mermaids data breach

Have you been affected by the Mermaids data breach?

Mermaids UK, a charity that supports transgender children and young people, has experienced a severe data breach. Mermaids is the UK’s leading charity when it comes to offering support around gender and identity to those under 20. According to an article in the Sunday Times, the Mermaids data breach has exposed thousands of private emails between the charity and parents and made them public online.

What has happened in the Mermaids data breach?

The privacy violation exposed emails between 2016 and 2017. According to the Times: “More than 1,000 pages of Mermaids’ confidential emails, including anguished messages from parents about their children’s suffering, were uploaded for anyone to view. The correspondence includes names, addresses and telephone numbers.”

However, Mermaids claims that the 1,100 emails were between executives and trustees of the charity, discussing matters relating to their work. And that they were only searchable “if certain precise search-terms were used”.

The charity has said that it is “deeply sorry” for this “historical data breach”. And, after being warned of the leak last week, the charity removed the content from public view. It also reported the breach to the Information Commissioner’s Office (the data protection watchdog) and the Charity Commission.

Read the Mermaids data breach response in full.

Is the Mermaids data breach worse than the charity claims?

According to the Sunday Times, the emails contained “intimate details of the vulnerable youngsters it seeks to help”. It reports that these emails could be found merely by entering the charity name and its charity number into a search engine.

Mermaids has denied this and argues that there is “no evidence” that the information had been accessed by anyone other than the Sunday Times, or those contacted by their journalist.

A spokesperson for the charity said: “To be clear this is absolutely not Mermaids service users emailing each other, and their emails and private correspondence being available to an outside audience”.

An independent investigation into the Mermaids data breach will now take place.

How worried should you be about the Mermaids data breach?

Commenting on the data breach, a spokesperson from Mermaids said: “At the time of 2016-2017, Mermaids was a smaller but growing organisation.  Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur”.

However, regardless of the size of the charity at the time, people using its services had the right to expect that their data was being looked after. So this doesn’t help those vulnerable individuals whose personal and potentially intimate details have been exposed.

Also, it seems like the charity is hoping that it can get away with just apologising and promising that it won’t happen again. But such a noticeable absence of care over the very real impact of a data breach should not be tolerated or accepted.

Every day we see what happens when the personal information of people across the UK falls into the wrong hands. And the consequences can be damaging and long-lasting.

Making a charity data breach claim

Many people are passionate about the charities and causes they care about. But, while you might support their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data.

Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often charities and organisations are insured against data breaches, so you don’t have to worry about the impact of the good work you support.

Have you been affected by the Mermaids data breach?

Mermaids has said that it has contacted those affected by the breach. If you have been told that your data has been put at risk, you may be able to make a no-win, no-fee Mermaids data breach compensation claim.

You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

If you are worried that Mermaids UK has put your data at risk, find out more about making a data breach compensation claim. Or contact us today for a free initial assessment.


Stop cybercriminals stealing your money!

Financial fraud is on the rise. But there are some simple steps you can take to protect your money and info from hackers, fraudsters and scammers.

According to Take Five To Stop Fraud – an organisation that offers straightforward and impartial advice to help everyone in the UK protect themselves against financial fraud – one of the most important things you can do is stop and think. Because, according to the cyber-security experts, you probably already know these basic rules on how to stay safe from financial fraud. You just need to take a breath and stay calm enough to remember them.

What else does Take Five recommend?

  1. Understand that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  2. Know that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  3. Never automatically click on a link in an unexpected email or text. This could result in you giving a fraudster access to your personal or financial details
  4. Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number
  5. Don’t assume an email or phone call is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  6. Be careful who you trust. Criminals may try and trick you by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and to reveal your security details
  7. Know that criminals can make any telephone number appear on your phone handset. So even if you recognise a number, or it seems authentic, it might not be genuine
  8. Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  9. Listen to your instincts. If something feels wrong, then it is right to question it
  10. Have the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
  11. Never hesitate to contact your bank or financial service provider on a number you trust. For example the one listed on their website or the back of your payment card.

