data breach
, ,

Should you hold British Airways responsible for its data breach?

At Hayes Connor Solicitors, we’re helping victims of the British Airways data breach to claim compensation after their personal information was put at risk by the airline.

However, in our work we often hear people talking about how companies like British Airways (BA) should not have to pay for the acts of unscrupulous hackers. And it’s true that cybercriminals are becoming increasingly sophisticated. But this doesn’t let negligent organisations off the hook.

The truth is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. We believe that this was the case at BA.

As such, claiming compensation isn’t just in your best interests. The only way big organisations will be persuaded to take their data privacy responsibilities seriously and make improvements is by hurting their bottom line.

Brand loyalty is all well and good, but it’s vital that we don’t put the needs of big companies above the rights of their customers.

Crucially, if BA had done everything in its power to protect its customers’ data, and had robust security processes in place, it is unlikely that a claim for compensation would be successful. This is why we usually wait for the results of an investigation by the Information Commissioner’s Office (ICO) before starting a group action.

So, was BA responsible for the data breach? Let’s look at the facts.

  1. British Airways didn’t spot the data breach for two weeks

In September last year, it was revealed that almost 400,000 BA customers had their bank card details stolen in one of the most severe cyber-attacks in UK history.

Worryingly, the hack went undetected for two weeks before BA told its customers about the breach and reported the incident to the police. BA has admitted that the hackers spent more than a fortnight accessing data online and we believe that this is a significant failure by BA – one that increases the risk to passengers substantially.

With 12 days between the BA data breach occurring and the incident being detected, questions have been asked as to whether poor systems made this cyber-attack worse.

  1. British Airways uncovered a second data breach when investigating the first

To make matters worse, when investigating this case, a second data breach was also spotted at the airline.

In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.

  1. Hackers could already have made millions from the British Airways data hack

Russian hackers may have made millions selling credit card details stolen from BA customers. Research has found that stolen data was put up for sale on the dark web about a week after the BA breach. Hackers were charging between £7 and £40 (approximately) for each card’s worth of information.

BA says it has not received reports of fraud resulting from the attack on its own systems.

  1. The British Airways hack might have been caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent BA data breach. The group has been very active over the past three years. It is also thought to be behind the Ticketmaster data hack.

A report by RiskIQ states that clues link the same operation to the BA breach. The company said the code found on the BA site was very similar. However, the code was modified to suit the way the airline’s website had been designed. Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”. So the hack could have been very easily prevented.

Worryingly, in the Ticketmaster data breach case:

  • 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards, and
  • 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

What’s more, it is becoming increasingly clear that the impact and losses people sustain following a data breach are not always immediately apparent. Indeed, in the Ticketmaster data breach, we are starting to see cases where the impact occurred months later. This is often because data stolen is used in batches over time.

So, as yet it’s impossible to say how many people have been impacted by the BA data breach, and to what extent.

  1. British Airways has been accused of not taking its responsibilities seriously following the data breach

Following the BA data breach, the airline said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

In response, customers took to the media to share their fury at the airline’s handling of the privacy violation.

According to an article in The Metro, one BA customer said “They talk about compensation to be discussed on a case-by-case basis. To me, this seems incredibly unprofessional.”

He added: “They are trying to not take full responsibility for it”.

The same customer is reported to have suffered fraudulent activity on his credit card, which he used to book a BA flight during the time the data was at risk.

Some customers have complained that they have not been contacted by BA about the data breach, despite having seen fraudulent activity on their payment cards. Others have complained about BA advising customers to go to their bank for advice, rather than issuing its own instructions to help travellers stay protected.

One BA customer told the BBC: “I have six cards linked to my BA account. I have no idea how much of my data information has been stolen. I will have to go to each of my credit card providers, cancel the cards, and all the direct debits, etc., related to those cards. This will take a long time, something I have to do with no help from BA”.

Make a British Airways compensation claim with Hayes Connor Solicitors

At Hayes Connor, we want to reduce the number of data violations taking place across the UK.

To do this, we are helping to raise awareness of data breaches and cybercrime, and educating people and businesses to prevent similar infringements from happening. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

But, where a breach has already occurred, it’s vital that you can recover your losses. We could be talking about one of the most severe data breach cases to hit the UK, so it’s critical that people can get the help they need.

