data breach solicitors
,

What you need to do following the Marriott data breach

The Marriott data hack is already being called one of the most serious data breaches of its kind. So much so that two US-based law firms have already filed class action lawsuits against Marriott International.

But if you are a UK customer worried about how the hack will affect you, what should you do to protect yourself?

What happened in the Marriott data breach?

On September 8, 2018, Marriott became aware that hackers had managed to access its Starwood guest reservation database. However, when investigating the breach it was uncovered that cybercriminals had enjoyed access to this database since 2014.

During this time the hackers accessed, copied and removed the private data of around 500 million customers.

Marriott is still working with cybersecurity experts to determine the scope of the breach.

What data has been put at risk due to the Marriott data breach?

Marriott has admitted that the stolen information includes names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, guest account information, reservation dates, and more.

Worse, Marriott has said that it has not been able to rule out that credit card information has also been exposed. And, while Marriott used an encrypted credit card system, it admits that the hackers could have stolen the encryption keys needed to decrypt this financial data.

Security experts have widely criticised Marriott for its “lacklustre” response following the data breach. For example, while the company has sent out millions of emails warning of the massive data breach, the email sender’s domain “email-marriott.com” doesn’t load, and doesn’t look like it comes from Marriott (it also has no identifying HTTPS certificate). So there is no easy way to check that the domain is real.

Should you be worried?

If you are a Marriott customer who has made a reservation at one of the affected hotels between 2014 and September 2018, then unfortunately yes.

Customers who have been affected should soon know if their data has been put at risk (if you haven’t been told already). If you are a Marriott International customer and you haven’t received an email make sure that you check your junk mail folder.

If you haven’t received an email but are still worried you should call the dedicated call centre Marriott has established to answer questions you may have about this incident. You can find out more about this here.

The theft of personal and financial information could lead to identity and financial fraud which has the potential to turn a person’s life upside down. And, as we don’t yet know what has been done with this data, or who has managed to get their hands on it, it is vital that you do everything you can to protect yourself.

What can you do to protect yourself?

Those affected by the Marriott data breach should do the following as soon as possible:

  • Inform the Information Commissioner’s Office (ICO)about your concerns. The ICO is the independent authority charged with upholding data protection rights in the UK. The ICO is currently making enquiries into the data breach. While it does not award compensation, if the ICO believes that Marriott International was negligent when looking after your data you can use this information in court to help prove your claim
  • Read our handy step-by-step guide to making a data breach claim
  • If you are worried that your banking details have been exposed, contact your bank immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • If you are offered any form of compensation or free services it’s important to check the small print. For example, it is thought that Marriott is offering a free subscription to the Webwatcher service to monitor for evidence of customers’ details being used online. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date.

Can you claim compensation following the Marriott data breach?

If you are a Marriott International customer and you have suffered financial loss or distress because of the data breach you could be entitled to compensation. Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

To date, Marriott has offered no monetary reparation. This is despite calls in the US for Marriott International to cover the cost of replacing passports for consumers impacted by the breach. However, even if compensation is offered, it’s vital that you are not fobbed off by a low amount.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate UK victims of the Marriott data breach. We can take on your claim on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

If you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here. 

TAKE ACTION NOW!

data breach
,

Amazon data breach – what do you need to know?

Amazon customers have had their names and email addresses put at risk in the latest high-profile data breach. The personal information was divulged on the online retailer’s website just two days before multi-billion pound shopping day Black Friday.

As yet, Amazon has not confirmed how many people have been affected or where they are based.

What caused the Amazon data breach?

Rather than being caused by a cyber-attack, the online retail giant has said that the data breach occurred because of a technical problem.

Neither its website nor any of its systems are thought to have been breached. Furthermore, according to Amazon, it has informed customers who may have been put at risk and the issue has now been fixed.

However, as yet, there’s no information about who was able to access the compromised data.

What should you do if you are worried about the Amazon data breach?

Amazon claims that there is no need for worried customers to change their passwords. In an email to affected customers Amazon said:

“Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted.”

It added: “Amazon takes all security-related matters very seriously and your account security is our top priority. We have policies and security measures in place to ensure that your personal information remains secure.”

However, cybersecurity experts dispute this advice and are advising customers to change their passwords on Amazon, and on any other accounts that use the same password.

Richard Walters, chief technical officer of cybersecurity firm CensorNet, said: “If the reports are correct, the information leaked – names and email addresses – is less significant than some of these other breaches, which saw card details leaked”.

However, it would be wrong to assume that this makes the breach inconsequential. Cyber-criminals can do a lot of damage with a large database of names and emails.

