data breach appeal
, ,

Morrisons loses data breach appeal

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

The Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

 

Where Next

Over the last 18 months, we have seen numerous examples of significant personal data loss. Many of these violations have been able to occur due to weaknesses contained in companies’ IT software.

As the trend towards a cashless society accelerates, this will only continue as retailers and other businesses seek quicker and slicker interfaces with their consumers. Both at the point of sale and throughout their customer journey.

In the case of Morrisons, significant steps were taken to protect data, but those steps failed. In this instance, the data was lost at the hands of an employee turned hacker. However, data is also at threat simply due to careless employees going about their day-to-day business.

The latest ruling is the tip of a very large iceberg. Mass data breach actions are also being made against Ticketmaster and British Airways among others. Such actions, when properly prepared and investigated, will have significant financial consequences in terms of damages and costs.

Data breaches on a large scale are a real and pressing threat. In response, the clear and overwhelming view of the Court of Appeal is that such events must be foreseen by companies, and insured against.

The reaction of the insurers to such events, their provision of cyber cover and premium costs is now under the spotlight. Indeed, we predict a situation where the volume of exclusions to policies will increase.

Companies must now protect themselves better from data loss. But they also need to be extremely vigilant as to the activities and errors of their employees to be afforded the cover they pay for, or think they pay for.

 

If you have been affected by this or any other data breach then you can get in touch with our experts today

uk breach
, ,

Why join our Equifax UK breach group action claim?

Hayes Connor Solicitors has launched an Equifax UK breach group action claim as millions of people seek to hold the business to account.

What happened in this case?

In 2017, a cybersecurity incident at Equifax resulted in hackers potentially stealing 143 million US citizens’ data and the personal details of up to 15 million Brits.

This sensitive information included email addresses, passwords, driving license numbers and phone numbers. Equifax has also admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

What did the Equifax UK breach investigation find?

The Information Commissioner’s Office (ICO) investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

The Information Commissioner, Elizabeth Denham said Equifax showed a “series disregard” for its customers and their personal information. In response, Equifax was fined £500,000 by the ICO.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

What’s next?

At Hayes Connor Solicitors, we have launched an Equifax UK breach group action claim. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Crucially, as we are experts in data breach cases, once you have registered with us, we might uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Why have we launched a group action following the Equifax UK breach?

A group action is the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis. This helps to strengthen their overall position and increases their chances of success.

Even better, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

Find out more about group actions.

What should you do now?

For anyone worried that Equifax has exposed their data, you should contact Hayes Connor Solicitors ASAP.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Find out more about no-win, no-fee.

To join our Equifax UK breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and how much compensation you can claim.

 REGISTER NOW

 

data breach solicitors
, ,

Equifax UK data breach: what did the investigators find?

In 2017, a cybersecurity incident at Equifax resulted in hackers stealing the personal data of up to 143 million US citizens’ and 15 million Brits. Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) has now fined Equifax £500,000.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

But what failures were uncovered during the investigation, and what can you do if your details were put at risk by Equifax?

What did the Equifax UK data breach investigation find?

The ICO investigation, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency. For example,

  • Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data
  • Measures which should have been in place to manage the personal data were found to be inadequate and ineffective
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched.

The Information Commissioner, Elizabeth Denham, said Equifax showed a “series disregard” for its customers and their personal information. She also said that: “The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce.

“This is compounded when the company is a global firm whose business relies on personal data.

“We are determined to look after UK citizens’ information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”

What can you do following the Equifax UK data breach?

Hayes Connor Solicitors has launched an Equifax UK data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Find out more about group actions.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

REGISTER NOW

British Airways breach caused by the same hackers as Ticketmaster
, , ,

British Airways data breach caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent British Airways data breach. The group has been very active in the past three years. It is also thought to be behind the Ticketmaster data hack.

Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit card scheme.

A new report by RisqIQ states that there are clues linking the same operation to the British Airways breach. The company said the code found on the British Airways site was very similar. However, the code was modified to suit the way the airline’s website had been designed.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”.