To join our British Airways data breach group action compensation claim, you will need to register with us. We’ll let you know what is happening in this case and if and when you can make a BA data breach compensation claim.

 REGISTER NOW

data breach
, ,

Ticketmaster data breach: don’t leave it too late to claim compensation

Last year, Ticketmaster admitted that thousands of UK customers had their personal and financial details stolen as part of a huge data breach.

Over the last few months we’ve talked to hundreds of people who have been affected by this shocking privacy breach, and our compensation claim on behalf of 650 claimants is now ready to proceed.

If you want to be included in our NO WIN, NO FEE claim, it’s vital that you act now.

 The clock is ticking!

Last week we sent our claim to Ticketmaster’s solicitors and they have 28 days to respond. At the end of this period, depending on how many people have joined our action, we may not be able to take on any more claimants.

We believe that we are the only UK legal firm currently launching a multi-party action against Ticketmaster. So, if you want to secure compensation for the impact the data breach has had on you, don’t leave it too late.

GET IN TOUCH TODAY. 

 Why join our multi-party action?

 A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

But it is becoming increasingly clear that the impact and costs people sustain following a data breach are not always immediately obvious.

We are seeing cases where the losses incurred as a direct result of the Ticketmaster data breach are only starting to become clear. This is because data stolen is often used in batches over time.

Nine months after the Ticketmaster data breach, we have discovered that:

  • 63% of all our clients have suffered multiple fraudulent transactions on their payment cards
  • 31% of all clients involved in this case suffered from distress and/or psychological trauma.

What is a multi-party action?

Multi party actions give our clients more power against big businesses. This is because a group of people who have suffered the same or similar injuries due to the negligence of the same defendant (in this case Ticketmaster) join together to claim for compensation. In short, it gives us strength in numbers.

 Don’t wait and don’t miss out

If you have been affected by the Ticketmaster data breach, either financially or emotionally, we can help!

Simply register with us and we’ll talk you through the next steps.

Making a claim is simple and doing so sends a message to organisations everywhere that they must do more to protect their customers from identity and financial theft, and emotional distress.

REGISTER NOW

 

notjusthackers
, ,

Is someone applying for credit in your name?

Earlier this week, an interview on the BBC’s Money Box programme revealed that companies you have never heard of could be searching your details on credit rating sites without your knowledge. This could mean that your details have been hacked and that scammers are using your information to apply for loans and carry out identity theft.

You can listen to the interview here (go to 17:53).

In the programme, a Money Box listener explained how he had signed up for alerts on his account following the massive data breach at Equifax in 2017. He did this to keep on top of his credit score.

Credit search alerts

The alerts are available as part of a paid for subscription service and, in October last year, he was notified about two searches on his credit reference data by insurance companies. However, the man had not applied for insurance, either directly or through a comparison website.

He then queried the searches with Equifax, asking how they could help him, but was not given a satisfactory answer.

This is very worrying. If someone does manage to steal your identity they could open bank accounts, obtain credit cards, take out loans or mobile phone contracts, buy things and even apply for a passport in your name. Ultimately this could lead to your finances, credit rating and reputation being harmed.

What can Equifax do?

Very little it would seem. In fact, when asked by Money Box what could be done in such a situation, Head of Customer Experience at Equifax, Lisa Hardstaff, said that it was up to the customer to talk to the companies doing the searches themselves, rather than to Equifax to sort it out.

What can you do to protect yourself?

Worryingly, this is not the first time we have heard of this happening. It is not unusual for an individual who has had their data stolen to find that someone goes on to apply for various finance such as bank accounts, credit cards, mobile phones and online shopping accounts in their name.

Even worse, in some cases when an individual tries to check their credit record following suspected fraud they may find that they are unable to because the scammer has already opened an account in their name.

In response to this issue, we would strongly recommend that you check your credit record to see if there are any searches that you don’t recognise.

Other ways to check if someone has stolen your identity include:

  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Making sure you read your credit card statements and other letters that come from your bank.

If your identity has been stolen, you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

The impact of identity theft

The real-life impact of identity theft can be devastating. It can have a significant effect on you mentally and physically. For some people, the results can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, family and job. So it’s vital that you do everything you can to protect yourself.

