travelex data breach
,

Why has Travelex not told the ICO about its Data Breach?

On 31st December 2019, Travelex fell victim to a huge cyberattack. Since then, the foreign exchange company has been negotiating with a ransomware group over a potentially huge privacy infringement. But what do we know about the Travelex data breach? And why hasn’t the company informed the UK’s data protection regulator?

What happened in the Travelex data breach?

The Sodinokibi ransomware group broke into Travelex’s computer systems and encrypted sensitive customer data. The gang has since held Travelex to ransom by threatening to sell the personal data of its customers unless paid 6 million US dollars (£4.6 million).

While the attack began on 31st December 2019, the hackers could have broken into the company’s computer systems as long as six months ago. The data involved in this breach is thought to involve social security numbers, dates of birth and payment card information.

How did the company respond to the Travelex data breach?

Travelex did not initially acknowledge the hack and instead declared that its website was down for “routine maintenance”. It is also our understanding that – to date – customers have not been sent any email communication about the cyber-attack.

Very worryingly from a legal perspective (at the time of writing), the company has not yet reported the data breach to the Information Commissioner’s Office (ICO). By law, the ICO should be informed of any data breach that compromises personal data within 72 hours of discovery. This includes data not being available as well as it being lost or stolen.

Travelex says there is no evidence customer data has been put at risk. But as hackers have had access to the data – possibly for months – this seems highly unlikely.

Travelex will have to explain why the breach wasn’t reported to the ICO and the regulator is likely to take a dim view of Travelex’s actions.

A data breach is a serious failure, and if Travelex has neglected to protect its customers’ privacy rights it must be held to account. Especially as this is not the first cybersecurity incident to hit Travelex and the company was warned months ago of its potential vulnerability to the Sodinokibi ransomware.

Are you affected by the breach?

The scale of the Travelex data breach is not yet known, but customers who have ordered money from the foreign exchange company could be at risk. If your data was involved in this hack, you might be able to make a Travelex compensation claim.

Should your personal data be found to be compromised, you can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

What should you do now?

At Hayes Connor Solicitors, we are watching this case with interest. If you want to make a data breach case against Travelex contact our data breach experts to tell us about your experience.

There is no obligation to proceed and we may be able to take on your claim on a no-win, no-fee basis.

REGISTER NOW

Dixons carphone fine
, ,

Dixons Carphone Warehouse fined half a million pounds for huge data breach

In summer 2018, Dixons Carphone Warehouse (DSG Retail Limited) admitted that millions of its customers had their details exposed in a massive data breach.

  • Hackers got access to 14 million personal data records. This compromised dates of birth, addresses and phone numbers
  • Dixons Carphone also discovered a separate attempt which compromised the records of 5.9 million payments cards.

In response, the Information Commissioner’s Office (ICO) has now fined the company £500,000 for this shocking data privacy failure.

What was the result of the ICO investigation?

An ICO investigation into the breach has found the national retailer guilty of having poor security arrangements and failing to take adequate steps to protect personal data. This included vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing.

Commenting on the breach, Steve Eckersley, ICO’s Director of Investigations, said:

“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR.”

Will victims of the Dixons Carphone Warehouse receive this money?

No, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation.

However, now that the ICO has found Dixons Carphone Warehouse guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim.

Why should you make a data breach compensation claim?

A data breach can lead to financial and identity fraud

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

“The ICO considered that the personal data involved would significantly affect individuals’ privacy, leaving affected customers vulnerable to financial theft and identity fraud.”

The emotional impact of a data breach can be devastating

The impact of data breaches goes much further than financial losses. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. Mr Eckersley added:

“Such careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud.

“We recognise that cyber-attacks are becoming more frequent, but organisations have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.”

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

It’s essential to hold companies to account if data security is to improve

This is not the first time the company has failed to protect its customers’ data. In fact, there is a history of data negligence at the company.

The Carphone Warehouse (which merged with Dixons) was fined a £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees were put at risk.

Something must be done to hold them to account.

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Making a Dixons Carphone Warehouse data breach compensation claim

If you were affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is at the mercy of cybercriminals following the Dixons Carphone Warehouse data breach.

In response, and in light of the ICO’s findings, we will now be launching a group action to help people claim Carphone Warehouse breach compensation.