Get more advice from Take Five here. You can also take a quick test to find out if you are too smart to be scammed.

Types of financial fraud

A cyber-attack can take many forms including:

  • Financial data hacks. Hacking can lead to your personal and sensitive data getting into the wrong hands. In the worst cases, this can lead to you falling victim to financial fraud and identity theft. The impact of data hacking can be devastating, and we have seen instances where financial losses only started to occur three to six months later. This is often because data stolen is used in batches over time.
  • Financial phishing attacks. Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information. Unfortunately, in most cases, where someone has become a victim of a phishing scam, their bank is not responsible for their losses. So, people can be left not knowing where to turn for compensation.
  • Bank and credit card takeover fraud. Takeover fraud happens when a criminal uses another person’s account information (e.g. a credit card number) to buy products and services. Takeover fraud is also used by scammers to extract funds from a person’s bank account.
  • Push payment scams. Push payment fraud (also called APP fraud) happens when cybercriminals deceive individuals into sending them money. Because the victim believes the fraudster to be genuine, they authorise the handover of cash.

Not Just Hackers

Despite fears about cybercriminals, it is human error rather than cybercrime that is the biggest cause of financial data breaches. Typical examples of such errors include where a bank or other financial organisation:

  • Sends sensitive data to the wrong recipient (via email, post or fax)
  • Loses paperwork
  • Forgets to redact data
  • Stores data in an insecure location
  • Loses devices such as laptops, phones and tablets
  • Doesn’t train its staff properly on data protection or where staff deliberately ignore data
  • Leaves sensitive information online without any password restrictions.

Find out more about our #NotJustHackers campaign.

Are banks doing enough to protect customers from data breaches?

In many cases, financial data breaches happen because of a failure to implement reasonable and robust processes. Often because of the cost needed to do this.

But, by not putting adequate processes and training in place, banks and other financial organisations are leaving customers open to an increased risk of cyber scams and avoidable mistakes that lead to data breaches.

Protect yourself following a financial fraud, data breach or scam

If you are worried about the security of your money and personal information, you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a financial data breach or cyber fraud, contact us to find out how we can help you to claim compensation for any loss of money and/or emotional distress.

personal details

Head teacher fined for data protection breach after obtaining personal information about schoolchildren

A former headteacher has been fined. This comes after he took personal information about schoolchildren from his old school to his new one. The breach took place at two primary schools where he had worked previously. The violation revealed “large volumes of sensitive personal data” from his previous schools on his new school’s system.

What happened in this data protection breach?

A former headteacher downloaded personal information about his former pupils onto a USB stick. Next, he uploaded this data to servers at his new school. The information included:

  • Names
  • Unique pupil numbers
  • Pupil attainment and progress spreadsheets
  • Performance management data for staff.

The teacher (who was now a deputy head) was suspended from his role. This situation only came to light after an IT audit discovered the data protection breach.

What did the ICO decide?

The Information Commissioner’s Office (ICO), said that the teacher had no lawful reason to process the data. This means that he breached data protection legislation. Initially, the teacher had “no valid explanation” for how the data appeared on his school’s server. But he later admitted that he took the data for professional purposes.

Appearing before Ealing Magistrates’ Court, the teacher admitted two offences of unlawfully obtaining personal data. He was fined £700, ordered to pay costs of £364.08 and a victim surcharge of £35.

What did the ICO say about this breach of personal data?

Commenting on this data protection breach, Mike Shaw, manager of the ICO’s criminal investigation group, said:

“Children and their parents or guardians have the right to expect that their personal data is treated with respect and that their legal right to privacy is adhered to.

“A head teacher holds a position of standing in the community and with that position comes the added responsibility to carry out their role beyond reproach.

“The ICO will continue to take action against those who we find have abused their position of trust.”

Lessons learned following this personal data breach

This case should remind employees across all sectors of the risks data violations. Because if someone accesses or shares personal data without a valid reason, they could face criminal prosecution and fines.