If the British Airways data breach was carried out by the same group, the threat to consumers could be much worse than thought. RisqIQ has said that it looked like the group behind the attack had decided to target specific brands, and that more breaches of a similar nature were likely.

What should you do about the British Airways data breach?

Regardless of who was behind the attack, British Airways was responsible for keeping your data safe, and this is something it has failed to do.

The British Airways data breach has compromised payment details and personal data. This information that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. British Airways has said that it has informed those involved, so if you have received this email let us know.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

cybercrime
, , ,

BA customers victims of huge data breach with cybercriminals stealing bank card details

Almost 400,000 British Airways customers have had their bank card details stolen in what is reported to be one of the most severe cyber-attacks in UK history.

Worryingly, while the huge data breach started over two weeks ago, it was only detected by the airline on Wednesday night. At that time BA told its customers about the breach and reported the incident to the police.

However, with 12 days between the BA data breach occurring and the incident being detected, questions are now being asked as to whether poor systems have made this cyber-attack worse.

All 380,000 customers who booked flights online or via the BA app during that time using a debit or credit card are affected.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the BA data breach.

What happened in the BA data breach?

Hackers carried out a “sophisticated, malicious criminal attack” on the BA website. BA has confirmed that the personal and financial details of customers making bookings had been compromised. In total, about 380,000 transactions were affected.

Along with the financial info stolen, it appears that the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data or financial information following the BA data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you have been affected by this BA data breach, please contact your bank or credit card provider immediately.

BA has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals.

What has BA done about the data breach?

BA has notified the police and relevant authorities. The National Crime Agency has also been brought in to investigate this case.

The airline has also issued an email to affected customers stating that:

“From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.

 “The breach has been resolved and our website is working normally.

 “We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.

 “We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.

 “Further information can be found at ba.com.”

Is BA offering compensation for the data breach?

British Airways customers have rightly vented their fury at the airline, especially as it long it took them so long to notice that they had been attacked.

Customers have also taken to social media to raise concerns about how secure BA’s IT security processes are. And they are right to do so. Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

The airline has said that compensation claims will be discussed on an ‘individual basis’. However, it is not up to BA to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

What can you do about the BA data breach?

With investigations now underway into the data breach, if BA is found responsible for this appalling data protection failure, the airline will no doubt have to pay a hefty fine. But, while the Information Commissioner’s Office does issue fines, it does not award data breach compensation. At Hayes Connor Solicitors, our data breach solicitors can help you with that.

We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.

In response, we are preparing a group action compensation claim for everyone who has had their data accessed in the BA data breach if it is found that BA have failed to adequately protect that data.

To preserve your ability to claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

data compensation
,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW

data compensation
, , ,

Emma’s Diary breaks trust of young mums

Earlier this month, parenting website Emma’s Diary was fined £140,000 for selling data collected from its app to the Labour Party.

Using a database created by Experian, Labour used this personal information to target new mothers with direct marketing. The data gathered included parent names, addresses and the dates of birth of the mother and children.

In an extraordinary breach of trust, many parents are now reeling that their personal information was treated this way. So, here at Hayes Connor Solicitors we are helping them to claim Emma’s Diary compensation for any distress suffered.

Commenting on this case, our managing director, Kingsley Hayes said:

“Quite often we deal with data breach cases where a cybercriminal has hacked a company to access sensitive user information. But in this case, Emma’s Diary willingly and knowingly handed it over for profit. What is even more shocking is that this sensitive information included data about children. It’s no wonder that young mums and dads are now distraught at this breach of trust.”

He added:

“Leaving aside the fact that this data was used to manipulate our democratic process, this case shows a worrying disregard for data privacy. Mums across the UK used Emma’s Diary to get much-needed medical advice and free baby-themed goods. The last thing they expected was that their trust would be abused in this way.”

Claiming Emma’s Diary compensation

You can make a compensation claim against Emma’s Diary if you have struggled emotionally following the data breach, even if you have not experienced any financial loss.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure.

Some people would have us believe that claiming for distress is an overreaction. That your physiological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information sold in this manner.

