, , ,

What information was stolen in the LOQBOX data hack?

The information stolen in the LOQBOX Data Hack includes

  • Customer names
  • Postal addresses
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Two digits of the bank account number used to make payments to LOQBOX
  • Payment card expiry dates.

According to some reports, the first six and last four digits of customer card numbers may also be at risk[1]. This information is very valuable to cybercriminals. For example, the first six digits identify the financial provider. This information is often used in phishing scams (see more on this below).

LOQBOX funds have not been affected by this data breach.

What can cybercriminals do with this data?

LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”. However, the Fintech does acknowledge that this data could be used for phishing scams.

What is phishing?

Phishing is where a fraudster poses as a legitimate organisation, your bank, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords.

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information (to commit identity or financial fraud).

Typical phishing scams include:

  • Where fraudsters contact you posing as your bank to trick you into giving them sensitive financial data
  • Where fraudsters contact you posing as a company (e.g. LOQBOX) and encourage you to hand over sensitive information (e.g. passwords)
  • Where scammers send out an email with a fraudulent link. This email instructs you to click on a link which leads to a fake page that collects more of your sensitive data
  • Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment.

You can find out more about Phishing here.

The full impact of the LOQBOX data hack is not yet known

Phishing scams can lead to your personal and sensitive data getting into the wrong hands. In the worst cases, this can lead to you falling victim to financial fraud and identity theft.

Dealing with hundreds of different types of data breach cases, one thing that has become apparent to our solicitors is that the full impact is often not felt until months after the initial violation.

The impact of a phishing scam can be devastating, and we have seen cases where the financial losses only start to occur three to six months later. This is often because the data stolen is used in batches over time.

What’s more, many clients involved in phishing cases go on to suffer from distress and/or psychological trauma as a result of having their details stolen and used in fraudulent activity.

Speaking about the possible consequences of the LOQBOX data hack, expert data protection solicitor Richard Forrest said: “At this stage, we cannot say with any certainty that the LOXBOX breach will not result in future fraud and financial loss. So, while LOQBOX might want to play this hack down, it must face up to its responsibilities and be held accountable for any data security failures that made the attack possible.”

Are you at risk because of the LOQBOX data hack?

If you are a LOQBOX customer, or if you have been a LOQBOX customer in the past, then you are affected by this cyber-attack. If you are in any way concerned you should contact the LOQBOX dedicated support team at help@loqbox.co.uk.

LOQBOX also works in partnership with a number of banks (e.g. Natwest, TSB and Monzo). Customers from these banks who use LOQBOX may have had their data stolen.

Make a LOQBOX data breach compensation claim

LOQBOX has told customers it is not currently offering compensation for the loss of personal data. Although it did say it was “extremely sorry”.

However, at Hayes Connor Solicitors, we are considering launching a no-win, no-fee group litigation action to help compensate victims of the LOQBOX data hack. We can take on your claim on a no-win, no-fee basis.

To become part of our LOQBOX group action – and receive updates on what is happening in this case – we need you to register with us. This ensures that you will form part of any LOQBOX breach group action compensation claim lodged by us.

Our process is fully compliant with ICO guidance, there is no obligation to proceed, and we never put your details at risk.

Register Now


[1] https://www.theregister.co.uk/2020/03/02/financial_startup_loqbox_data_breach/

, , , ,

You might be involved in the Equifax data breach but not know it

Equifax is the second-largest credit reference agency in the UK. But, in March 2017, a staggering data breach demonstrated how weak the company’s security processes were. This happened when the personal data of hundreds of millions of people was stolen from the credit reporting giant.

Luckily for Equifax, the breach happened pre-GDPR (General Data Protection Regulation). So, while the Information Commissioner’s Office (ICO) did fine Equifax £500,000 for its security failures, this punishment could have been much, much higher.

The fact that the Equifax data breach happened under old data protection laws has proved to be even more fortuitous for the company. Not least because Equifax didn’t have to adhere to newer, more stringent, consumer rights guidelines.

Equifax hasn’t informed everyone that was impacted by the data breach

Two sets of data were hacked. And, following the breach, Equifax wrote to 693,665 customers in the UK to confirm that they had their data stolen. Equifax also wrote to a further 167,431 UK consumers whose landline telephone numbers were already published in the public Phone Book and were accessed as part of the cyberattack. Many people who received this letter have since contacted Hayes Connor to claim Equifax data breach compensation.