Organisations also need to do more to protect personal data. This includes ensuring comprehensive data protection training is in place. And making sure employees understand the consequences of breaking the law.

Furthermore, organisations must ensure adequate and robust protections so that information is only accessed by those people who need it. There must also be a record of such access.

Helping to reduce the impact of educational personal data violations

The Data Protection Act exists to protect the privacy of individuals. In an educational context, this means students, their families, and staff.

However, many schools have struggled to keep up with changes in the rules covering the use of technology. And this could leave everyone vulnerable.

If an individual’s data is violated by an organisation they trusted to look after it, at Hayes Connor Solicitors, we help them to make a compensation claim.

If you or a member of your family has suffered damage or distress caused by a school, college or university breaching any part of the Data Protection Act, you have a right to claim compensation.

Not Just Hackers

There has been a worrying rise in reported data breaches across the UK education and childcare sector. Competing priorities and limited budgets make meeting data protection requirements challenging and this makes schools, universities and colleges an attractive target for hackers.

But, despite the threat posed by cybercriminals, human error remains the leading cause of data privacy violations.

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. As such, we are sharing such real-life examples of data protection breaches.  In doing this, we hope to raise awareness of this issue. We also want to educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses. Or contact us to discuss your case in more depth.

Information Breached

Pensioners’ confidential information breached after printing error at Waltham Forest Council

Human error is the leading cause of privacy violations. And, a mistake at Waltham Forest Council has resulted in thousands of pensioners having their confidential information breached.

This grievous error happened when a “printing error” produced P60 forms which included the confidential information of two different people. Worryingly, this mistake wasn’t spotted. So, pensioners received their P60 forms with their own, correct information on the front, and a stranger’s details on the back.

The confidential information breached included their national insurance details, addresses and other private information.

In total, over 3,000 incorrect statements were issued.

Why was this confidential information breached?

The mistake was flagged on Facebook by James O’Rourke. His mother-in-law received a double-sided P60. He said:  “It appears Waltham Forest Council has yet again been frivolous with its residents’ data.

“My mother-in-law, a former council employee, received her pension P60 this week. To her horror it had been printed upon on both sides, the reverse side being another person’s P60.

“A few days later she received another P60 with an attached letter. No reassurance as to whether her data has not been so sloppily dealt with.

“This is not the first time the council has breached the Data Protection Act this year, so the Information Commissioner’s Office must take immediate action and the ultimate person responsible taken to task.”

Waltham Forest Council admits the breach

In a letter, Waltham Forest Council admitted the breach. The council stated: “Due to an error with our printing partners a small number of these were printed with information on the reverse relating to another customer. We sincerely apologise for this error.

“Please destroy the P60 you were sent originally immediately and securely, using a home shredder if possible.

“You can also send this to the council if you would like us to destroy this for you.

“I can assure you we are taking steps to prevent any future occurrences of this type of error in the future.”

A council spokesperson has also said that: “We take protecting people’s data very seriously and are very sorry for any concern caused.”

What can you do if you have had your confidential information breached?

Waltham Forest Council has investigated the issue, and it has implemented new sign off procedures to prevent this from happening again. It has also sent an apology letter to everyone affected.

But this falls far short of what we would expect.

In far too many cases, when a breach occurs the accepted risk management plan seems to be to apologise and promise it won’t happen again. But such a noticeable absence of care over the very real impact of a data breach should not be tolerated or accepted.

What’s more, the council has also said that there is no risk of fraud because of the data breach. But there is simply no way they can know this. Every day we see what happens when the personal information of people across the UK falls into the wrong hands. And, even where cybercriminals are not initially involved, the consequences can be damaging and long-lasting.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

To find out more, give us a call on 0151 363 5895 to discuss your case in more depth.


data breach

Council employee carries out personal data protection breach to help his partner get a job

A former senior local government officer has been fined. This comes after he shared the personal information of rival job applicants with his partner. The man’s partner had applied for a job at the council. As this could have meant the other applicants lost out on the job unfairly, this was a severe personal data protection breach.

What happened in this personal data protection breach?

In July 2017, Nuneaton and Bedworth District Council advertised an administrative job.

Because he was in a relationship with one of the candidates, the local government official was not involved in the recruitment process. Despite this, he decided to access the council’s recruitment system and email the personal information of all the shortlisted candidates to himself and his partner.

The data breached included the names, addresses, telephone numbers and CVs of each candidate.  The breach also included the personal contact details for each of their two referees. This is a shocking violation of data protection laws.

On discovering the data breach, the man resigned from his position at the council. His partner had been successful in her application, so she also had her employment terminated.

What was the result of this personal data protection breach?

The Information Commissioner’s Office (ICO) decided to prosecute this data privacy violation. The man was fined £660, ordered to pay costs of £713.75 and a victim surcharge of £66.

Steve Eckersley, Director of Investigations at the ICO, said:

“People who supply their personal information to an organisation in good faith, such as when applying for a job, have a legal right to expect it will be treated lawfully and ethically.

 “Not respecting people’s legal right to privacy can have serious consequences, as this case demonstrates. Not only might you face a prosecution and fine, along with the attendant publicity, but you may also lose your job and severely damage your future career prospects.”

Lessons learned?

In this case, little could have been done to protect those people who had their data breached. The man had been trained in data protection. So he fully understood that he was breaking the law.

However, employees must understand that they could face criminal charges and fines if they access or share personal data illegally. In fact, after stealing the data of nearly 100,000 staff from supermarket Morrisons, one ex-employee was jailed for eight years.

Organisations also need to do more to protect personal data. This includes putting robust systems in place to ensure that confidential information is only available to those people who need it to do their jobs.

Not Just Hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of personal data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

data breach solicitors

Worried about the latest Talk Talk data breach revelations? Here’s what you should do

BBC Watchdog Live has revealed that TalkTalk failed to inform 4,545 customers that their personal information was stolen as part of a 2015 data breach. This includes their bank account info. These customers may now have a data breach compensation claim.

To make matters worse, researchers for the programme have discovered the following info online after a simple Google search: full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers, bank details.

It is thought that this information could have been accessible online since the breach.

If you are concerned that your data has been exposed by Talk Talk, we would advise you to:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • Contact your bank and/or credit card providers immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phasing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords
  • If you are offered any form of compensation or free services from Talk Talk, check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a data breach compensation claim at a later date.

The ICO has fined TalkTalk but you can still make a data breach compensation claim

The ICO has already fined £400,000 for the 2015 data breach. But it doesn’t look like this matter is over. Especially as 4,545 customers may have received the wrong notification regarding this incident. If you are one of those customers you may be able to make a data breach compensation claim.

Making a data breach compensation claim against Talk Talk

If you want to make a data breach compensation claim, our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim against Talk Talk. We will also be pleased to answer any questions you might have.

Crucially, it doesn’t matter if you haven’t lost out financially because of the data breach. Watchdog says that it has spoken to many people who were affected by the TalkTalk data breach. Many, have been subject to “frequent scam calls, and in some cases attempted fraud and identity theft, impacting their credit rating”. To claim compensation, you must be able to prove that you suffered as a result of the breach. This includes financial harm, as well as anguish and anxiety.

Make a no-win, no-fee data breach compensation claim with Hayes Connor Solicitors

At Hayes Connor Solicitors, our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about any investigation, and your legal rights when making a claim.


data protection claims

Why do some people make a mockery out of data protection claims?

As data breaches continue to rise, we are holding more and more companies to account for their violations of trust when it comes to your valuable information. However, as we do that, we are sometimes compared to “ambulance chasers”.

But, while some might view GDPR claims as opportunist, for the millions of people suffering because of a data breach, this couldn’t be further from the truth. Every day, privacy breaches are causing misery and upset to people across the UK.

Data breaches can be devastating

At Hayes Connor Solicitors, we see many different types of claims. And we know how data breaches can affect people in different ways. For example:

  • As a direct result of a NHS privacy violation – our client’s relationship with her family broke down. She received threats from a family member resulting in police involvement. There was also an ongoing worry of further danger. Our client suffered stress, anxiety attacks and trauma. And she required medication to help manage the psychological effects of this terrible breach of trust
  • A bank sent personal information disclosing our client’s financial situation to his previous address. His ex-partner still lived there. This happened despite him changing his address with his bank five years ago. Our client’s ex-partner shared this information with her friends and family. This caused him significant distress and embarrassment. Furthermore, once aware of his financial position, our client’s ex-partner refused him access to their children and prevented him from taking them on holiday
  • A data mix up and breach saw a stranger turn up at our client’s home and accuse her of attempting to “clone” his daughter’s identity. Our client was alone with her two young children, one of who is disabled. She found this experience both frightening and upsetting.

As you can see, we deal with serious cases that often put people’s mental health. In some cases, even their lives at risk. So downplaying the impact of a data breach claim is extremely disrespectful to the victims.

GDPR data breaches must be taken seriously

When it became clear that people across the UK were mis-sold PPI, often to the tune of thousands of pounds, there was a surge of new claims management companies on the scene. All promising to help consumers get back what they were due.

But, all too often, these companies were more concerned about making fast cash than helping victims. Assurances of no up-front fees turned into extortionate commission rates. And that left people short-changed.

With the deadline for consumers to complain about the sale of PPI products coming to an end, many unscrupulous claims management firms will undoubtedly look to switch from PPI to GDPR to make money.

But, that doesn’t mean that victims of data breaches shouldn’t claim compensation. It’s not their fault that ambulance chasers are preparing to go after the GDPR negligent. What matters is that they get the professional legal representation they deserve.

We hate spam and pushy lawyers!

At Hayes Connor Solicitors, we have never done PPI claims. What’s more, we only ever get in touch with people who have asked us to. This means we never cold call, send spam texts, spam emails, or engage in any other form of nuisance marketing. We never pressure anyone into making a claim.

Instead, we believe that it is vital to educate people to help prevent such breaches from happening. And, where a violation has occurred, we make no excuses for seeking compensation. This is necessary to help people get their lives back on track as soon as possible.

Furthermore, we don’t believe that our obligation to our clients stops there. We also give them all the information we can so that they can protect themselves after a breach, and stop a bad situation from becoming worse.

Organisations must be held to account for data breaches and their failure to protect our personal data

The sheer scale of the information we share on online is enough to leave victims open to the threat of financial and identity fraud. For example, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

But what many people don’t understand is that the emotional impact on victims can be just as devastating. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect a person’s friends, family and job.

And, in most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by organisations not taking data protection seriously resulting in simple human errors.

With hacks and breaches happening more and more often, something has to be done to make companies accountable for such loss and anguish. So, claiming compensation isn’t just in the best interests of victims – it could also be the only way to ensure that organisations implement more secure processes.

Perhaps it’s time to turn the spotlight on those businesses not doing enough to meet their legal obligations under the GDPR?

Hayes Connor Solicitors

Hayes Connor Solicitors – why we do what we do

Here at Hayes Connor Solicitors, our core aim is to help our clients get the redress they deserve following data protection breaches, cybercrime, and other online offences. And we often talk about the types of data breach cases we are involved in and how we advise and support our clients.

If you want to see some examples of this, you can check out our case studies here.

But, as well as understanding the type of work we do, we also think it’s essential that you know a little bit more about us when choosing a solicitor. So with that in mind, what is it that we are passionate about, and what makes us tick?

Exceeding the expectations of basic client care and professionalism

Ask any solicitor and they will tell you that they act professionally and look after their clients. But, at Hayes Connor Solicitors, we want to do more than meet your basic expectations – we want to exceed them.

With this in mind, we are continually looking for ways to improve and enhance our service and have created a culture where promises are kept.

In 2019, we were delighted to be recognised for our efforts in this area when we were highly commended at the Eclipse Proclaim Modern Law Awards.

Keeping you informed. Every step of the way

A relatively new and evolving area of law, our specialist data breach and cybercrime solicitors lead our field when it comes to understanding the complexities involved. And we have invested heavily in client education to ensure you do too.

For example, we have created jargon-free content on subjects such as:

We do this because we want our clients to have as much information as possible before making a claim so that they feel fully informed at all times. Through this approach, the data breach claims process is easy to understand, straightforward and stress-free.

We hate spam and pushy lawyers!

At Hayes Connor Solicitors, we only ever deal with organic enquiries. We never buy data, cold call, or send spam texts or emails. Even our PPC campaigns are monitored to reduce the spam effect, and we never pressure anyone into making a claim. We feel this is essential when it comes to protecting our clients, and upholding the standards of the legal profession.

Protecting our clients from the impact of data breaches and cybercrime

To do this, we seek compensation to help them get their lives back on track as soon as possible. But we don’t believe that our obligation to our clients stops there. So, we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

We also work with Victim Support to help those affected by cybercrime and data breaches. The partnership sees us provide the charity with regular expertise and advice on its legal content.

Stopping data breaches happening in the first place

At Hayes Connor, we create regular content to help raise awareness of the growing threat of cybercrime and data breaches. We do this because the more people are aware of the risk, the better protected everyone will be.

Removing the hassle from making a data breach claim

As consumers, we all want a fast, efficient, no-nonsense service – and that’s precisely how we deliver legal services to our clients. As such, we use the latest technology and a highly-trained team to provide excellence of service quickly.

The technology used at our firm has also helped us to understand what our customers need from us, and we use this insight to provide information across several platforms, including social media.

It’s this commitment to continued service improvement which means we are at the forefront of our industry when it comes to using ground-breaking technology to meet the needs of our customers. Enquiries are dealt with sooner, cases are more thoroughly reviewed, and customers are responded to much quicker.

Committed to data protection

We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you.

Once we have your details, we treat these with the utmost care, compassion, and privacy.  We never pass on these details to third parties for marketing purposes – or indeed for any other reason without express permission. This commitment to ensuring our customers’ peace of mind is absolute.

As well as making sure all personal details are protected/confidential, we also deal with all enquiries sensitively and professionally, and we never ask unnecessary or intrusive questions.

Hayes Connor Solicitors is a niche firm operating in the data breach and protection sector. We help our clients to claim the compensation they deserve following data protection breaches and other cyber offences such as computer fraud, identity theft, defamation, hacking, phishing scams, and more. Find out more about us and the work we do.

data breach

Data breach help & support

Most of us use the internet to help make our day-to-day lives better. But despite its benefits, the more information we put online, the more likely it is that something will go wrong. At Hayes Connor, our expert solicitors deal with a significant number of data breach cases every day. During our work, we see many different types of claims. So we understand how data breaches can affect people in different ways. If you have suffered because of a data breach – regardless of whether this was caused by cybercriminals or human error – it’s essential that you get the data breach help you need to get you through this difficult time.

Committed to reducing the amount of data privacy violations, and supporting victims wherever we can, here is a list of websites you can turn to for data breach help, advice and support – before, during and after a data breach.

Where to get data breach help & support

Victim Support

Victim Support is the leading independent victim’s charity in England and Wales. It helps people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims of crime across the UK.

Hayes Connor is working with Victim Support to help those affected by cybercrime and data breaches. Ultimately, it’s about ensuring victims have access to the support they need when they need it. Victim Support and Hayes Connor also help to raise awareness of the threat to keep people safe online.

Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is an independent authority, set up to uphold information rights in the public interest, and to promote openness by public bodies and data privacy for individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties. You have the right to ask the ICO to assess if an organisation breached the Data Protection Act.

At Hayes Connor Solicitors we often work with the ICO to gather as much evidence as possible to help our clients succeed.

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime. Victims of online offences such as scams and financial/identity fraud should contact Action Fraud to report their loss. You can do this online or via telephone.

For any other form of cybercrime such as online stalking, harassment, or fears about sexual grooming, you should contact the police directly.

National Security Cyber Centre (NSCS)

The NSCS is helping to make the UK the safest place to live and work online.

It supports the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, it provides effective incident response to minimise harm, help with recovery, and learn lessons for the future.

Cyber Aware

Cyber Aware is a cross-government awareness and behaviour change campaign. It aims to help small businesses and individuals to adopt simple, secure online behaviours to help protect themselves – and their customers – from cybercriminals.

Cyber Essentials

Cyber Essentials is a government-backed scheme that helps to protect organisations, whatever their size, against a whole range of the most common cyber-attacks.

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety. It contains lots of helpful guidance to protect you and your data from the threat of fraud, identity theft and abuse.

Have I Been Pwned

Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised.

Net Aware

Created by the NSPCC and O2, Net Aware provides simple, no-nonsense guidance to parents and guardians on the social networks their kids use. It helps parents and guardians stay up to date and keep their children safe in today’s digital world.

No More Ransom Project

Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. The No More Ransom Project has created a repository of keys and applications that can decrypt data locked by different types of ransomware. It also has advice on how to protect you from this threat in the first place.

Take Five To Stop Fraud

Take Five offers straight-forward and impartial advice and helps everyone in the UK to protect themselves against financial fraud.

Hayes Connor Solicitors

If you need data breach help, at Hayes Connor, we have created a wealth of advice, news and other resources to raise awareness of the importance of data protection. We encourage individuals and organisations across the UK to use this information to help keep everyone safe.

Alternatively, for more data breach help and advice, follow us on Twitter and Facebook.

If you have been the victim of a data breach or cyber fraud, you can also contact us to find out how we can help you to recover any losses.

data breach

Is your local council doing enough to protect your data?

Wokingham Council has suffered its fifth data breach in a year. This demonstrates why more and more residents are looking to sue for breach of data protection.

The latest data breach happened when a woman had her benefit payment details leaked to another resident. Just a month earlier, the council had to apologise after a sex abuse victim had her data shared with her attacker. This happened not once but twice and could have caused significant upset and harm for the victim.

Worryingly, when talking about the failures, the council’s customer service team said that “it happens”.

A spokesperson for the council has since apologised for the data breaches. And the local authority is implementing measures to safeguard sensitive information.

But, people have the right to expect that councils across the UK have already established robust privacy processes. Why do people have to sue for breach of data protection before councils give this issue the attention it so obviously needs?

Local authority data breaches

The truth is, at Hayes Connor know that councils are neglecting people’s privacy all the time.

For example:

Local governments must do better if they don’t want people to sue for breach of data protection

Despite the threat of crime, all too often it is human error that is to blame for council data breaches. And, while in many cases local councils argue that the violations are “low risk”, we believe that playing down the risk is the wrong approach to take.

Instead, councils must understand the harm caused when they don’t look after our data correctly. The impact of such negligence can’t be underestimated.

Just having access to an individual’s name and address can result in financial fraud and/or identity fraud. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. A data breach can also lead to distress and psychological trauma.

What’s more, even if nothing has been done with that information as yet, it doesn’t mean the data is safe. Working exclusively on data breach and cybercrime cases, it has become clear to our solicitors that the impact and losses people sustain following a data privacy violation are not always immediately apparent. We see instances where the effects only became clear months later.

What can you do to stop a breach of data protection from happening to you?

If you are concerned that your data might be at risk by a local authority, you can ask for a copy of the data the council holds about you. This is called a subject access request (SAR).

This won’t guarantee that an error doesn’t result in your information being exposed, but it is a reasonable safety precaution to take. You can also ask the council for a copy of their acceptable use policy and data protection policy.

Not just hackers

Our local governments were hit by almost 100 million cyber-attacks over five years. And one in four council systems were successfully breached. But, while the threat of cybercrime is something that the public sector needs to take seriously, it must also do more to address the issue of human error.

Waiting until a data breach happens is simply not good enough.

For advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud and you want to sue for breach of data protection, contact us. We will answer any questions you might have and discuss your case in more depth.