At Hayes Connor, we are currently investigating a spike in identity theft following the Equifax data breach. If you have been affected by this breach and are worried that your data could be used against you, please let us know. We will thoroughly assess the impact the violation has had on you and help you to claim the compensation you deserve.

LET US KNOW HOW THE EQUIFAX DATA BREACH HAS AFFECTED YOU.

Alternatively, if you are worried that your data is being used to commit identity fraud following another data breach, you can let us know here.

breach compensation
, ,

Making a compensation claim helps to address the real-life impact of data breaches

At Hayes Connor Solicitors, we help our clients to make compensation claims after their data has been put at risk by the organisations they trust to look after it.

In some cases, these data breaches are massive news stories following hacks against the likes of Ticketmaster, Equifax and British Airways. But, every day, we also help people come to terms with smaller data breaches that have a severe and often lasting impact on them.

But, although we believe that these organisations must be held to account for their failure to protect our personal information, all too often people who make a data breach claim are accused of “trying to get something for nothing”. So let’s set the record straight.

The impact of cybercrime can be devastating

Cybercrime can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Following last year’s Ticketmaster data breach, 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards.

Worryingly, getting your money back following a scam is not always easy. For example, in a recent example of takeover fraud, a customer of the Royal Bank of Scotland (RBS) had more than £4,300 stolen from her account despite the fraudulent caller answering one of her security questions incorrectly. Despite the failure in their processes, the bank maintained that the customer was aware of the transaction and refused to refund her. Find out more about this case.

Claiming for distress isn’t an overreaction

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.”

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So why should you feel any less upset at having your online data taken?

Following last year’s Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Being the victim of a crime can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Even smaller data breach cases can have a huge impact. For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish. Crucially, the law agrees and recognises the amount of damage that can be caused by having your information stolen.

Holding organisations to account could be the only way to ensure they take your security seriously

The sheer scale of the information we share with organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So it’s no surprise that we are worried about what could happen if this data gets into the wrong hands. As such, something has to be done to make companies accountable for any harm done.

Cybercriminals are becoming more and more sophisticated. But this doesn’t let these organisations off the hook. If they have done everything in their power to protect your data and have robust security processes and procedures in place, it is unlikely that a claim would be successful. In fact, this is why we usually wait for the results of an investigation by the ICO before starting a claim.

But the reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

The real-life impact of data breaches

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

ticketmaster
, ,

The real-life impact of a large data breach

At Hayes Connor Solicitors, we’re helping victims of the Ticketmaster data breach to claim compensation after their data was put at risk.

But, some nine months after the breach, what are the real-life effects of the Ticketmaster data hack?

63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards.

Cybercrime can result in both financial and/or identity theft. And, in this case the majority of our clients have gone on to suffer fraudulent activity.

What can you do to protect yourself from fraud?

With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And, getting your money back is not always easy.

Here are a few steps to help protect your cards from being used by hackers:

  • If you are worried that your banking details have been exposed, contact your bank immediately and ask them to keep a close eye on your account
  • Request a new card from your bank
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • Never automatically save your card details online.

31% of all clients involved in this case suffered from distress and/or psychological trauma.

Following the Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Being the victim of a crime can have a significant impact on a person mentally and physically. Everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect their friends, family and job.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish. Crucially, the law agrees and recognises the amount of damage that can be caused by having your information stolen.

Make a Ticketmaster compensation claim with Hayes Connor Solicitors

At Hayes Connor Solicitors, we are investigating the options available for customers of the Ticketmaster group.

As Ticketmaster has already admitted the breach and informed customers, those affected should already know if their data has been put at risk.

To ensure that you are fully informed on this matter complete your details and we will notify you about the investigation and your legal rights when making a claim.

REGISTER YOUR DETAILS TODAY.

BA data breach
, ,

What’s happening in the British Airways data breach group action?

Last year, almost 400,000 British Airways customers had their bank card details stolen in one of the most severe cyber-attacks in UK history. In response, our expert data breach solicitors are preparing to launch a British Airways data breach group action once the relevant investigations are complete.

What happened in this case?

British Airways has apologised after admitting that its customers’ details were stolen over a period of 15 days in a massive data breach. The attack put the personal and financial information of customers making bookings at risk. In total, about 380,000 transactions were affected.

We could be talking about one of the most serious data breach cases to hit the UK, so we quickly began to receive enquiries from concerned passengers.

Where are we up to?

We are currently preparing to launch a British Airways data breach group action. A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of success.

We have also sent a ‘Letter of Claim’ to BA and their solicitors. This shows them that we are serious about pursuing potential litigation on behalf of our clients.

We have also met with other solicitors who are also pursuing claims against BA for the data breach. We believe that a joined-up approach with these solicitors will allow us to proceed on a similar footing with the other claimants, and maximise our chances of success.

Why claim against a victim of a cyber-attack?

It’s true that cybercriminals carried out a “sophisticated, malicious criminal attack” on the British Airways website.

But this doesn’t let BA off the hook. These hackers spent more than two weeks accessing data online before the hack was spotted and reported. This increases the risk substantially. So it’s unlikely that

BA did everything in its power to protect your data or had secure security processes and procedures in place.

The reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

What should you do if you are worried?

For anyone worried that their data has been exposed by British Airways, you should:

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. British Airways should be able to advise you on this
  2. Contact your bank. If any financial information has been stolen, contact your bank or credit card provider immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  3. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  4. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present, the ICO is investigating the British Airways data breach. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

bank details
, ,

Banks issue new cards after Ticketmaster data breach

Nine months after the Ticketmaster data breach, two high street banks are sending out replacement credit and debit cards for customers who might have been put at risk.

The Royal Bank of Scotland (RBS) and NatWest have written to some customers informing them that they will be issued with replacement cards following last year’s Ticketmaster breach.

The letters state that replacement cards are being sent to anyone who used their card at Ticketmaster, while noting that this is a precautionary measure and that in some cases there is no indication that their information has been accessed.

What happened in the Ticketmaster data breach?

The hack hit around 40,000 people in the UK and compromised personal and financial information including customer names, addresses, email addresses, phone numbers, payment details and account login details. Some customers have already had their cards used by cybercriminals.

Find out more about the Ticketmaster data breach.

However, some customers of NatWest and RBS have taken to social media to complain about the way the incident has been handled.

Concerns include:

  • That this is the first time some customers have heard of the breach
  • Customers being unsure whether the letters are genuine
  • The length of time it has taken the banks to address this issue (banking start-up Monzo requested replacement Mastercards for all affected customers in April 2018).

How to protect your bank details from hackers

Following the Ticketmaster data breach, here are a few steps to help protect your cards from being used by hackers:

  • If you are worried that your banking details have been exposed, contact your bank immediately and ask them to keep a close eye on your account
  • Request a new card from your bank
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • Never automatically save your card details online.

Lessons learned

Obviously, RBS and NatWest are in no way responsible for the Ticketmaster data breach. But as such hacks become increasingly common, how banks react to protect their customers following such violations has never been more important.

Since the start of the Ticketmaster breach we’ve advised clients to request new cards from their bank. But it cannot just be left to victims of data theft to protect themselves. At Hayes Connor, we would argue that a speedier response is now needed and that this is something all credit and debit cards providers must address.

Make a Ticketmaster compensation claim with Hayes Connor Solicitors

At Hayes Connor we are already representing people who have been put at risk due to the Ticketmaster data hack.

IF YOU WISH TO BE A PART OF THIS CLAIM THEN REGISTER YOUR DETAILS TODAY.

,

500 million Starwood guests at risk following the Marriott data breach

Customers of Starwood Hotels & Resorts are at risk of identity and financial fraud following a massive data breach. Starwood’s hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton.

See the whole list of hotel and timeshare brands hit by the data breach here.

Marriott International purchased Starwood Hotel & Resorts for $13.6 billion in 2016, creating the largest hotel chain in the world. Marriott-branded hotels use a different reservation system and this has not been affected by the data breach.

What happened in the Starwood data breach?

The hotel chain has admitted that an unauthorised party had compromised its guest reservation database.

Worse, it appears that the hackers have had access to the network since 2014 and that they have accessed, copied and removed the private data of around 500 million customers. This information includes a combination of

  • names
  • addresses
  • phone numbers
  • email addresses
  • passport numbers
  • account information
  • dates of birth
  • gender
  • arrival and departure information
  • credit card/bank card details.

While the hotel chain used an encrypted credit card system, it has admitted that the hackers could have stolen the encryption keys needed to decrypt this financial data.

What should you do if you are affected?

The Marriott group has said that it will contact all affected customers whose email addresses were in the Starwood reservation database. If you have been a customer of any of the affected hotels or timeshare properties between 2014 and 10 September 2018 and you haven’t received an email make sure that you check your junk mail folder.

There is also a free helpline. For UK customers the number is 0808 189 1065.

The Information Commissioner’s Office (ICO) is also looking into this matter. The ICO is the independent authority charged with upholding data protection rights in the UK. In a statement it has said: “We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.”

Will Starwood offer compensation?

To date, no monetary reparation has been offered. However, this is one of the most serious data breaches of its kind. The theft of personal and financial information could lead to identity and financial fraud which has the potential to cause huge harm. So, if you are a Starwood Hotels & Resorts customer and you have suffered financial loss or distress because of the data breach you could be entitled to compensation.

Two US-based law firms have already filed class action lawsuits against Marriott International, and at Hayes Connor Solicitors we are now considering launching a group action to compensate UK victims of the Marriott data breach.

What are we seeing?

The Starwood Hotels & Resorts is a huge data breach. Not only because it affects millions of people, but also because the hackers have had access to this information since 2014.

Although the Marriott is headquartered in the US, it still has to comply with the EU’s rules when dealing with citizens here. And, at Hayes Connor we have already received an influx of queries from people across the UK who are worried that they have been put at risk.

The good news is that the data regulator is investigating the case and Marriott International could be hit be a huge fine under the GDPR (the latest data protection regulations). However, this is of little help to consumers.

What should you do now?

Marriott is still working with cybersecurity experts to determine the scope of the breach. However, it is vital that you do everything you can to protect yourself. This includes:

  • Contacting your bank/credit card provider immediately if you are worried that your financial details have been exposed
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • If compensation is offered, do not be not fobbed off by a low amount. The effects of a data breach can be severe and long-lasting, so it’s vital that you get the justice you deserve.

Committed to helping victims of data breaches and cybercrime we can take on your claim on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

If you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here. 

TAKE ACTION NOW!

hayes connor solicitors
,

2018 data hacks. What do you need to know?

Over the last 12 months, cyber-attacks and data breaches have rarely been out of the headlines. And, this is causing more and more of us to worry about what might happen if hackers manage to access our accounts and steal our valuable data.

The truth is, in a digital age, almost everything we do online needs a degree of trust. From buying a holiday to sharing on Facebook or checking our credit rating. But, all too often, the companies we are putting our faith in are letting us down. And, all too often we don’t know we are being hacked until it is too late.

Here are some of the most significant data leaks our expert data protection lawyers have been dealing with this year.

Ticketmaster

In June 2018, Ticketmaster UK identified malicious software on a customer support product hosted by an external third-party supplier.

Following the breach, Ticketmaster admitted that thousands of UK customer data had been accessed. This included a number of customers’ personal and financial details.

Find out more about the Ticketmaster data breach.

Equifax

The Equifax data breach might have started in 2017, but throughout 2018 we continued to be contacted by people worried that their data had been breached.

The second largest credit reference agency in the UK, Equifax is used by a wide range of companies. So, even people who were not Equifax customers discovered that the company held a wealth of information about them. Information which lenders use to assess whether to give credit cards, loans, mortgages etc.

As a result, up to 15 million British consumers were at risk of having their personal details stolen.

An ICO investigation, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency. And, as a result, Equifax has now been fined £500,000.

Find out more about the Equifax data breach.

British Airways

Initially, it was revealed that almost 400,000 British Airways customers had had their personal and bank/credit card details stolen in what was reported to be one of the most severe cyber-attacks in UK history.

Worryingly, it took over two weeks before the data breach was detected by the airline. In response, questions were asked as to whether poor systems have made this cyber-attack worse.

When investigating this case, a second data breach was also uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen.

Find out more about the BA data breach

Dixons Carphone

The Dixons (Carphone Warehouse) data breach took place in 2017 and resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. The hackers also got access to the records of 5.9 million payments cards (nearly all of which were protected by chip and pin).

Again, while this case took place in 2017, the ramifications have continued into this year.

