any way concerned, contact Hayes Connor Solicitors and let us know. We will check if you have had your data breached (if the company has not admitted as much already). Once we have established that your data has been violated – and the extent of this failing – we can start the claims procedure on your behalf. Of course, we’ll only do this with your explicit agreement!

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety – in a way that could be diagnosed by a psychologist – then the law agrees that you are entitled to compensation.

Why should you join the group action claim against Equifax?

A group action allows people with the same type of claim to bring it together on a collective basis. Group action claims are becoming far more common in the UK. Here are just some of the reasons why:

  • Strength in numbers. Starting a claim can be frightening, and it’s not unusual for people who have perfectly valid complaints to be put off due to the risks of going up against a large and well-resourced Defendant. Where cases are very similar, group actions can be a powerful tool and can redress the balance
  • Save on legal costs. By joining together, individuals can share the risks and costs of claiming compensation. Legal advice is also shared, so not everyone in the action needs to pay for their own solicitor
  • Help victims with smaller claims. Group actions provide a way for people with more modest cases (that may not justify legal fees) to claim the compensation they deserve. Often, solicitors will agree to take such cases on a no-win no-fee basis
  • You might not have to go to court. Usually, a Test Case is started, and common issues are tried. The result of this case is then used as a precedent for other cases in the action; so every single claim doesn’t have to be taken to court.

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

We believe that a Group Action Claim against Equifax is the best way to seek compensation.

Find out more about group actions.

How much does it cost to join the Equifax group action?

At Hayes Connor Solicitors, we are dealing with all Equifax data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

What’s more, if your claim is successful we expect to be paid by the offending party (Equifax). So, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you are awarded £1,500, you’ll get all of the compensation. There are no solicitor’s fees win or lose.

There are also no hidden charges or other administration fees.

How much compensation can you expect following the Equifax data breach?

We cannot say that you will definitely get compensation, but a group action helps to strengthen your chances. We believe Equifax has breached people’s data and needs to be held responsible by compensating for any losses, distress and inconvenience caused. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

What should you do now?

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by the firm. We will keep your details (securely of course) and help you get the compensation you deserve.

Once you have registered with us, it’s important to keep a ‘diary’ or note of events since the hack. This will help us with your case.

For example:

  • Has your card been used without permission?
  • Are there transactions that you bank has picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email with your name on it? If so, create a folder and keep it as this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We have already received an influx of queries from people whose data was put at risk by the credit reference agency. If you were affected, you could be entitled to up to several thousand pounds, so it’s important to act now.

Register your details here.

,

Data protection complaints increase leading to possible rise of GDPR breach compensation

According to the Information Commissioner’s Office (ICO) – the watchdog responsible for regulating data protection laws in the UK – the number of reported data protection complaints has almost doubled since April this year. If the regulator upholds these complaints, there could be a corresponding rise in GDPR breach compensation claims.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.  This saw more robust data protection laws come into force. GDPR is the most significant change to data privacy regulations in over two decades. The new rules are designed to:

  • Boost the rights of individuals by giving them more control over their information
  • Put more limitations and responsibilities on how organisations can handle personal data
  • Make data protection (including data breaches) more transparent.

The GDPR also saw the introduction of tough penalties for data breaches. In fact, companies who fail to put adequate data protection processes in place and subsequently suffer a breach could face fines of up to €20,000,000 or 4% of their total global annual turnover for the last financial year.

While the ICO does not award GDPR breach compensation to victims, if a company is found guilty of a data violation this can strengthen an individual’s claim.

According to the ICO:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

The stats exclude the health sector.

The figures indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months. For example, at Hayes Connor Solicitors we are currently pursuing cases against:

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

If you have been affected by any of these cases, or if you want to make a GDPR breach compensation claim against another organisation, let us know.

Making a GDPR breach compensation claim

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

You can make a GDPR breach compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your GDPR breach compensation claim, quickly and easily.

Our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.

CONTACT US AND START YOUR GDPR breach compensation CLAIM TODAY

British Airways breach caused by the same hackers as Ticketmaster
, , ,

British Airways data breach caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent British Airways data breach. The group has been very active in the past three years. It is also thought to be behind the Ticketmaster data hack.

Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit card scheme.

A new report by RisqIQ states that there are clues linking the same operation to the British Airways breach. The company said the code found on the British Airways site was very similar. However, the code was modified to suit the way the airline’s website had been designed.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”.

If the British Airways data breach was carried out by the same group, the threat to consumers could be much worse than thought. RisqIQ has said that it looked like the group behind the attack had decided to target specific brands, and that more breaches of a similar nature were likely.

What should you do about the British Airways data breach?

Regardless of who was behind the attack, British Airways was responsible for keeping your data safe, and this is something it has failed to do.

The British Airways data breach has compromised payment details and personal data. This information that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. British Airways has said that it has informed those involved, so if you have received this email let us know.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW