mermaids data breach
,

Have you been affected by the Mermaids data breach?

Mermaids UK, a charity that supports transgender children and young people, has experienced a severe data breach. Mermaids is the UK’s leading charity when it comes to offering support around gender and identity to those under 20. According to an article in the Sunday Times, the Mermaids data breach has exposed thousands of private emails between the charity and parents and made them public online.

What has happened in the Mermaids data breach?

The privacy violation exposed emails between 2016 and 2017. According to the Times: “More than 1,000 pages of Mermaids’ confidential emails, including anguished messages from parents about their children’s suffering, were uploaded for anyone to view. The correspondence includes names, addresses and telephone numbers.”

However, Mermaids claims that the 1,100 emails were between executives and trustees of the charity, discussing matters relating to their work. And that they were only searchable “if certain precise search-terms were used”.

The charity has said that it is “deeply sorry” for this “historical data breach”. And, after being warned of the leak last week, the charity removed the content from public view. It also reported the breach to the Information Commissioner’s Office (the data protection watchdog) and the Charity Commission.

Read the Mermaids data breach response in full.

Is the Mermaids data breach worse than the charity claims?

According to the Sunday Times, the emails contained “intimate details of the vulnerable youngsters it seeks to help”. It reports that these emails could be found merely by entering the charity name and its charity number into a search engine.

Mermaids has denied this and argues that there is “no evidence” that the information had been accessed by anyone other than the Sunday Times, or those contacted by their journalist.

A spokesperson for the charity said: “To be clear this is absolutely not Mermaids service users emailing each other, and their emails and private correspondence being available to an outside audience”.

An independent investigation into the Mermaids data breach will now take place.

How worried should you be about the Mermaids data breach?

Commenting on the data breach, a spokesperson from Mermaids said: “At the time of 2016-2017, Mermaids was a smaller but growing organisation.  Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur”.

However, regardless of the size of the charity at the time, people using its services had the right to expect that their data was being looked after. So this doesn’t help those vulnerable individuals whose personal and potentially intimate details have been exposed.

Also, it seems like the charity is hoping that it can get away with just apologising and promising that it won’t happen again. But such a noticeable absence of care over the very real impact of a data breach should not be tolerated or accepted.

Every day we see what happens when the personal information of people across the UK falls into the wrong hands. And the consequences can be damaging and long-lasting.

Making a charity data breach claim

Many people are passionate about the charities and causes they care about. But, while you might support their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data.

Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often charities and organisations are insured against data breaches, so you don’t have to worry about the impact of the good work you support.

Have you been affected by the Mermaids data breach?

Mermaids has said that it has contacted those affected by the breach. If you have been told that your data has been put at risk, you may be able to make a no-win, no-fee Mermaids data breach compensation claim.

You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

If you are worried that Mermaids UK has put your data at risk, find out more about making a data breach compensation claim. Or contact us today for a free initial assessment.

data breach solicitors
,

Worried about the latest Talk Talk data breach revelations? Here’s what you should do

BBC Watchdog Live has revealed that TalkTalk failed to inform 4,545 customers that their personal information was stolen as part of a 2015 data breach. This includes their bank account info. These customers may now have a data breach compensation claim.

To make matters worse, researchers for the programme have discovered the following info online after a simple Google search: full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers, bank details.

It is thought that this information could have been accessible online since the breach.

If you are concerned that your data has been exposed by Talk Talk, we would advise you to:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • Contact your bank and/or credit card providers immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phasing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords
  • If you are offered any form of compensation or free services from Talk Talk, check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a data breach compensation claim at a later date.

The ICO has fined TalkTalk but you can still make a data breach compensation claim

The ICO has already fined £400,000 for the 2015 data breach. But it doesn’t look like this matter is over. Especially as 4,545 customers may have received the wrong notification regarding this incident. If you are one of those customers you may be able to make a data breach compensation claim.

Making a data breach compensation claim against Talk Talk

If you want to make a data breach compensation claim, our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim against Talk Talk. We will also be pleased to answer any questions you might have.

Crucially, it doesn’t matter if you haven’t lost out financially because of the data breach. Watchdog says that it has spoken to many people who were affected by the TalkTalk data breach. Many, have been subject to “frequent scam calls, and in some cases attempted fraud and identity theft, impacting their credit rating”. To claim compensation, you must be able to prove that you suffered as a result of the breach. This includes financial harm, as well as anguish and anxiety.

Make a no-win, no-fee data breach compensation claim with Hayes Connor Solicitors

At Hayes Connor Solicitors, our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about any investigation, and your legal rights when making a claim.

SIGN UP

CYBERCRIME
,

Banks try to limit their liability for push payment compensation

Push payment scams happen when cybercriminals trick someone into sending them money by pretending to be someone else. Some victims have been conned into transferring hundreds of thousands of pounds to criminals. In the first half of 2018 alone, such scams saw £145 million stolen by cybercriminals. And, until now, there was little victims could do to secure push payment compensation.

Find out more about push payment fraud.

In response, the industry is looking at a new compensation scheme.

But, responding to a consultation on the introduction of a new code – which could force banks to pay millions of pounds in compensation each year – it seems like the banks are trying to limit their liability for push payment compensation.

  • Santander has proposed that victims whose losses are not considered to be “life-changing” should receive nothing. The bank argues that “smaller” payments of a few hundred pounds should not be eligible for compensation
  • Lloyds has proposed that customers should pay an extra levy every time they make a significant bank transfer to help fund the compensation scheme
  • Barclays has warned that to limit its liabilities for push payment compensation it might need to slow down and block payments for genuine customers
  • Nationwide has suggested that customers it identifies as vulnerable may be barred from some banking services as they present too much of a risk of getting scammed.

What would the new code do?

Under the new scheme, banks would agree to compensate fraud victims for losses if it can be proved that they failed to protect them. Historically, banks have avoided paying push payment scam compensation to victims unless there was a fault in their processes. This is because the customers authorised the fraudulent payments.

However, some banks have already signed up to a new push payment scam compensation fund which has been introduced as an interim measure until a permanent solution can be agreed.

What can you do if you are the victim of push payment fraud?

If you have been the victim of an attempted push payment scam, you should contact Action Fraud. However, if you have lost money as a result of the scam, you must also report it as a crime. You should also notify your bank ASAP.

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a push payment scam, find out how we can help you to recover any losses.  Or contact us to discuss your case in more depth. We can help you to claim compensation and steer you through the aftermath of a bank or credit card scam. Ultimately we minimise the impact on you as much as possible.

We can also help you if you became the victim of a bank scam as a direct result of a data breach.

data breach
,

ICO fines London council for Police Gangs Matrix data breach

The Information Commissioner’s Office (ICO), has fined the London Borough of Newham £145,000 after a breach disclosed the personal information of more than 200 people who featured on the controversial Gangs Matrix.

This case was considered under previous data protection legislation. If it had been brought under the General Data Protection Regulation and updated Data Protection Act, the fine could have been much higher.

What happened in the Police Gangs Matrix data breach?

The Gangs Matrix was set up following the 2011 London riots. It contains the names and personal details of thousands of people. According to the Met, these individuals either pose a risk of committing gang violence, or of becoming victims.

In January 2017, a council employee sent an email to over 40 recipients that contained an unredacted version of the Gangs Matrix. This data included dates of birth, home addresses, and information on whether they were a prolific firearms offender or knife carrier, as well as their alleged associated gang.

The recipients of the email included partner organisations that work together to respond to gang-related crime. And, between May and September 2017, rival gang members managed to obtain photographs of this information via the social media platform Snapchat.

What was the impact of the Police Gangs Matrix data breach?

During 2017, the Borough went on to experience incidents of serious gang violence, and the victims included people whose data had been violated.

And, while there is no concrete evidence that the data breach and the violence is connected, the ICO does recognise that significant harm and distress can be caused when this type of sensitive personal information is not kept secure.

The ICO has established several failures by Newham Council

Following its investigation, the ICO has found that Newham Council had no specific sharing agreements, policy or guidance in place to regulate how its staff and partner organisations securely handled and used the Gangs Matrix.

To make matters worse, Newham Council did not report the data breach to the ICO. And, while it did conduct an internal investigation, this did not take place until many months after the breach was discovered.

Speaking about the data breach, the deputy commissioner of the ICO said:  “Our investigation concluded that it was unnecessary, unfair and excessive for Newham Council to have shared the unredacted database with a large number of people and organisations, when a redacted version was readily available. The risks associated with such a transfer of sensitive information should have been obvious.”

He added: “This is a reminder for organisations handling and sharing sensitive information to make sure they have suitable processes, training and governance in place to ensure they meet their accountability obligations.

“Data protection is not a barrier for information sharing but it needs to be compliant with the law. One of the ways in doing this is by conducting data protection assessments. We have a data sharing code which provides guidance on how to share data safely and proportionately, and we will soon be publishing an updated code.

“Ultimately, personal information must be processed lawfully, fairly, proportionately and securely, so the community can have confidence that their information is being used in an appropriate way.”

This is not the first time the Gangs Matrix has caused problems

In total, the Gangs Matrix holds details of around 3,500 people, some of who are as young as 12. It stores their full name, date of birth, home address, and information on whether someone is a firearms offender or a knife carrier. Also, each individual is allocated a green, amber or red rating indicating their apparent risk of violence.

Concerns have been raised that the matrix violates human rights. Not least because young black men and boys make up more than three-quarters of the list.  What’s more, the Guardian newspaper found that in one London borough, 40% of young people on the list had “zero” risk of causing harm.

In response, the ICO has undertaken a separate review of the database in which it found that a failure to adhere to data protection principles potentially caused “damage and distress” to the disproportionate number of black men on it. In response, the Metropolitan Police force was ordered to radically reform the matrix.

What can you do if you have suffered because of the Police Gangs Matrix data breach?

According to the ICO, problems with the Gangs Matrix go back to 2011 and created a plausible risk to this data. There is also real concern about the impact on its mainly black and ethnic minority data subjects (people on the database).

If you have suffered damage or distress caused by the Gangs Matrix you have a right to claim compensation. To find out how we can help you recover any losses, contact us to discuss your case in more depth.

 

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

data breach solicitors
, ,

Can you claim compensation for the Police Federation data breach?

Last month, the Police Federation of England and Wales (PFEW) admitted that it suffered a severe data breach across a number of its databases. This data privacy violation happened as a result of a ransomware cyber-attack. A criminal investigation has now been launched into the Police Federation cyber-attack.

What happened in the Police Federation data breach?

In a Twitter statement, posted on 21st March, the PFEW said: “We can confirm we have been subject to a malware attack on our computer systems. We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading.”

The statement also included a press release with more information about the attack. You can read this in full here.

However, people were soon pointing out that the PFEW took 12 days to inform its members about the attack. And the way some members found out was also questioned.

 

“So this happened on 9th March and it is only now the 21st March that you tell your paying members?? Absolutely disgraceful handling by the federation.”

@RonanDonohue1

“I’d rather my OH not be told via a press release, but direct contact from federation! Press releases are for the public not the potential victims”.

@lucycdoyle

“So if the attack was discovered on 9th March, why did it take 12 days to alert everyone? I assume you have reported your data breach to the information commissions office?”

@ RPUSC2

“Members are always last to find out. Why has it taken over 11 days to inform your members…”

@CopsAgainstXtr

 

What information was exposed in the PFEW data breach?

The names, email addresses, National Insurance numbers, ranks and serving forces of around 120,000 police officers may have been exposed. The breach affects officers at all levels up to the rank of chief inspector.

Also, any guests who stayed at the PFEW conference and hotel facilities in Leatherhead between 1 September 2018 and 9 March 2019 may also have had their financial details (credit card number and expiry date) put at risk.

In addition, the PFEW claims case management system has also been compromised. So any members who requested PFEW assistance for any investigation, inquiry or complaint could have had their name, address, National Insurance number, and bank details accessed.

However, the PFEW claims that there is no evidence at this stage that any data was extracted from PFEW’s systems, although this cannot be discounted.

Local Federation branches have not been affected.

How is the PFEW ransomware attack impacting police systems?

Ransomware is a type of malicious software. Typically cybercriminals use ransomware to threaten to publish the victim’s data, or to block access to it unless a ransom is paid. Ransomware attacks are becoming more widespread.

As a result of this ransomware attack, the PFEW has suffered severe disruption to services. Backup data was also deleted. Indeed, following the breach the PFEW has made the “difficult decision” to cancel its national conference in June. A statement on Twitter read:

“Experts in business recovery estimate it takes 4 – 6 months to recover from a cyber-attack and with annual conference due in 9 weeks it would not be possible to deliver this on time.”

Can you claim compensation for the Police Federation data breach?

The Information Commissioner’s Office (ICO) is aware of the situation. However, while it has the power to impose hefty fines on organisations who fail to meet their data protection requirements, the ICO does not award compensation.

But, should the ICO find that the PFEW did not meet its data protection requirements, you could have a claim for compensation.

Indeed, even if there is no immediate evidence that personal and sensitive data was successfully extracted from PFEW systems, that doesn’t mean that there will be no impact on those officers affected. In many data breach cases it can take months for the full implications and losses to become apparent. We have seen instances where the financial losses only start to occur three to six months later. This is often because data stolen is used in batches over time.

What’s more, simply knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. Experiencing a data breach can result in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. For police officers knowing that their personal information could be in the hands of criminals is bound to be even more distressing.

How to make a claim following the Police Federation data breach

At Hayes Connor Solicitors, we are experts in data breach cases. Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, we are now considering launching a no-win, no-fee group action to compensate victims of the Police Federation cyberattack.

Find out more about group actions.

 

By now those who have been affected should have been emailed. If you have received this email then you may be able to claim compensation once the matter has been investigated.

To ensure that you are fully informed and kept up-to-date, simply fill in our quick form and we will notify you about the investigation and your legal rights when making a claim.

REGISTER HERE

 

police data breach
,

How to protect yourself following the PFEW data breach

The Police Federation of England and Wales (PFEW) has admitted to a severe data breach across a number of its databases. As a result, the personal information of some 120k police offices has been held to ransom. The data breach affects officers at all levels up to the rank of chief inspector.

If you have been affected by the PFEW data breach, you should have received an email to let you know. Here are some tips to help you stay safe if you are worried about how this could impact you.

Understand the risk

To stay safe from cybercriminals, you need to be digitally aware. Here is a quick summary to let you know what happened in this case:

  • The attack impacted several PFEW databases. These include:
    • A database that holds the names, email addresses, NI numbers, ranks and serving forces of  120,000 police officers
    • A booking system for the PFEW conference and hotel facilities in Leatherhead. Any guests who stayed at the facilities between 1 September 2018 and 9 March 2019 may have had their personal and financial details put at risk
    • The PFEW claims case management system. Members who requested PFEW assistance for an investigation, inquiry or complaint could have had their name, address, National Insurance number, and bank details accessed
  • A ransomware attack caused the breach. Ransomware is a type of malicious software. Typically ransomware is used by cybercriminals to threaten to publish data, Or to block access to it unless a ransom is paid
  • There is no evidence that any data was extracted from PFEW’s systems. Although this cannot be discounted at this stage
  • Local Federation branches have not been affected.

Follow the advice given by the PFEW

The Federation has said that any officers concerned about fraud or lost data should contact Action Fraud. You can also get advice from the National Cyber Security Centre.

A PFEW helpline is also available on 0800 358 0714. Opening hours are Monday to Friday 8am to 6pm, and Saturday and Sunday 9am to 3pm.

The PFEW website has the latest information and FAQs regarding this breach.

Take steps to protect yourself

Those affected by the PFEW data breach should consider the following steps:

  • Informing the Information Commissioner’s Office (ICO) about your concerns
  • If you are concerned that your financial details have been compromised contact your bank/credit card provider immediately
  • Implementing a credit freeze until you are confident that your details are safe
  • Reporting the scam to the police
  • Contacting Action Fraud for advice on what to do next
  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Looking out for any bills or emails showing goods or services you haven’t ordered
  • Letting the credit reference agencies know of any activity that was not down to you
  • Registering with the Cifas protective registration service. This will slow down credit applications made in your name
  • Beware of fraudsters who attempt to gather additional personal information (phishing)
  • Changing your passwords on all your accounts.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Understand the possible impact the data breach could have on you

Unfortunately, while The Federation claims that the risk to data is low, in many data breach cases, it can take months for the full impact and losses to become apparent.

We have seen instances where the financial losses only start to occur three to six months later. This is often because the data stolen is used in batches over time.

What’s more, merely knowing that your details could be in the hands of cybercriminals can lead to anxiety and distress. Experiencing a data breach can result in adverse life events. For example,  having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. For police officers, knowing that criminals could have their personal information is even more distressing.

So, as well as taking steps to keep your information and finances safe from further attack, it’s also worth keeping an eye on your state of mind and seeking help if you are distressed or worried about the data privacy violation.

Claim for compensation

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. It is the only way organisations will be persuaded to take their responsibilities seriously, and make the necessary improvements.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, we are now considering launching a no-win, no-fee group action to compensate victims of the PFEW data breach and cyberattack.

Fill in our quick form to ensure that you are fully informed and up-to-date about this action. We will then notify you about the investigation and your legal rights when making a claim.

REGISTER HERE

 

data breach fine
,

What do you need to know about the Bounty pregnancy club personal data breach?

In what is being called an “unprecedented” data breach case, the Bounty pregnancy club has been fined £400,000 after it illegally shared the personal information of more than 14 million people.

What happened in the Bounty pregnancy club data breach case?

Bounty is a pregnancy and parenting support club. It provides free samples, vouchers and guides to new parents and expectant mothers. These parents can sign up through its website and mobile app, and are even directly recruited on maternity wards.

In a shocking breach of trust, between June 2017 and April 2018 the Bounty pregnancy club shared approximately 34.4m records with 39 organisations – without its users’ permission.

The data shared was sensitive and included information about potentially vulnerable new mothers, mothers-to-be, and very young children.

According to the Information Commissioner’s Office (ICO), this data sharing appears to “have been motivated by financial gain”.

Commenting on the data breach, the ICO’s director of investigations said: “Such careless data sharing is likely to have caused distress to many people, since they did not know that their personal information was being shared multiple times with so many organisations, including information about their pregnancy status and their children.

“The number of personal records and people affected in this case is unprecedented in the history of the ICO’s investigations into data broking industry and organisations linked to this.”

While Bounty’s managing director has admitted fault, and ended the company’s relationships with data brokerage companies, he has not apologised for Bounty’s actions.

Has the Bounty pregnancy club been fined?

Yes. But not as much as you might think. In fact, while the fine is still among the highest ever issued, the breach happened under the UK’s old data protection laws and before the introduction of the European general data protection regulation (GDPR). This caps the potential fine at £500,000. Under the new data protection regime, the maximum fine for a company of Bounty’s size is now €20m (£17m).

What’s more, while the ICO has the power to impose fines for data breaches, it doesn’t award compensation to victims. However, many of these victims could go on to suffer distress at finding out their data has been manipulated in this way; especially as it includes information about young children.

Claim for compensation for the Bounty pregnancy club data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

Some people would have us believe that claiming for distress is an overreaction. That your physiological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information sold in this manner.

But being the victim of a data breach can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So why shouldn’t you seek compensation for a failure to look after your information correctly? Especially when it included data about young children.

If you are worried that your trust has been exploited and the Bounty pregnancy club has breached your data, contact us to find out how we can help.

For more advice on how to keep your data safe, you can also follow us on Twitter and Facebook.

,

Police gangs database breached data protection laws

A Metropolitan Police database of suspected gang members has seriously breached data protection laws. That’s the findings of an investigation by the Information Commissioner’s Office (ICO).

What is the Gangs Matrix?

The Gangs Matrix was set up following the 2011 London riots. It contains the names and personal details of thousands of people. According to the Met, these individuals either pose a risk of committing gang violence, or of becoming victims.

In total, the matrix holds details of around 3,500 people, some of who are as young as 12. It stores their full name, date of birth, home address, and information on whether someone is a firearms offender or a knife carrier. Also, each individual is allocated a green, amber or red rating indicating their apparent risk of violence.

There are a significant number of children and vulnerable individuals on the list.

What was the problem with the Gangs Matrix?

Concerns were raised that the matrix violated human rights. Not least because young black men and boys made up more than three-quarters of the list.  What’s more, the Guardian newspaper found that in one London borough, 40% of young people on the list had “zero” risk of causing harm.

In response, the ICO undertook a review of the database.

What did the ICO find?

While the ICO acknowledged the severity of gang crime, its investigation into the police database found that a failure to adhere to data protection principles potentially caused “damage and distress” to the disproportionate number of black men on it.

According to the ICO, some boroughs also operated informal lists of people who no longer met the criteria for being on the matrix. This meant that the police continued to monitor people that intelligence indicated were not gang members.

Also, data on the list was inappropriately shared with other public bodies such as local councils, housing associations, and education authorities. And there was no guidance on how this data should be used. As a result, people faced sanctions relating to housing, jobs and other public services. The Information Commissioner said that: “simply being on this database could lead to denial of services and other adverse consequences”.

The investigation also found that the matrix failed to distinguish between victims of crime and offenders, leading to confusion among officers.

Amnesty International welcomed the report stating that: “The investigation by the Information Commissioner’s Office confirms a lot of our own findings into the gangs matrix: namely, that it is currently not fit for purpose”.

What was the outcome of the investigation?

The Metropolitan Police force was ordered to radically reform the matrix.

The ICO’s recommendations included:

  • Conducting an impact assessment on the Gangs Matrix
  • Ensuring people are clearly identified to distinguish between victims of crime and suspects
  • Improving guidance to explain what constitutes a gang member
  • Removing people from the matrix where necessary
  • Erasing any informal lists of people
  • Conducting a full review to establish how information on the list is being shared and used
  • Developing guidance setting out how information on the list can be used
  • Training officers and staff who have access to and use the database
  • Putting more robust data security systems and access restrictions in place.

The Met said it accepted the findings and was working to address them. The ICO also launched a separate investigation into how police information was being used by other public bodies, such as local councils.

However, concerns have now been raised about Concern Hub – a new criminal database similar to the Gangs Matrix. Not least because information gathered by Concern Hub will be shared with other agencies.

A spokesperson for Amnesty International said: “Any police database being developed must comply with human rights standards and conform to data protection laws and needs to be far more than a rebrand of the deeply problematic Gangs Matrix”.

What can you do if you have suffered because of the Gangs Matrix?

It is the job of the police to protect us, and in a digital society that also means protecting our data. However, where this trust is being undermined, it is vital to hold them to account.

According to the ICO, problems with the Gangs Matrix go back to 2011 and created a plausible risk to this data.

There is also real concern about the impact on its mainly black and ethnic minority data subjects (people on the database). And, while the investigation focused on London, this issue could be more widespread.

If you have suffered damage or distress caused by the Gangs Matrix you have a right to claim compensation. To find out how we can help you recover any losses, give us a call on 0151 363 5895 to discuss your case in more depth.

Find out more about how we are helping to reduce the impact of police data breach violations. Or, for more advice on how to keep your data safe, follow us on Twitter and Facebook.

data breach compensation
,

Government admits Windrush data breach

In a serious breach of data protection laws, the Home Office has admitted that an administrative error has exposed the email addresses of hundreds of Windrush migrants. These recipients had all signed up to be kept informed about the Windrush compensation scheme which was launched last week.

Immigration Minister Caroline Nokes has apologised for the Windrush data breach data breach, and the matter has been referred to the Information Commissioner’s Office (ICO).

Windrush generation compensation scheme

Today, an estimated 500,000 people are living in the UK who arrived between 1948 and 1971 from Caribbean countries. Many were given indefinite leave to remain. These workers have been called the Windrush generation in reference to a ship which brought people to the UK.

However, despite living and working in the UK for decades, many children of these citizens were subsequently told to leave because of a lack of official paperwork. Many travelled on their parents’ passports.

And, without documentation, changes to immigration law in 2012 resulted in many people being held in detention or made to leave the UK.

Following a backlash, the government has since apologised for the “appalling” way these people have been treated. And, a scheme was launched to help those who experienced a loss because they could not demonstrate their lawful right to live in the UK.

The government is expected to pay up to £200m in compensation to people who suffered after being wrongly classified as illegal immigrants. According to the home secretary, there is no cap on the fund.

Windrush data breach

In a written statement, the Immigration Minister said: “Regrettably, in promoting the scheme via email to interested parties, an administrative error was made, which has meant data protection requirements have not been met, for which the Home Office apologises unreservedly.

“This occurred in emails sent to some of the individuals and organisations who had registered an interest in being kept informed about the launch of the compensation scheme, which included other recipients’ email addresses. Five batches of emails, each with 100 recipients, were affected. No other personal data was included.

“A recall was commenced as soon as the problem had been identified. The departmental data protection officer has been informed and an internal review will be conducted to ensure this cannot happen again. The department has voluntarily notified the Information Commissioner’s Office of the incident. I am firmly committed to doing right by the Windrush generation.”

What can you do if you have suffered because of the Windrush data breach?

Experiencing a data breach can result in significant stress and anxiety, which can lead to a diagnosable psychological injury.

For people who have already been wrongly branded as “illegal immigrants” knowing that their personal information has been violated could be particularly distressing.

If you have suffered damage or distress caused by the Windrush data breach you have a right to claim compensation. To find out how we can help you recover any losses, contact us to discuss your case in more depth.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

data breach claims
, ,

TeamSport Indoor Karting data breach reveals personal & financial information of former employees

Indoor go-karting company TeamSport, which operates racing circuits across the UK, has suffered a significant data breach. As with the majority of cases, it looks like this privacy violation was caused by human error and/or poor processes rather than cybercrime.

In a letter to former employees, the company states that a file was released in error on Friday 22nd March. This file contained personal information relating to their previous employment with TeamSport. It is not yet clear if current employees have also been affected.

The information violated in this privacy breach includes names, titles, National Insurance numbers, employment dates, student loan deductions, tax codes, earnings and tax information. As such this looks to be a very significant incident which could have a severe impact on those affected.

What has TeamSport said about the data breach?

TeamSport has apologised for the data breach and accepted that it did not keep the data as safe as it would have expected.

An investigation is now taking place to establish how this incident occurred. The ICO has also been notified about the breach (as is required by law).

While TeamSport says that the error was spotted promptly, and that the recipient of the file deleted the information and did not disclose it to another party, we have already received a number of enquiries from people who are worried about what could happen now that their personal and financial information has been exposed.

Indeed, while TeamSport says that it considers the risk involved to those affected by the data breach to be negligible, this may not be the case.

In many data breach cases it can take months for the full implications and losses to become apparent. We have seen instances where the financial losses only start to occur three to six months later. What’s more, simply knowing that your details have been exposed can lead to anxiety and distress.

How to protect yourself following the TeamSport Indoor Karting data breach

At Hayes Connor Solicitors, we are experts in data breach cases and would advise those affected by the TeamSport data breach to consider the following steps:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • If you are concerned that your financial details have been compromised contact your bank/credit card provider immediately
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Look out for any bills or emails showing goods or services you haven’t ordered
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Beware of fraudsters who attempt to gather additional personal information (phishing)
  • Change your passwords on all your accounts.

 

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Claiming compensation for the TeamSport Indoor Karting data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, it is often the only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Those who have been affected should be contacted by TeamSport. If you receive this letter you may be able to claim compensation once the matter has been investigated.

To ensure that you are fully informed and kept up-to-date, simply fill in our quick form and we will notify you about the investigation and your legal rights when making a claim.