“A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web. For cyber-criminals, it then just becomes an exercise in joining the dots.”

Certainly, cybercriminals can do plenty of damage with this information, and at Hayes Connor Solicitors we would strongly advise you to change your password ASAP and set up two-factor authentication on your Amazon account if you haven’t done so already. You should also look out for an increase in spam or phishing emails.

What happens next?

The Information Commissioner’s Office (ICO) – which has the power to impose hefty fines on organisations who fail to meet the requirements of the Data Protection Act – is aware of the situation.

If Amazon has put your data at risk, we would advise you to contact them and ask them to assess what happened. If the ICO finds Amazon guilty of breaking data protection regulations, you can then use this information to support a data protection compensation claim.

Amazon data breach group action

At Hayes Connor Solicitors, we are now considering launching a no-win, no-fee group action to compensate victims of the Amazon data breach.

Find out more about group actions.

To become part of this group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

 REGISTER HERE TO JOIN OUR AMAZON GROUP ACTION CLAIM

 

british airways
, ,

BA admit to second cyber attack

Last week, we reported that a second cyber-attack had hit British Airways. The hack took place between April 21 and July 28 and was only uncovered as the airline was investigating another breach of its website which occurred in September.

August – September Data Breach

According to an update on the British Airway’s website, the company is investigating, as a matter of urgency, the theft of customer data from its website, ba.com, and its mobile app.

BA states that you may have been affected if you made a booking or paid to change your booking with a credit or debit card on ba.com or the mobile app between 22:58 BST August 21 2018 until 21:45 BST September 5 2018. It also recommends that you contact your bank or credit card provider and follow their advice.

You can find more details on the Aug-Sept BA data breach here.

 

April – July Data Breach

A further update on the BA website says: “Since our announcement on September 6, 2018 regarding the theft of our customers’ data, British Airways has been working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft. We are updating customers today with further information as we conclude our internal investigation.”

It continues: “The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified”.

You can find more details on the Apr-Jul BA data breach here.

 

What was stolen?

The stolen data included some payment card numbers, expiry dates, and card verification value (CVV) numbers. In addition, in both cases, the hackers also gained access to personally identifiable information (PII) including names, addresses, and email addresses.

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

It appears likely that both attacks were carried out by the same hackers, and could have gone on for months. There are also fears that customers’ details could be sold on the dark web to cybercriminals.

BA has said that it will contact everyone affected by both data breaches. If you have been told your data is at risk you should:

  • Contact your bank or card provider
  • Beware of fraudsters claiming to be British Airways who attempt to gather personal information (phishing). BA has said that it will NOT be contacting any customers asking for payment card details
  • Report any such requests to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Beware of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on any accounts that use the same passwords as your BA account.

Compensation for the BA data breaches

British Airways has previously promised to compensate any customers who suffer “financial hardship” because of the breach.

However, it is not up to BA to dictate the terms of any compensation payments. What’s more, in the UK it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Join our BA data breach group action

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of both BA data hacks.

Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

To join our group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to thousands of pounds in compensation.

REGISTER NOW

 

 

, ,

BA hit by second cyber attack leaving thousands of customers at risk

A second cyber-attack has hit British Airways. The hack was discovered while the airline was investigating another breach of its website which occurred in September.

It appears that the earlier attack took place between April 21 and July 28. Over 185,000 people could have had their payment card details stolen.

Two separate groups of customers have been affected by the latest BA data breach:

  • 77,000 people have had their names, addresses, email addresses and detailed payment information taken. This includes card numbers, expiry dates, and card verification value (CVV) numbers
  • 108,000 people have had their personal details stolen, but not their payment card CVV numbers.

The hack went undetected for months; meaning BA customers have been exposed to fraud all this time. It appears likely that both attacks were carried out by the same hackers and there are fears that customers’ details will be sold on the dark web to cybercriminals.

A breach of the BA website in September affected 380,000 transactions. As in this latest case, along with the financial info stolen, the hackers also gained access to personally identifiable information (PII).

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

BA has said that will contact everyone affected by the latest data breach.

What is happening now?

The September BA data breach is currently being investigated by the Information Commissioner’s Office and the National Crime Agency. It is possible that the airline could face huge fines as the violation occurred after the introduction of the General Data Protection Regulation which imposes strict data protection rules on organisations. This latest breach will also of interest to the regulators.

What should you do to protect yourself?

Signs that criminals have used your data or financial information following either of the BA data breaches include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you believe you have been affected by either BA data breach, please contact your bank or credit card provider immediately.