But not everyone put at risk by the breach has been informed.

Today, in our post-GDPR world, companies must tell people if their personally identifiable data is involved in a security breach. But, before the GDPR was introduced on 25 May 2018, these businesses were only advised to do so.

Following its investigation into the Equifax data breach, the UK’s data privacy regulator (the ICO), said that millions of people in the UK could be affected by the hack. So, many victims will not have received a letter from Equifax to let them know that their data was put at risk.

Did you use an Equifax security product between 2015 and 2017?

Following investigations into the breach, it has come to light that anyone who used an Equifax security product between 2015 and 2017 could have had their data exposed.

But, if you haven’t had a letter, how can you find out if you were involved?

The good news is that Equifax knows exactly who was impacted by this breach. And it is legally required to tell you if your data was involved. The bad news is that you have to ask Equifax for this information.

Making an Equifax subject access request

In the UK, you have a legal right to find out if and how an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this information. This is called making a subject access request (SAR).  You can make a SAR to find out if your data was involved in a hack or breach.

The ICO has provided a handy template to help you to make a SAR.

However, sometimes, defendants like to swamp people with information in response to SARs. And this can make it very difficult to find the information required in the info supplied.

So, to make sure the process is as straightforward as possible, when you appoint Hayes Connor as your data protection lawyers, we’ll provide the exact wording needed to get the information you require from Equifax – and only this data.

Don’t let Equifax get away with it

There are many failings from Equifax that led to this breach being one of the largest disclosed. It is entirely down to these vast number of failings that the breach is so large and that the attack went undetected for so long.

In the US, a settlement required Equifax to pay $1.4 Billion into a fund to compensate affected consumers. And, if you live in the UK and were impacted by the Equifax data breach, we believe that you should also be compensated.

Register today to join our No-Win, No-Fee Equifax data breach

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that we have all the experience necessary to get the best possible result for you.

We are dealing with all Equifax data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.  What’s more, if your claim is successful, we expect to be paid by the offending party (Equifax). So, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means there are no solicitor’s fees win or lose.

There are strict time limits in place for making Equifax breach compensation claims, so it’s essential to act now.

REGISTER NOW

 

, , ,

Another Marriott data breach sees 5.2 million guest records stolen

In 2018, a huge data breach put 339 million Marriott International customers at risk.  And, while you think the hotel giant would have learned its lesson, this doesn’t seem to be the case. In fact, Marriott has confirmed that it has suffered another data breach – this time involving the personal information of 5.2 million guests.

In this breach, hackers obtained the login details of two employees, and broke into a Marriott franchise property system during mid-January.

What do we know about the latest Marriott data breach?

On Tuesday 31st March, Marriott announced that it was notifying some guests of a security incident involving an unspecified system at a franchise hotel. In a statement, the hotel chain said:

“At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.

“Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers”.

What data was exposed in the breach?

The following information may have been compromised in the hack. Although Marriott states that not all of this information was present for every guest involved:

  • Contact details (e.g. name, mailing address, email address, and phone number)
  • Loyalty account information (e.g. account number and points balance, but not passwords)
  • Additional personal details (e.g. company, gender, and birthday day and month)
  • Partnerships and affiliations (e.g. linked airline loyalty programs and numbers)
  • Preferences (e.g. stay/room preferences and language preference)

Are you affected by the latest Marriott data hack?

Marriott believes that up to 5.2 million guests may have been affected. It will be sending these people an email to confirm their involvement. You might find this email in your spam folder.

Where to get help/further information

Marriott has set up a dedicated website and call centre resource to support victims of the data breach. The website can be accessed here

Marriott customers living in the UK who are concerned about the data breach should call 08003457018. The call centre will be staffed during ordinary business hours in the United States, 8:00am-8:00pm EDT Monday through Friday. Language support will be provided in English and French, and additional translation services will be available upon request.

Was financial information exposed?

Marriott says there is “no reason” to believe payment data was stolen. However, the information that is at risk could be used by cybercriminals to extract additional financial data. For example, fraudsters may pose as a legitimate organisation to trick victims into handing over sensitive information (phishing).

As such, anyone affected by this breach must take additional steps to protect themselves.

  • Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances
  • Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  • Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  • Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  • Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  • Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from Marriott
  • Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  • If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  • If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
  • Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Can you claim compensation following the Marriott data breach?

Yes. If an organisation breaches the Data Protection Act you have a right to claim compensation. Marriot carries cyber insurance, and the company says that it is working with its insurers to assess coverage. However, while it also says that it does not currently believe that its total costs related to this incident will be significant, it is far too early to say.

The impact of a data breach can be both long-lasting and significant. A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Furthermore, many victims go on to suffer from stress, anxiety and distress. And, according to Victim Support, the effects of crime can last for a long time.

To make matters worse, this isn’t the first time Marriott has been responsible for failing to protect its customers. Last year, the Information Commissioner’s Office (ICO) announced plans to fine the hotel group £99.2million for failing to secure its systems. And the regulator is unlikely to look favourably on a further breach.

Why choose Hayes Connor Solicitors?

At Hayes Connor Solicitors, we have the expertise to investigate the impact of such breaches. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that we have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

REGISTER NOW

, ,

How to keep safe after the 118118 Money data breach

This week, many people contacted our data protection solicitors, concerned about how the 118118 Money data breach might affect them. This comes after 118118 Money informed customers about a security incident at the company.

In an email headed “Important information about your account”, 118118 Money confirmed that:

  • On Friday 20th March, illegal access to the network which includes 118118Money.com was discovered
  • The data obtained was call recordings. So, people who had called the 118118 Money customer service line could be affected
  • The customer service calls were accessed by the criminals responsible for the cyber attack
  • The data compromised could include names, addresses and dates of birth
  • Other personal information discussed in calls might also be at risk.

If you are a 118118 Money customer, you might find this email in your spam folder. It is also important to note that, while the breach was discovered on 20th March, it is not yet clear how long the hackers had access to the network before then.

Is financial data at risk after the 118118 Money data breach

While 118118 Money does not mention financial details, we have spoken to people who have confirmed that they did share their bank account info with the company over the phone. So, it is very likely that this sensitive information is in some recordings.

118118 Money states that it believes that there is a “low risk of your data being used fraudulently”. And that, “since the data is held in the form of call recordings, it would be extremely time-consuming for anyone to attempt systematically to extract or copy your personal information”.

However, there is absolutely no way of knowing this. And, sophisticated technology does exist to help cybercriminals extract specific pieces of data from conversations. So, anyone impacted by this breach is right to be worried.

One customer we have spoken to said that there was cash taken out of her credit card account around the time of the breach.

Protect yourself from cybercriminals after the data breach

To help protect customers, 118118 Money is offering complimentary access to the Experian ‘Identity Plus’ fraud monitoring service for the next 12 months. But, while we would recommend using such a service, we would advise customers to check the small print to make sure that, by accepting this offer, they do not sign away their rights to make a compensation claim.

Customers are also being warned that:

“Fraudsters may claim to be 118118 Money and attempt to contact you over phone or email. This is known as “phishing”.Please be aware that we will never call or email you to request your financial information. You should report any such requests to Action Fraud, the UK’s national fraud and cybercrime reporting centre on 0300 123 2040.”

In addition, at Hayes Connor, our data protection experts recommend that anyone affected by this breach follows these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.

  1. Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances. This may include organising a replacement bank card
  2. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  3. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  4. Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  5. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  6. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  7. Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  8. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  9. Change your passwords and make sure your devices are protected by up-to-date internet security software
  10. Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Can you claim compensation for the 118118 Money data breach?

Since the breach, 118118 Money has been liaising with the relevant regulators and authorities (as it is legally obligated to do). At Hayes Connor Solicitors, we are watching this case with interest, and, if 118118 Money has failed to protect its customers, we will launch a no-win, no-fee action.

You do not need to have suffered any financial loss to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. So, should personal data be found to be compromised, customers can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

Why should you choose Hayes Connor as your solicitors?

At Hayes Connor Solicitors, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. So, we are confident that our team has all the experience and know-how necessary to get the best possible result for you.

We also help steer you through the aftermath of a data breach – minimising the impact on you as much as possible. Our process is fully compliant with ICO guidance, and we never put your details at risk.

To become part of any future action against 118118 Money, we need you to register with us. There are no costs to do this and no obligation to proceed.

REGISTER HERE

 

 

, ,

Your personal information is at risk during the coronavirus pandemic

Hayes Connor has raised concerns about a potential increase in data breaches during the coronavirus pandemic. Primarily, our expert data breach solicitors believe that personal information is at risk in four different ways.

An increase in phishing emails and coronavirus scams

Hayes Connor has warned people to be on their guard in case of coronavirus scams and phishing messages. Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Find out more about this, and how to protect yourself from coronavirus scams here.

An increase in coronavirus apps

As the UK enters a period of full lockdown, a number of Covid-19 apps have been launched, one promises to check users’ symptoms remotely and to provide the latest guidance, while another seeks to help researchers identify hotspots and non-typical symptoms.

This follows similar apps being launched in other countries including Taiwan which is utilising technology during the global pandemic to monitor quarantined users’ movements, alerting the police if they leave their homes.

Talking about this, Kingsley Hayes, our managing director and data protection expert, said:

“Technological innovation during this unprecedented period of crisis may help official health organisations learn more about the coronavirus contributing to the global effort to contain and tackle the disease.

 “Caution should be taken by users however, in relation to how personal information such as gender, age, medical information and location will be stored, processed and shared. At a time of crisis, these and other developments will be introduced quickly and will likely be adopted rapidly by the general public as we all come to terms with significant disruption.

 “The organisations behind the apps should be transparent about how the collected confidential data will be used, stored and shared both during the pandemic and after.

 “While technological advancements mean that some have been able to respond quickly to the crisis by introducing apps which may prove helpful, protecting confidential data – even in times of crisis – should remain a priority.”

An increase in human error – the leading cause of data breaches

As the coronavirus situation escalates, we are all feeling more anxious than usual. Human error is the greatest cause of data breaches at the best of times, so it is to be expected that such instances might increase when people are worried and confused.

For example, when sending out an email to residents to inform them of changes to services during the coronavirus outbreak, Watford Community Housing Trust inadvertently leaked the personal details of 3,545 tenants. It did this by attaching a spreadsheet containing their highly sensitive and personal data. Watford Community Housing has apologised unreservedly for this breach, but had it implemented some simple security measures (e.g. password controls/encryption on sensitive data), any damage could have been alleviated.

So, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place.

An increase in data breaches due to homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Kingsley Hayes said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far-reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

What to do if you are the victim of a personal information breach

If you want to claim compensation following a data breach, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have.

We also understand that making a compensation claim can be stressful; especially where sensitive information is already breached. So, we remove the jargon and make sure you always know what’s happening with your case.

The UK’s leading data breach law firm, we may be able to act for you on a NO WIN, NO FEE basis – so you have nothing to lose.

Register to tell us about how a data breach has affected you. Or contact us on 0330 041 5131*.

*Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

, ,

Hayes Connor moves forward with LOQBOX data breach group action

Hayes Connor Solicitors is pressing forward with its group action case against LOQBOX. This comes after LOQBOX contacted customers to let them know that the company had been hacked. As a result of the LOQBOX data breach, sensitive personal information may have been compromised – including financial data in some circumstances.

Issuing LOQBOX with an Early Notice of Claim, Hayes Connor hopes to enter into negotiations with the company, and settle its client’s claims without them having to go to court.

LOQBOX data breach group action

Talking about the LOQBOX data breach group action, data protection expert and managing director at Hayes Connor Solicitors, Kingsley Hayes said:

“We have submitted the initial paperwork in our action against LOQBOX. This means issuing LOQBOX with an Early Notice of Claim on behalf of the many claimants who have registered with Hayes Connor in this case.

 “While LOQBOX made it clear that a personal data breach took place, customers have been left with no more than the barest of information as to the true circumstances surrounding the loss of their data. And no sense of how this breach was allowed to happen and what has actually been done as a result.

 “As a result, as well as letting LOQBOX know that we plan to start proceedings against the company, our letter also requests that LOQBOX provide us with evidence to establish how this breach was able to happen and an explanation of the response.

 “The bottom line is that we are very serious about getting our clients the compensation they deserve.”

What will happen next?

Many defendants take an Early Notice of Claim very seriously. So, we hope that LOQBOX responds to our request to enter discussions and provides the details we have asked for. Regardless, LOQBOX’s response will dictate our next steps. We are fully prepared to take this matter further, and to litigation if needs be.

It’s not too late to join our LOQBOX data breach group action

A data breach is a serious failure, so if your personal information was involved in this violation, you might be able to make a LOQBOX compensation claim.

To become part of our LOQBOX group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

We can take on your claim on a no-win, no-fee basis.

Why choose Hayes Connor for your LOQBOX data breach claim?

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years.

We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, at Hayes Connor, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve. We have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

If you wish to be part of our LOQBOX data breach, please register using the link below. You will then be contacted by our office to advise of the next steps. There are no costs to join our group action and no obligation to proceed.

REGISTER

, ,

Are you worried about the Watford Community Housing Trust data breach?

Watford Community Housing Trust has inadvertently leaked the personal details of 3,545 tenants. The violation happened when the Trust sent out an email to residents, informing them of changes to services during the coronavirus outbreak and the closure of its offices on Clarendon Road. At Hayes Connor, we have been contacted by many Watford Community Housing Trust residents, all of who are worried about the increased risk, and some of who are vulnerable and now living in fear.

What details were breached by Watford Community Housing?

Attached to the email was a spreadsheet containing the personal information of thousands of tenants. This included addresses, contact details, gender and sexual orientation. It is believed that everyone who received the email, also received the spreadsheet.

While Watford Community Housing Trust had hoped to reassure residents, the data breach has only led to more anxiety at this already difficult time.

The impact of the Watford Community Housing Trust data breach is devastating for many people

There are already calls for all 3,545 tenants to be compensated for the breach.

Speaking to the Watford Observer, one of the individuals affected said: “There’s vulnerable people out there, the information being leaked has put so many tenants in life changing and life-threatening situations. This is not appropriate. Therefore, an apology isn’t enough – everyone should be compensated.”

Another was reported to feel “horrible” that her sexuality was shared with thousands of people.

There were also concerns that home addresses were now publicly available, perhaps to people that some of those affected were trying to avoid.

Coronavirus and data breaches

Hayes Connor has already raised concerns about a potential increase in data breaches during the coronavirus pandemic. We believe that these could occur in several different ways. For example:

An increase in phishing emails and coronavirus scams

Hayes Connor has warned people to be on their guard in case of coronavirus scams and phishing messages. Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Find out more about this here.

An increase in data breaches due to homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Talking about this, Kingsley Hayes, our managing director and data protection expert, said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far-reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

 An increase in human error

As the coronavirus situation escalates, we are all feeling more anxious than usual. Human error is the greatest cause of data breaches at the best of times, so it is to be expected that such instances might increase when people are worried and confused.

However, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place.

Watford Community Housing might “apologise unreservedly for this breach”, but had it implemented some simple security measures (e.g. password controls/encryption on sensitive data), any damage could have been alleviated.

What can you do about the Watford Community Housing Trust data breach?

According to Watford Community Housing, anyone with concerns should email CustomerRelationsTeam@wcht.org.uk in the first instance.

However, with many tenants left upset, angry and even scared, many are seeking compensation and have turned to Hayes Connor for help.

If you are concerned about this breach, our professional, friendly team will be pleased to answer any questions you might have.

We also understand that making a compensation claim can be stressful; especially where sensitive information is already breached. So, we remove the jargon and make sure you always know what’s happening with your case.

The UK’s leading data breach law firm, we may be able to act for you on a NO WIN, NO FEE basis – so you have nothing to lose.

Register to tell us about how the Watford Community Housing Trust data breach has affected you. Or contact us on 0151 363 5895*.


*Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

 

, ,

Hayes Connor warns of coronavirus scams

Following warnings from the police that “individuals may be taking advantage of the vulnerable by posing as door-to-door coronavirus testers in order to gain access to people’s properties”, Hayes Connor has also warned people to be on their guard in case of coronavirus scams and phishing emails.

Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Types of coronavirus scams

In a recent blog post, Action Fraud listed the types of scams it has been seeing in relation to COVID-19. They include:

  • Online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived
  • Phishing emails purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area. To access this information the victim needs to either click on a link which redirects them to a credential-stealing page, or make a donation of support in the form of a payment into a Bitcoin account
  • Phishing emails from fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates
  • Phishing emails from fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn. For example, emails entitled “the positive impact on staying home (Corona-virus), make thousands a day trading Bitcoin”
  • Phishing emails from fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details.

In total, Action Fraud has received over 200 reports of coronavirus-themed phishing emails.

How to protect yourself from coronavirus scams

As we all try to navigate this difficult time, it’s essential that individuals remain vigilant to protect themselves from coronavirus scammers. This means:

  • Never clicking the links or attachments in suspicious emails or texts
  • Never responding to unsolicited messages and calls that ask for your personal or financial details
  • Understanding that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Knowing that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  • Not assuming that an email, text or call is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Being careful about who you trust. Criminals often try and trick people by telling them that they have been a victim of fraud and scaring them into revealing their security details
  • Knowing that criminals can make any telephone number appear on your phone handset, so even if you recognise a number, or it seems authentic, it might not be genuine
  • Not being rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Listening to your instincts. If something feels wrong, then it is right to question it
  • Having the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
  • Never hesitating to contact your bank or financial service provider on a number you trust, such as the one listed on their website or the back of your payment card
  • Being careful when making a purchase from a company or person you don’t know and trust
  • If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases
  • Always installing the latest software and app updates to protect your devices from the latest threats.

Reducing the risk of data breaches while homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Recognising the increased risks around data protection for employees working outside the office environment and implementing simple measures to mitigate the risk of a data breach is essential.

Kingsley Hayes, managing director at Hayes Connor Solicitors and data breach expert said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

For more advice on how to keep your data safe, follow Hayes Connor on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.

 

,

Hayes Connor insights: data breach trends in 2019

Scrutinising the past 12 months, Kingsley Hayes, expert data protection solicitor and MD of Hayes Connor, looks at some of the key trends and insights we are seeing in this evolving area of law.

The majority of data violations are entirely avoidable

Cybercrime and data breaches have become commonplace, with both private and public sector organisations failing in their data protection duties during 2019. But it is preventable human error, rather than cybercriminals, that is behind the vast majority of privacy violations.

In response, organisations now need to have a full audit of the personal information held, where it has come from and how it will be used. The flow of information, consent for holding and processing that information, and identifying whether an organisation can have and use this data lawfully are just some of the measures that need to be considered.

The ICO appears to be delaying its decisions

Despite our understanding of the ICO and its processes, we are concerned about the time some decisions are taking.

For example, in July, the ICO announced its intention to fine Marriott International £99,200,396 and British Airways £183.39m for infringements of the General Data Protection Regulation (GDPR). Following this announcement, both BA and Marriott International were given 28 days to respond. But this period has since passed.

The ICO has responded to questions about this delay stating: “Under Schedule 16 of the Data Protection Act 2018, BA [and Marriott] and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time.”

It is impossible to know why such delays are happening. Some people suspect that political uncertainty in the UK (Brexit and the 2019 General Election) might have held things up. The GDPR is an EU Regulation and, in principle, it will no longer apply to the UK. But, in practice, it’s hard to justify why Brexit should cause such a holdup. Indeed, very little should change when it comes to core data protection principles, rights and obligations. The Data Protection Act 2018 currently supplements and tailors the GDPR within the UK. And it continues to apply.

There is also a suggestion that the ICO needs more resources in our new GDPR area.

Whatever the reasons for the delays, the length of time the ICO is taking to make a final judgement is making it difficult for victims of data breaches to move on with the rest of their lives.

More than 40% of ICO fines haven’t been paid

As well as the delays, it has come to light that the ICO is still owed 42% of the total amount of fines it has handed out for data breaches, spam, and nuisance calling since 2015.

Does the ICO need more powers?  Surely a change in the law is needed to make sure that organisations not only take their data protection responsibilities seriously, but that they suffer the consequences where they don’t.

The law sits firmly behind the rights of individuals when it comes to data breach protection

In October, The Court of Appeal made a ruling on the Lloyd v Google case which may open the floodgates to data breach claims.

The Court decided that claimants would be entitled to compensation even if the only personal information breached was their email address. It also ruled that a claim would be valid without the requirement to prove a loss or damage as the loss of control of the personal information was sufficient grounds.

The ground-breaking judgement also clarified that firms representing only a portion of the total number of individuals affected in major data breaches, such as the British Airways and Ticketmaster incidents, can claim compensation for the entire population affected and can thereafter distribute the funds.

This is a very significant development which recognises that personal information has a value and when that private data is compromised, the individual has a right to compensation whether or not they have suffered actual, or potential, financial loss or psychological injury.

The ruling rightly adds further weight and consequence to any breach of personal data and is likely to open the floodgates as consumers become increasingly proactive about protecting their privacy rights and seek legal redress.

Businesses who are not already taking their data protection obligations seriously will have to step up their data protection practices or face legal action and hefty costs.

Data protection was at the forefront in the lead up to the general election

In a politically charged year, data protection was firmly intertwined with wider political developments.

The ICO wrote to all political parties at the beginning of November reminding them to adhere to data protection laws after concerns following its investigation in 2018 into how data analysis was being used for political purposes. And, in November, data security was front of stage again as news of two attempted cyber-attacks on the Labour Party were exposed. The party claimed that no personal data was breached in what was described as “large scale and sophisticated” attacks.

With significant amounts of private data is being stored, processed and shared by all political parties, the importance of robust cybersecurity measures at all times was firmly highlighted.

Also in November 2019, just before the UK General Election, Twitter announced that it would ban all political ads. It is likely that the ICO was happy with the move as it had already expressed serious concerns about how data is being used for political purposes. In fact, in 2017 it launched a formal investigation into this very topic. The Electoral Commission, a Department for Digital, Culture, Media & Sport Committee and The Institute of Practitioners in Advertising have also raised concerns about microtargeting voters profiled using unknown data.

Self-reporting has increased

The General Data Protection Regulation (GDPR), now requires organisations to report data breaches within 72 hours or face penalties. This is likely to be a critical factor in the number of data breach reports being made. On a positive note, anecdotal evidence suggests that businesses are getting better at identifying and reporting cyberattacks. And if organisations are now taking cybersecurity more seriously, this can only be a good thing for individuals.


Find out more in our 2019 Data Breach Report

At Hayes Connor Solicitors, we help our clients to claim data breach compensation following privacy violations, GDPR breaches and other cyber offences. A relatively new and evolving area of law, this is all we do. Consequently, we have become a specialist in data protection law, and we lead our field when it comes to understanding the complexities involved.

To help raise awareness of data breaches, each year we will be taking a look at some of the key developments that have occurred over the last 12 months. By shedding some light on events, we hope to raise awareness of the importance of data privacy. And help businesses and individuals to become fully protected in our increasingly online world.

Our 2019 data breach report is now available

In our report you can find out about:

  • Recent changes to data protection law
  • Key data privacy trends
  • high-profile data breaches that have occurred this year
  • ICO fines
  • Where we are up to with key cases (e.g. Ticketmaster, BA, Equifax, etc.).

What’s more, in 2019, we celebrated a number of significant wins and developments at our firm. And in this report, we share some of these with you.

READ THE DATA PROTECTION LAW REPORT IN FULL HERE.

 

, , ,

Sensitive medical data was sent to the wrong patient

When we think about data breaches, we often worry about hackers and cybercriminals getting hold of our banking and credit card details. But the truth is, most data breaches are caused, not by fraudsters, but by human error and poor data management processes. And the result can be just as devastating. In a recent case, our solicitors saw the significant damage and distress caused when personal medical information was sent to the wrong person. But what happened in this failure in patient care? And what can you do if it happens to you?

What happened in this case?

Our client was due to start a three-month course of treatment for anxiety and depression. But his mental health was made significantly worse when his private medical information, including his diagnosis and contact details, was sent to the wrong patient.

Realising the error, this patient returned the sensitive information to the relevant NHS department, and it admitted that it had made a mistake. However, it took the NHS four days to let our client know that his privacy had been violated. And the consequences lasted much longer.

This was a severe breach, which exasperated our client’s mental health issues. As a result, he went on to suffer a panic attack. To make matters worse, the NHS tried to minimise the incident and didn’t properly acknowledge or try to understand the effects that the breach had on our client’s existing mental health issues.

Keen to make sure that the NHS was held to account for its failure in patient care, our client contacted Hayes Connor Solicitors after we were recommended to him. This was particularly important as he did not see any evidence of new measures to avoid similar incidents recurring.

Following the shocking failure in patient care, we were able to secure £2,000 in damages for our client. He was pleased with the friendly, clear, honest and timely management of his claim and he was happy with the result – particularly as Hayes Connor consulted an expert to gauge the maximum compensation that could be secured in these circumstances.

We genuinely hope that our client can get on with the rest of his life. There is no doubt that he has become very security conscious as a result of the breach.

Medical organisations must be held to account

Nobody wants to sue the NHS. It does a great job under challenging circumstances. But, the sheer scale of the information we share with healthcare organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So, this data must be treated with the highest levels of care; not least because of the potential damage should it fall into the wrong hands.

In most cases, medical data breaches happen because of human error and a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. It is the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Not just hackers

Hayes Connor Solicitors wants to reduce the number of data violations taking place across the UK. To do this, we are sharing real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.