Being the victim of a data breach can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So why shouldn’t you seek compensation for a failure to look after your information correctly? Especially when it included data about young children.

How much compensation could you get?

Data breaches often have severe consequences for those affected, and in this case, you could be entitled to up to £1,500 (or more depending on your circumstances). And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Join our group action and claim Emma’s Diary compensation now

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information was manipulated and used in way they did not agree to. In response, we are now launching a group action against Emma’s Diary.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

carphone warehouse compensation
, ,

Join a group action Carphone Warehouse data breach claim

Dixons Carphone is facing legal action from potentially millions of people after it was revealed that hackers have accessed the information of close to 10 million customers. The hackers also got access to the records of 5.9 million payments cards (nearly all of which were protected by chip and pin).

While the company claims that no customers have been the victim of fraud as a result of the hack, you can still claim for any distress you have suffered as a result of the Dixons Carphone data breach.

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

As expert data breach solicitors, here at Hayes Connor, we are carefully watching developments unfold in this case, and are preparing to launch a group action Carphone Warehouse data breach claim once the relevant investigations are complete.

What happened in the Carphone Warehouse data breach?

The Dixons Carphone data breach took place in 2017 and resulted in customer records being accessed from Currys PC World and Dixons Travel stores. Both payment card details and non-financial records were compromised.

The Dixons Carphone’s investigation has not uncovered any evidence of additional fraud, but it has revealed that significantly more data was taken than first thought.

Crucially, the details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes.

Dixons Carphone has been criticised for downplaying the severity of the hack. Because today, criminals don’t need payment card or bank account details to cause havoc. Indeed, the sheer scale of damage and distress that can be created by criminals gaining access to personally identifiable information (PII) cannot be underestimated. So, while there is no evidence of financial losses suffered by customers of Currys PC World and Dixons, this doesn’t mean that the impact on victims is any less significant.

To make matters worse, this is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. So, with a history of failures, the relevant authorities will now be looking very carefully at this latest data breach.

What are we doing about a Carphone Warehouse data breach claim?

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is now at the mercy of cybercriminals. In response, we are now considering launching a group action against Dixons Carphone.

As such, we have appointed Barrister Ian Whitehurst to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

Why launch a group action Carphone Warehouse data breach claim?

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

What’s more, with a group action claimants often share the legal fees. Even better, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis.

Find out more about group actions.

What should you do if you have been affected by the Dixons Carphone data breach?

If you are worried that Dixons Carphone has exposed your data, there are a few simple steps you can follow.

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. Dixons Carphone should be able to advise you on this
  2. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  3. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  4. Contact your bank. If any financial information has been stolen, contact your bank immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present the ICO is undertaking an investigation into the Dixons Carphone Data Breach. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

To find out more, read our handy step-by-step guide to making a data breach claim

How can you join the Carphone Warehouse data breach claim group action?

If you have had an email from Dixon’s Carphone you could be entitled to several thousand pounds in compensation so it’s important to act now. And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

data breach claim
,

Can you make a data breach claim against Superdrug?

High street chemist Superdrug has been held to ransom by hackers. The cybercriminals have contacted Superdrug claiming to have accessed the details of 20,000 customers. Talking about the Superdrug data breach, a company spokeswoman said: “The hacker shared a number of details with us to try and ‘prove’ he had customer information – we were then able to verify they were Superdrug customers from their email and log-in.”

What data has been stolen in the Superdrug data breach?

The compromised data is thought to include names, addresses, dates of birth, phone numbers, and point balances. And, while no bank or payment card details are believed to have been accessed, the information stolen is already enough to cause severe distress to those affected.

Today’s cybercriminals don’t just care about our financial details. They can also cause havoc with our personally identifiable information. In fact, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

In response, Superdrug has emailed its customers advising them to change their passwords. The company has also contacted the Police and Action Fraud (the UK’s national fraud and cybercrime arm) and has said that it “will be offering them all the information they need for their investigation as we continue to take the responsibility of safeguarding our customers’ data incredibly seriously.”

Can you claim compensation following the Superdrug data breach?

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss. Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So why shouldn’t you seek compensation for a failure to look after your information correctly?