We have appointed Barrister Ian Whitehurst to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

To become part of this group action, we need you to register with us. This guarantees that you will form part of the Carphone Warehouse breach compensation claim that will be lodged by us.

We can take on your claim on a no-win, no-fee basis so you have nothing to lose.

REGISTER NOW

ticketmaster
, , ,

Why is the Ticketmaster data hack investigation taking so long?

At Hayes Connor, we have issued a claim against ticketing giant Ticketmaster following its 2018 data breach. But even though the privacy failure took place 18 months ago, we still have some way to go before compensation can be issued to victims. But why is the Ticketmaster data breach investigation taking so long?

Ticketmaster is refusing to accept any blame for the data hack

The Ticketmaster data breach happened when hackers gained access to thousands of Ticketmaster details via chatbot software hosted by Inbenta Technologies. It was this software that was compromised in the data breach incident. As such, Ticketmaster claims that all responsibility for the data breach rests with Inbenta.

However, Inbenta has refuted that it is responsible. It admits that it supplied the code accessed in the Ticketmaster hack, but says that it did not know Ticketmaster planned to use it on a payment page. If it had been told that its product was going to be used that way, Inbenta states that it would have advised against it.

The fact that a third-party is involved in this breach does complicate matters. But it doesn’t mean that Ticketmaster wasn’t to blame. Ticketmaster is the company responsible for the security of the data it collects (e.g. customer names, payment card details, etc.). As such, it was responsible for making sure that adequate checks and processes were in place when it came to any third-party integration. So, implicating Inbenta as the one responsible is both dishonest and legally neither here nor there.

In our expert opinion, Ticketmaster is attempting to using Inbenta as a scapegoat for this breach. And in doing so, is dragging out the compensation process.

The ICO is delaying its decisions

In group action cases, there is only so much that can be done until the UK’s data protection regulator (the ICO) has carried out its investigation into a breach, and announced its findings. And, despite our frustration at the wait, that’s as it should be. It’s important to know the extent of any security failures before compensation can be properly discussed.

But despite our understanding of the ICO and its processes, we are concerned about the time some decisions are taking.  And this includes the Ticketmaster data hack group action.

One possible reason for the ICO’s delay when it comes to Ticketmaster is that this case is legally very challenging. The Ticketmaster data breach affects people who bought tickets between September 2017 and 23 June 2018. With the GDPR coming into force on May 25th 2018, this means that the violation spans two different data protection acts:

  • The Data Protection Act (DPA) 1998
  • The Data Protection Act (DPA) 2018 (the UK’s version of the GDPR).

These acts have drastically different levels of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

It is not yet clear which legislation is relevant, but the breach could be judged under both. Alternatively, the entire data protection failure could be treated as a breach under GDPR as it kept happening after the new laws came into force. If GDPR is used, the Ticketmaster data breach case will set the tone for action to be taken by the ICO in future breaches.

So, it is understandable – in this instance at least – why the ICO would need time to get its decision right.

Ticketmaster data hack group action

At Hayes Connor, we are helping people who want to make a compensation claim because of the Ticketmaster data breach.

If you have already contacted us, and we have confirmed that you are part of our first group action, there is nothing for you to do at this stage. We will keep you updated, and as soon as the investigation is complete, we will take your case to the High Court.

If you have contacted us and are waiting to join our second group action, we’ll be in touch about anything we need from you. We will then progress your claim once our first group action has been decided in court.

If you haven’t yet contacted us, it’s not too late. If you have suffered a privacy violation caused by Ticketmaster’s breach of data privacy laws, you have a right to claim compensation. All you need to do is register with us and we will keep you updated.

There is no cost to join our group action, and no obligation to proceed.

REGISTER NOW

 

oneplus data breach
, ,

How can you protect yourself following the OnePlus data breach?

OnePlus has emailed customers to let them know that their personal information is at risk. This is because a (as yet unknown) third-party hacked OnePlus and got their hands on sensitive customer data. This includes:

  • Names
  • Contact numbers
  • Email addresses
  • Shipping addresses

It does not appear that payment information or account passwords were obtained during the intrusion.

OnePlus has informed all impacted users by email. It has also warned these customers that they might now be the victims of spam and phishing emails as cybercriminals use this data to extort more information and commit financial/identity fraud against them.

If you haven’t received a notification yet, OnePlus says you have not been affected. However, if you have ever purchased a product from OnePlus, it is worth checking your spam folder and any old email accounts in case the email has gone there.

If you were involved in the OnePlus data breach, you must take steps to keep yourself safe.

Protect your finances following the OnePlus data breach

While OnePlus has said that payment details have not been exposed, you should:

  • Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • You might also want to contact the major credit reference agencies to ensure credit isn’t taken out in your name.

Watch out for further attacks following the OnePlus data breach

All too often, cyber-criminals use the names and email addresses stolen in a data protection act breach to try and extract additional information from you (such as your banking details). As such, you must be on your guard following the OnePlus data breach.

  • Always question uninvited calls, messages, texts, etc. in case it’s a scam
  • Be aware that, just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud prevention reasons.

Put some data protection best practices in place

If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating.

  • Register with the Cifas protective registration service
  • Change your passwords (we strongly recommend that you do this if you have been involved in this breach)
  • Make sure your devices are protected by up-to-date internet security software.

Find out more about what to do if you are the victim of a data breach.

Should you make a OnePlus data breach compensation claim?

A data breach is a serious failure, and it is clear that OnePlus has neglected to protect its customers’ privacy rights.

Worryingly, this isn’t the first time that OnePlus has been involved in a data breach. In January 2018, OnePlus revealed that 40,000 online customers had their credit/debit card data stolen. In this data breach, hundreds of customers reported fraud on their accounts after paying over the OnePlus website.

Unfortunately, it doesn’t seem like OnePlus has learned from this mistake. So, if your data was involved in this breach, you should make a OnePlus compensation claim. Claiming compensation isn’t just in your best interests. It could also be the only way to ensure that organisations implement more secure processes.

How to make a OnePlus data breach claim

At Hayes Connor Solicitors, we are looking to launch a no-win, no-fee group litigation action for everyone who has had their data privacy violated in the OnePlus data breach. Our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. So, we are confident that our team will get the results you deserve. We have all the experience and expertise necessary to get the best possible result for you.

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim against OnePlus. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

To become part of our group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

We can take on your claim on a no-win, no-fee basis.

Register now

BA group action
, , ,

Hayes Connor sees surge of interest in British Airways data breach

Since British Airways (BA) customers had their personal data stolen in a series of breaches, we have been contacted by hundreds of people who were put at risk by the airline. And, in good news for consumer-rights, in October 2019, the Court gave its permission for official legal action to be launched against the airline. Since this decision, lots of new clients have contacted us to join our BA group action case.

What happened in the BA group action case?

In 2018, hackers accessed the BA website and mobile app to steal information including card details, addresses, email addresses and travel arrangements. According to an investigation by the Information Commissioner’s Office (ICO), some passengers were taken to a fake website where hackers harvested their details. As a result of this breach, many customers were forced to change their bank accounts or credit cards.

Why is this BA’s fault?

Following an investigation, the ICO found that the hacks were only possible due to inadequate security arrangements at the airline. In response, it is planning to impose a fine of more than £183 million on BA. But, none of this money will go to the victims.

Leading the way when it comes to data breach law

To secure justice for data breach victims, it’s vital that organisations are held to account for their security failures. And, at Hayes Connor, we believe we are the best firm to help BA customers to achieve this. This is because we are a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as BA. We also have experience in similar huge cases against the likes of Ticketmaster and Equifax.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Our No-Win, No-Fee BA group action makes sure you are protected against all possible costs

At Hayes Connor, we offer a No-Win, No-Fee guarantee. This makes sure our clients are protected and insured against all possible outcomes.

Find out more about what No-Win, No-Fee means.

Why join our BA group action?

At Hayes Connor Solicitors, we have already started a group action claim against British Airways to help victims of this data breach to secure compensation. This means we have everything in place ready for you to join. And, we are using the evidence uncovered by the ICO to make the strongest possible case.

Unlike other UK law firms, we have experience in group action data breach cases. Where cases are very similar, such group actions can be a powerful tool and can have a bigger impact than a single claim.

Don’t miss out on the compensation you deserve!

The deadline to join the BA Group Action has been set by the Court. And, our group action is still open to you to join. You can make a claim even if the theft of your data has not caused you any harm or distress.

However, we would recommend that you join ASAP to give you plenty of time. We are already gathering evidence to give our clients the best possible chance of success. There may also be the chance to secure a settlement before this case gets to Court.

Without joining a group action, hundreds of thousands of people could miss out on the compensation they deserve.

To join our British Airways data breach group action compensation claim, register with us today.

 REGISTER NOW

equifax data breach
, , ,

Hayes Connor launches new Equifax data breach claims website

Hayes Connor Solicitors has served a representative data breach claim against Equifax in the High Court. The action could see Equifax ordered to pay up to £100 million in compensation. And, to make it easy for people affected by the breach to join this action, we have launched a bespoke Equifax data breach claims website.

 Launching equifaxdatabreach.co.uk

Because of a series of data protection failures, Equifax let the personal data of its customers fall into the hands of hackers. In response, the UK’s data protection regulator (the ICO) fined Equifax £500,000. But none of this money will go to victims of the data breach.

In the US, Equifax will pay $1.4 billion to compensate affected consumers. We believe that UK customers deserve compensation too. That is why we have set up www.equifaxdatabreach.co.uk.

Making it easy to claim compensation and hold Equifax to account

According to press reports, and the findings of the ICO, 15 million people have been affected in the UK. Equifax has written to 693,665 UK customers confirming that they have had their data breached.

If you are a victim of the Equifax data breach, our new site explains more about:

  • What happened in the Equifax data breach
  • What you can do about it
  • Our representative action
  • Whether you can claim compensation from Equifax.

We also have a range of handy FAQs to answer any questions you might have about this shocking privacy violation.

Our no-win, no-fee Equifax data breach representative action

We are running a representative (group action) case against Equifax. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

We are doing this in partnership with Louis Browne QC and Ian Whitehurst of Exchange Chambers Liverpool. This is the same expert data protection team currently engaged in Ticketmaster and British Airways litigation.

Our claim allows anyone in the UK who has suffered financial damage, emotional distress, or a loss of privacy (e.g. having an email address stolen) to claim compensation for the breach. What’s more, in the Equifax case, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you win, you’ll get all of the compensation.

Crucially, by registering today, we will keep you updated as this case progresses.

Find out more at equifaxdatabreach.co.uk

 

money transfer scam
, ,

Are you likely to be targeted by money transfer scammers?

Cybercriminals are getting smarter. And they are making a lot of money along the way. One of the most lucrative forms of cyber fraud is the money transfer scam (otherwise known as push payment fraud).

In 2017 there were 43,875 cases involving money push payment fraud, with total overall losses of £236 million to customers. And, to make matters worse, only £60.8 million of the money stolen was ever was repaid[1].

Money transfer scams

Money transfer scams happen when cybercriminals trick individuals into sending them money. Because the victim believes the fraudster to be genuine, they authorise the payment. The money is then quickly transferred to different accounts, often abroad, which makes getting it back almost impossible. And, despite there being rules in place to protect customers, banks are usually reluctant to compensate for any losses. So, people can be left out of pocket without knowing where to turn.

Who is targeted by money transfer scammers?

You might think that fraudsters are more likely to go after people they believe will fall for the scam, but this isn’t the case. Money transfer scams can be extremely difficult to spot, so anyone could be at risk.

The Financial Ombudsman has highlighted the increasing sophistication of criminal methods. It argues that people are often manipulated into thinking their money’s at risk. And that this can result in rasher decisions than someone would typically make.

There are two main reasons why cybercriminals might make you the target of a money transfer scam:

  1. Because they already have your data

Often money transfer scams happen because your data has already been violated. For example, because of a data breach (or other cybercrime such as an email hack).

 A data breach could have occurred at any organisation that holds your personal information. Criminals often use data breaches to access data and sell it on the dark web.

According to a report by The Independent[2], the personal data of UK citizens is selling for as little as £10 on the dark web. The data offered provides more than enough information for fraudsters to convince you that they are genuine and defraud you.

  1. Because of poor security at your bank

Some criminals will target the customers of banks that they know have poor security processes. This can make it easier to trick customers into handing over money. This includes where banks fail to:

  • Keep their internal telephone/text/email systems secure
  • Keep their internal security protocols safe and secure
  • Undertake proper checks on large transactions from clients who don’t normally transfer large sums
  • Undertake proper checks on transactions to accounts where there is no history of transactions
  • Stop transfers and freeze accounts when they are informed that fraud might be happening
  • Liaise with the fraudsters’ banks to chase down the money and/or find out who the money has gone to.

What can you do to protect yourself from money transfer scams?

Here are some quick tips to keep you safe from money transfer scammers:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic. Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Know that banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Be aware who you’re sharing your personal information with. Only give out details to a service you trust and that you’ve contacted directly or are expecting to be contacted by. Even then, do not hand over sensitive information such as your PIN or password
  • Don’t be rushed into handing over personal or financial information
  • If something doesn’t feel right listen to your instincts. Leave the conversation if it makes you at all uncomfortable
  • Always question who you’re talking to. If in any doubt call them back using trusted contact details (you can usually find these on your bank cards) to check the request is genuine
  • Don’t be afraid to say you’ll get back to someone using the phone number or email address as listed on their website. A legitimate organisation would never try to panic you out of taking security checks
  • Never automatically click on a link in an unexpected email or text
  • Make sure you look at the address bar when logging into a website. If there is a padlock icon your connection is secure, if a site doesn’t have this lock icon, do not share any sensitive information
  • If you’re worried that you may be at risk, report it to the Police or Action Fraud straight away.

Get digitally aware

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

We are also considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.

SIGN UP TO FIND OUT MORE ABOUT JOINING OUR GROUP ACTION CLAIM


[1] UK Finance

[2] https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-id-value-hackers-cyber-crime-a8683821.html

data breach claim
, , ,

Making a data breach claim. What has changed?

A recent case against Google for illegal data harvesting has transformed how data breach claims are managed in the UK. But what has actually changed? And what does this mean for you?

The background

Between 2011 and 2012, Google used cookies on Apple’s Safari web browser to illegally collect data about its users. In response, a group action was launched to help people challenge the big technology company over this data privacy violation. But, in October 2018, the case was thrown out.

Essentially, it was deemed too difficult to calculate how many people had been affected, and in what way. This is because, to make a data breach claim, each person had to show that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. In group action cases such as this, where multiple people had been affected, this was especially complicated.

However, this case was taken to appeal, and, in a “ground-breaking” ruling, the Court effectively reformed the data breach claims process.

Change one – you can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

Change two – you can make a data breach claim even if the only thing exposed was your email address

People can now seek compensation even if the only personal information breached was their email address. Everyone has the right to the protection of their personal data. Especially when such data now has an economic value (e.g. it can be sold).

Change three – there are now different ways to join a group action claim, depending on how you have been affected

Until now, if someone had their data breached, they would have to prove how this privacy violation affected them. In group action cases (where lots of people are affected by the same breach), this could be a complicated process. Because not everyone will have experienced the same loss and consequences. So, making an award in these cases can be tricky.

But, the Court of Appeal has made the group action claims process easier.

People involved in a significant data breach (that has resulted in differing levels of financial loss or emotional harm), can still make a group action case. You can find out more about how to make a group action claim here. So, in these cases, nothing has changed.

But now, people who have had their data breached in a mass privacy violation, but who have not experienced any harm, can also claim. To do this, they will need to join a representative action.

The type of action required for each case will depend on the exact breach. If you are unsure about which option is available to you, our helpful data breach experts are happy to answer any queries you might have.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm (e.g. having their email address stolen and data privacy violated).

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions.

In addition, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

A representative action is a quicker way to claim for compensation

A representative action can be launched based on the total number of those affected, not just the individuals who have proactively decided to pursue compensation. This will make claim process much quicker. However, to receive a share of the settlement, affected parties will still need to register to join the action. There is likely to be a strict time limit to do this.

What about individual data breach cases?

The ability to claim compensation for individual personal data breaches still exists (for example, where a bank has posted your financial statement to the wrong address). But now, you can claim compensation even if you haven’t suffered because of the breach.

In such instances, people can claim directly with the organisation responsible. However, we would always recommend using a specialist data breach solicitor.

At Hayes Connor, we take a holistic and long-term view when it comes to claiming compensation on your behalf. And, our understanding of the effects of a breach mean we always ensure the best possible outcome for you. It is not unusual that – on reviewing your case – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law.

How will you know if you can make a data breach compensation claim?

Since the introduction of the General Data Protection Regulation (GDPR), any organisation that processes your personal data MUST let you know if it has been breached. And, once you have been told about any violation, you can make a claim.

How do you make a data breach claim?

If you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

START A DATA BREACH COMPENSATION CLAIM

 

 

 

equifax data breach
, , ,

It’s now even easier to make an Equifax data breach claim

A recent data protection case has transformed how data breach claims will be managed in the UK. And the result of this court action will impact the 400,000 UK consumers who had their personal details put at risk in the huge Equifax data breach.

What happened in this data breach?

Hackers breached Equifax’s systems and accessed the private details of 143 million people in the US. While Equifax said that its systems in the UK were not affected, it admitted that a file stored in the US may have been accessed. This file contained personal information on up to 400,000 UK consumers.

Equifax is the second-largest credit reference agency in the UK. Used by a wide range of companies, even if you are not a customer it could hold a wealth of information about you. For example, data which lenders use to assess whether to give you credit cards, loans, mortgages etc.

Equifax data breach UK group action

Following the breach, we announced our intention to launch a group action case against Equifax. This allowed anyone in the UK who had suffered damage or distress to claim compensation for the breach. And, in October 2019 we submitted the relevant initial paperwork to launch litigation proceedings against Equifax at the High Court.

And, following the latest Court of Appeal ruling, claiming compensation for victims of the Equifax data breach is about to become much easier.

How has the data breach group action process changed?

Until now, to join a group action data breach claim, victims had to be able to prove that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. However, the Court of Appeal has now decided that all data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

So, many more people are now free to claim from the credit reference agency. What’s more, following the ruling, people can now seek compensation from Equifax, even if the only personal information breached was their email address.

The Equifax data breach is a representative action

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

A representative action can be launched based on the total number of those affected, not just the individuals who have proactively decided to pursue compensation. This will make the claims process much quicker. However, to receive a share of the settlement, affected parties will still need to register to join the action. There is a strict time limit to do this, so it’s important register ASAP.

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in this case.

Join our Equifax data breach claim

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

What’s more, in the Equifax case, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you win, you’ll get all of the compensation.

REGISTER NOW

ba group action
, ,

British Airways data breach group action gets the go-ahead

British Airways (BA) customers have been given permission to launch compensation claims against the airline following a huge data breach in 2018. At the High Court , Mr Justice Warby granted a group litigation order, paving the way for the group action against BA.

What happened in this case?

Last year, almost half a million British Airways customers had their personal data stolen in series of breaches.

Hackers accessed the BA website and mobile app to steal information including card details, addresses, email addresses and travel arrangements. According to an investigation by the Information Commissioner’s Office (ICO), some passengers were taken to a fake website where hackers harvested their details. Also, many customers were forced to change their bank accounts or credit cards.

Earlier this year, the ICO announced its intention to impose a fine of more than £183 million on BA over the breach. The series of hacks, were some of the most severe cyber-attacks in UK history. And they were only possible due to inadequate security arrangements at the airline.

But, while the ICO has the power to impose data breach fines, it does not give this money to victims. That’s why making a compensation claim is so important. Furthermore, we can use the evidence uncovered by the ICO to make a very strong case. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

Join our No Win, No Fee, BA compensation case

At Hayes Connor Solicitors, we have already started a group action claim against British Airways to help victims of this data breach to secure compensation.

We can help you claim compensation for financial losses, as well as for inconvenience and distress. And, following a recent ruling[1], we can now claim on your behalf even if you haven’t suffered financial or emotional damage as a result. The loss of control of your personal information is sufficient grounds to make a claim.

What is a group action case?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant (in this case, British Airways). These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

Use a data breach expert for the best chance of success

At Hayes Connor Solicitors, we believe that the best way to make big companies pay for their data protection failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

We have become a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as BA, Ticketmaster and Equifax.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Don’t miss out on the compensation you deserve in the BA group action!

Since the data breach, we have been contacted by hundreds of people who were put at risk by BA.

The action that we are taking is still open to you to join. But, as we have already started our group action case, it is vital that you register with us ASAP.

To join our British Airways data breach group action compensation claim, register with us today.

REGISTER NOW


[1] Lloyd v Google