data breach claims
,

23,000 Fortnum & Mason customers could be entitled to data breach compensation

High-end grocer Fortnum & Mason, has become the latest business to suffer a significant data breach due to hackers. This week, the store revealed that 23,000 customers have had their personal details stolen. The compromised information includes email addresses, home addresses, phone numbers and social media names.

Those affected should now consider claiming for data breach compensation.

People who may have had their details stolen include:

  • Those who voted for the TV personality of the year category at the store’s food and drink awards
  • People who entered a competition to win tickets for an exhibition of Charles I’s art collection
  • Customers who filled in a survey about the concierge service at Fortnum & Mason’s Piccadilly store.

The poll had been organised by Typeform, a company which specialises in creating surveys and forms. On 27 June Typeform discovered that an unknown third party had accessed its server and downloaded information. In response, it “immediately and fixed the source of the breach.”

Commenting on the latest data protection scandal, Fortnum & Mason chief executive Ewan Venters has said that the hack is mostly limited to email addresses and there is no evidence that highly sensitive information like bank details or credit cards have been accessed.

However, today’s cybercriminals don’t just care about our financial information. They can also cause chaos with personally identifiable information such as an email address. In fact, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

The Fortnum & Mason data breach comes hot on the heels of a similar incident at Ticketmaster.

These types of incidents are becoming increasingly common and they often have severe consequences for those affected, so you could be entitled to thousands of pounds in data breach compensation. What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

All those affected have been contacted. So, if you have received confirmation that your details have been hacked, we would urge you to let us know and start a data breach compensation claim. If you took part in any of the surveys or polls listed above and you haven’t received an email, make sure that you check your junk mail folder.

Once registered with us, we’ll let you know what is happening in this case and if and when you can claim. You should also raise any concerns with the ICO.

 

REGISTER NOW

equifax data breach even worse
, , ,

Equifax data breach is even worse than first thought

In September last year, it was revealed that up to 400,000 people in the UK might have had their personal details stolen when Equifax was hacked by cybercriminals.

Equifax is the second largest credit reference agency in the UK and is used by a wide range of companies to decide whether to issue mortgages, loans, store cards, credit cards, etc. So, even if you are not an Equifax customer, it could still hold a wealth of information about you. That’s why, when it was revealed that hackers had gained access to the private details of Equifax customers (both here and in the US), it was big news.

At the time, it was reported that the stolen data included names, address, dates of birth, and credit card numbers. However, last month it became apparent that the sheer scale of the Equifax breach had gone from bad to worse, with more information stolen than initially reported. In fact, 3,200 passport images were also taken by cybercriminals, despite initial denials from the company.

How can cybercriminals use your private data?  

Along with the original info stolen, our images are considered to be personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following a data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

Holding Equifax to account

While Equifax was the victim of a cyber-attack, it was responsible for protecting your personal information. So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

The stolen passport images relate to those individuals already impacted by the breach, so, if you have previously received a letter from Equifax informing you that your data was put at risk, it is vital that you now make a compensation claim and hold them to account.

To make matters worse, not only did Equifax fail to come clean straight away about the scale of the breach, but a former Equifax executive also sold his shares in the company before the news of the hack went public. Earning roughly $1 million in the process, the executive was set to profit at the expense of millions of customers. He has since been charged with insider trading, but his actions reflect a disdain for consumer data protection that is all too common.

With data breaches on the rise, something has to be done to make big companies accountable for these losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

What should you do now?

In the UK, investigations into the Equifax data breach are still ongoing, and, we’ve been contacted by hundreds of people worried that their personal data was not looked after as carefully as it should have been.

In response, at Hayes Connor, we are preparing a group litigation action for everyone who has had their data accessed in the Equifax data breach. To become part of this group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

While each case is different, we expect to claim £1,000 to £2,500 per person. And, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you are awarded £1,500, you’ll get all of the compensation. So there are no solicitor’s fees whether you win or lose.

If you have been affected and want to join our group action, register your details here.

Data Breach experts
, ,

Facebook data breach latest: 200 apps suspended

Facebook has suspended around 200 apps as part of its ongoing investigations into the potential misuse of personal data following the Cambridge Analytica privacy scandal.

In an announcement on its website, the social media giant said: “We have large teams of internal and external experts working hard to investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data.”

Facebook is currently conducting a “comprehensive review” to identify every app that had access to large amounts of potentially sensitive data before it changed its policies in 2014.

While there is not as yet a publically available list of the 200 apps under investigation, Facebook has promised that if they discover that an app has misused data, it will be banned. It has also informed users that they can check whether they were affected here.

However at the time of writing, only “This Is Your Digital Life” – the app at the centre of the scandal – is listed on the tool. The other 200 apps have not yet been added.

To date, a whopping 87 million people are thought to be affected by the data breach. And the people who used the 200 suspended apps are likely to see this number increase even further. In fact, with more than nine million apps supported by Facebook six years ago, it is expected that the revelations about abusive apps have only just begun and that the final number of people affected will be staggering.

 

What now?

Hayes Connor is preparing to launch a group action against Facebook and Cambridge Analytica. You can find out more about this here.

If you are a Facebook user and you are concerned that your data has been breached contact us today. Likewise, if you want to be kept up to date on this case, get in touch. We’ll let you know if and when you can claim.