How much compensation could you get for the Superdrug data breach?

When a breach happens, it’s vital that the Information Commissioners Office (ICO) investigates what happened. If the company is found responsible, the ICO will then issue a fine.

However, such fines are little compensation for victims who have suffered financial loss and/or stress due to an organisation’s negligence. So, while the ICO does not award data breach compensation, our data breach solicitors can help you with that.

At Hayes Connor Solicitors, we’ve been helping people to get the compensation they deserve for over 50 years, so we know what it takes to make a successful data breach claim.

Data breaches often have severe consequences for those affected, and in this case, you could be entitled to around £1,500 (or more depending on your circumstances). And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

Superdrug data breach group action

At Hayes Connor Solicitors we have already been contacted by Superdrug customers distressed that their personal information was not looked after as carefully as it should be.

As such – and depending on the outcome of any investigation – we are now looking at the possibility of launching a group action against Superdrug.

With a group action claim, a band of people – sometimes even thousands of people – collectively bring their cases together to achieve compensation. Where circumstances are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

Find out more about making a group action claim.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in the Superdrug data breach case and if and when you can make a data breach compensation claim.

REGISTER NOW

carphone warehouse compensation
,

Ten million customers could claim compensation for distress in Dixons Carphone data breach

Following the Dixons data breach discovered in June this year, Dixons Carphone has begun contacting customers to warn them that their information has been accessed by hackers. And, while the company initially estimated that 5.9 million people could be at risk, that figure is now closer to 10 million. But with Dixons Carphone claiming that no customers have been the victim of fraud as a result of the hack, can you claim compensation for distress?

What has happened?

The breach, which took place in 2017, saw data leaked from servers containing customer records from Currys PC World and Dixons Travel stores. Both payment card details and non-financial records were compromised.

While Dixons Carphone’s investigation has not uncovered any evidence of additional fraud, it has revealed that significantly more data was taken than first thought.

In an email to customers affected by the data breach, Dixons Carphone admitted that the scale of the non-payment leak reached around 10 million customers. Details stolen during the attack include names, addresses, phone numbers, dates of birth, and email addresses – all of which can be used by cybercriminals to commit further crimes.

Alex Baldock, chief executive of Dixons Carphone, has apologised for the breach and admitted that the company had ‘fallen short’ of its duty to protect customers. And, a spokesperson for Dixons Carphone said that: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result.”

However, by downplaying the severity of the hack, it is clear that Dixons Carphone does not understand the importance of keeping its customers’ personal data safe, and the sheer scale of damage and distress that can be caused by criminals gaining access to personally identifiable information (PII).

In fact, while there is no evidence of financial losses suffered by customers of Currys PC World and Dixons, this doesn’t mean that the impact on victims is any less significant.

Distress matters in data breach cases

Being the victim of a crime can have a considerable effect on you. Both mentally and physically. Everyone reacts differently, but for some people, the consequences can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So, just because your financial details were not exposed or used, doesn’t mean the breach should be treated any less seriously.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Compensation for distress in data breach cases

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

A personal data breach is a 21st-century version of being burgled. So why shouldn’t you seek compensation for this failure to look after your information correctly?

What next in the Dixons Carphone data breach case?

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

Dixons Carphone has said that is “continuing to keep the relevant authorities updated.”

This is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a £400,000 following another cyber-attack.

The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees was put at risk.

With a history of failures, the regulator will now be looking very carefully at this latest revelation.

Can you claim compensation for distress in the Dixons Carphone data breach?

Absolutely. Data breaches can have severe consequences for those affected, so, customers of Dixons Carphone should now be looking to claim compensation.

In this case, because of when the breach took place, any financial penalties paid by Dixons Carphone for failing to protect customer data adequately will be calculated under old data protection legislation. This means that the company will escape the threat of much more substantial fines now possible under the General Data Protection Regulations (GDPR).

But with a history of data negligence at the company, and a clear downplaying of the importance of this latest breach, something must be done to hold them to account.

If you have had an email from Dixon’s Carphone you could be entitled to several thousand pounds in compensation so it’s important to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.