Find out more about the Dixons Carphone data breach

Facebook

Earlier this year, a whistle-blower revealed how Facebook data was illegally harvested and used to influence the US Presidential election. The violation occurred after Cambridge Analytica targeted users with political messaging after obtaining data from the social media platform. Questions were raised over whether this data was also used to influence the outcome of the Brexit referendum.

To make matters worse for the social media giant, in addition to the Cambridge Analytica scandal, the platform was also hacked in September. In this instance, hackers stole digital login codes in what has been described as Facebook’s worst ever security breach.

Steps to follow after a data breach

With people everywhere now facing the threat of more regular security breaches, it’s vital that you know what to do should you become a victim of online data theft.

  • If you are worried that your banking details have been exposed, contact your bank immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phasing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.
  • If you are offered any form of compensation or free services from the organisation that put your data at risk it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  • If you decide you want to make a data breach claim, read our handy step-by-step guide. If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation
  • Inform the Information Commissioner’s Office (ICO) about your concerns. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  • Contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.
data breach solicitors
,

What you need to do following the Marriott data breach

The Marriott data hack is already being called one of the most serious data breaches of its kind. So much so that two US-based law firms have already filed class action lawsuits against Marriott International.

But if you are a UK customer worried about how the hack will affect you, what should you do to protect yourself?

What happened in the Marriott data breach?

On September 8, 2018, Marriott became aware that hackers had managed to access its Starwood guest reservation database. However, when investigating the breach it was uncovered that cybercriminals had enjoyed access to this database since 2014.

During this time the hackers accessed, copied and removed the private data of around 500 million customers.

Marriott is still working with cybersecurity experts to determine the scope of the breach.

What data has been put at risk due to the Marriott data breach?

Marriott has admitted that the stolen information includes names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, guest account information, reservation dates, and more.

Worse, Marriott has said that it has not been able to rule out that credit card information has also been exposed. And, while Marriott used an encrypted credit card system, it admits that the hackers could have stolen the encryption keys needed to decrypt this financial data.

Security experts have widely criticised Marriott for its “lacklustre” response following the data breach. For example, while the company has sent out millions of emails warning of the massive data breach, the email sender’s domain “email-marriott.com” doesn’t load, and doesn’t look like it comes from Marriott (it also has no identifying HTTPS certificate). So there is no easy way to check that the domain is real.

Should you be worried?

If you are a Marriott customer who has made a reservation at one of the affected hotels between 2014 and September 2018, then unfortunately yes.

Customers who have been affected should soon know if their data has been put at risk (if you haven’t been told already). If you are a Marriott International customer and you haven’t received an email make sure that you check your junk mail folder.

If you haven’t received an email but are still worried you should call the dedicated call centre Marriott has established to answer questions you may have about this incident. You can find out more about this here.

The theft of personal and financial information could lead to identity and financial fraud which has the potential to turn a person’s life upside down. And, as we don’t yet know what has been done with this data, or who has managed to get their hands on it, it is vital that you do everything you can to protect yourself.

What can you do to protect yourself?

Those affected by the Marriott data breach should do the following as soon as possible:

  • Inform the Information Commissioner’s Office (ICO)about your concerns. The ICO is the independent authority charged with upholding data protection rights in the UK. The ICO is currently making enquiries into the data breach. While it does not award compensation, if the ICO believes that Marriott International was negligent when looking after your data you can use this information in court to help prove your claim
  • Read our handy step-by-step guide to making a data breach claim
  • If you are worried that your banking details have been exposed, contact your bank immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • If you are offered any form of compensation or free services it’s important to check the small print. For example, it is thought that Marriott is offering a free subscription to the Webwatcher service to monitor for evidence of customers’ details being used online. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date.

Can you claim compensation following the Marriott data breach?

If you are a Marriott International customer and you have suffered financial loss or distress because of the data breach you could be entitled to compensation. Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

To date, Marriott has offered no monetary reparation. This is despite calls in the US for Marriott International to cover the cost of replacing passports for consumers impacted by the breach. However, even if compensation is offered, it’s vital that you are not fobbed off by a low amount.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate UK victims of the Marriott data breach. We can take on your claim on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

If you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here. 

TAKE ACTION NOW!