In the UK, the ICO and parliamentary investigations into this breach are still ongoing. But we will update you as soon as we have any news and can progress your data breach compensation claim.

In the meantime, you can keep an eye on our website to be kept up-to-date with the latest Facebook data breach news as it happens.

 

REGISTER HERE 

data breach solicitors
, ,

Expedia data breach – have your bank details been exposed?

As news reports everywhere discussed the ins and outs of the Facebook/Cambridge Analytica scandal, another data breach was uncovered last month. But, because the details aren’t as juicy as those in the Facebook case, it didn’t quite get as much coverage. So you might not have heard about it.

But, for victims of the Expedia data hack – which may have revealed the information on thousands of payment cards – the consequences could be even worse. So, what exactly happened, and can you make a data protection act compensation claim if your details are at risk?

Expedia data breach – what happened?

In March, travel fare aggregator Orbitz revealed that between January 2016 and December 2017, hackers gained access to users’ personal information. This included names, phone numbers, emails and billing addresses. Orbitz, which is owned by Expedia, offers booking options and deals on flights, accommodation and holiday activities.

The hack, which is believed to have accessed 80,000 accounts wasn’t discovered until March 2018, which left plenty of time for cybercriminals to put this information to illegal use.

A statement by Orbitz said: “To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information.”

However, that data that has been accessed is extremely personal and could cause serious damage and distress for victims.

Should you be worried?

The information accessed in the Expedia data hack is enough to leave victims open to fraud. So, if you have been affected, you are right to worry about what could happen if this data gets into the wrong hands. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that your data has been used by criminals following a data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Don’t be fobbed off!

To help protect users, Orbitz has said those affected can access a year of free credit monitoring and identity protection services. But, given the amount of time that has lapsed between the breach and its discovery, this could be too little too late.

Also, while we do recommend using these types of services – particularly following a data breach – you should make sure that by agreeing to any free offers, you are not inadvertently signing away you rights to make a data protection act compensation claim.

Can you make a data protection act compensation claim?

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. You can claim against a wide range of private organisations and businesses already fined by the Information Commissioner’s Office (ICO).

As such, if you want to hold Expedia to account we recommend that you inform the ICO about your concerns ASAP.

You can do this here.


However, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation, So, you should also contact us to claim data protection act compensation.

Start your data protection act compensation claim
At Hayes Connor Solicitors, we make sure you receive the maximum compensation possible in the shortest possible time for any financial, medical harm, anguish and anxiety caused by a data breach. We will also let you know when your claim for data protection act compensation can be made and advise you on what to do while waiting for the investigation’s findings.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.

VISIT OUR SECURE DATA BREACH FORM

,

MyFitnessPal data breach – know your rights Step-by-step guide to claiming data protection act compensation

Last week it was revealed that MyFitnessPal was breached. Affecting 150 million users, the scale of the breach makes it one of the largest data hacks in history.

What data has been stolen?

The data stolen includes usernames, email addresses and scrambled passwords for both the MyFitnessPal app and the website.

An email from MyFitnessPal to affected users said that on March 25, 2018, Under Armour – the maker of the app – became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts. Once informed, Under Armour said that it “quickly took steps to determine the nature and scope of the issue”. It also said that it is working with leading data security firms to assist in its investigation; and that it has notified and is coordinating with law enforcement authorities.

Users have also been given advice on how they can protect their data. However, this could be too little too late.

What can criminals do with this stolen data?

With enough information, cyber criminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And, while in this case bank details and home addresses were not put at risk, there is a lot of information that can be collected from an email account.

Signs that your data has been stolen include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions or suspicious activity on your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

To protect yourself from cyber criminals, make sure you follow the advice provided by MyFitnessPal. In particular, change your password and avoiding clicking on links or downloading attachments from suspicious emails.  

Step-by-step guide to data protection act compensation

If you have had your data stolen, it is also essential that you know your rights.

  1. If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation
  2. You can make a claim against a wide range of private organisations and businesses already fined by the Information Commissioner’s Office (ICO)
  3. The Information Commissioner’s Office (ICO) is an independent authority, set up to uphold information rights in the public interest, and to promote openness by public bodies and data privacy for individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties
  4. At Hayes Connor Solicitors, we can help you to claim data protection act compensation. We make sure you receive the maximum compensation possible in the shortest possible time
  5. To claim compensation, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm, as well as anguish and anxiety. In many cases, a violation will not cause damage but will cause distress. This could be especially true in this case should personal fitness and health data be exposed
  6. Until recently, a person who suffered damage might have had their compensation increased to take into account any associated distress, but in most cases compensation would not have been awarded for distress alone. However, a recent ruling has paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

It is vital to hold large companies to account to ensure better data protection processes are put in place. So, if you have been affected by the MyFitnessPal breach we recommend that you inform the Information Commissioner’s Office (ICO) about your concerns ASAP.

In addition, if you are a MyFitnessPal user and are worried that your data has been accessed and exploited, you should get in touch with Hayes Connor Solicitors. We will let you know when your claim for data protection act compensation can be made and help you get the redress you deserve. We will also be able to advise you on what to do while waiting for the investigation’s findings.

VISIT OUR SECURE DATA BREACH FORM