Compensation for the BA data breaches

Alex Cruz, the chairman and chief executive of British Airways, has previously promised to compensate any customers who suffer “financial hardship” because of the breach.

However, it is not up to BA to dictate the terms of any compensation payments.

What’s more, in the UK it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Join our BA data breach group action

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of both BA data hacks.

Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

To join our group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

data breach appeal
, ,

Morrisons loses data breach appeal

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

The Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

 

Where Next

Over the last 18 months, we have seen numerous examples of significant personal data loss. Many of these violations have been able to occur due to weaknesses contained in companies’ IT software.

As the trend towards a cashless society accelerates, this will only continue as retailers and other businesses seek quicker and slicker interfaces with their consumers. Both at the point of sale and throughout their customer journey.

In the case of Morrisons, significant steps were taken to protect data, but those steps failed. In this instance, the data was lost at the hands of an employee turned hacker. However, data is also at threat simply due to careless employees going about their day-to-day business.

The latest ruling is the tip of a very large iceberg. Mass data breach actions are also being made against Ticketmaster and British Airways among others. Such actions, when properly prepared and investigated, will have significant financial consequences in terms of damages and costs.

Data breaches on a large scale are a real and pressing threat. In response, the clear and overwhelming view of the Court of Appeal is that such events must be foreseen by companies, and insured against.

The reaction of the insurers to such events, their provision of cyber cover and premium costs is now under the spotlight. Indeed, we predict a situation where the volume of exclusions to policies will increase.

Companies must now protect themselves better from data loss. But they also need to be extremely vigilant as to the activities and errors of their employees to be afforded the cover they pay for, or think they pay for.

 

If you have been affected by this or any other data breach then you can get in touch with our experts today

uk breach
, ,

Why join our Equifax UK breach group action claim?

Hayes Connor Solicitors has launched an Equifax UK breach group action claim as millions of people seek to hold the business to account.

What happened in this case?

In 2017, a cybersecurity incident at Equifax resulted in hackers potentially stealing 143 million US citizens’ data and the personal details of up to 15 million Brits.

This sensitive information included email addresses, passwords, driving license numbers and phone numbers. Equifax has also admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

What did the Equifax UK breach investigation find?

The Information Commissioner’s Office (ICO) investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

The Information Commissioner, Elizabeth Denham said Equifax showed a “series disregard” for its customers and their personal information. In response, Equifax was fined £500,000 by the ICO.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

What’s next?

At Hayes Connor Solicitors, we have launched an Equifax UK breach group action claim. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Crucially, as we are experts in data breach cases, once you have registered with us, we might uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Why have we launched a group action following the Equifax UK breach?

A group action is the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis. This helps to strengthen their overall position and increases their chances of success.

Even better, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

Find out more about group actions.

What should you do now?

For anyone worried that Equifax has exposed their data, you should contact Hayes Connor Solicitors ASAP.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Find out more about no-win, no-fee.

To join our Equifax UK breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and how much compensation you can claim.

 REGISTER NOW

 

data breach solicitors
, ,

Equifax UK data breach: what did the investigators find?

In 2017, a cybersecurity incident at Equifax resulted in hackers stealing the personal data of up to 143 million US citizens’ and 15 million Brits. Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) has now fined Equifax £500,000.

However, the investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation. So it could be argued that Equifax got off lightly.

But what failures were uncovered during the investigation, and what can you do if your details were put at risk by Equifax?

What did the Equifax UK data breach investigation find?

The ICO investigation, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency. For example,

  • Equifax contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data
  • Measures which should have been in place to manage the personal data were found to be inadequate and ineffective
  • There were significant problems with data retention meaning personal information was being retained for longer than necessary and vulnerable to unauthorised access
  • The US Department of Homeland Security had warned Equifax Inc. about a critical vulnerability as far back as March 2017. Sufficient steps to address the vulnerability were not taken meaning a consumer-facing portal was not appropriately patched.

The Information Commissioner, Elizabeth Denham, said Equifax showed a “series disregard” for its customers and their personal information. She also said that: “The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce.

“This is compounded when the company is a global firm whose business relies on personal data.

“We are determined to look after UK citizens’ information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law.”

What can you do following the Equifax UK data breach?

Hayes Connor Solicitors has launched an Equifax UK data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe.

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Find out more about group actions.

While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you are awarded £1,500, you will get all of the compensation. There are no solicitor’s fees win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

REGISTER NOW

British Airways breach caused by the same hackers as Ticketmaster
, , ,

British Airways data breach caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent British Airways data breach. The group has been very active in the past three years. It is also thought to be behind the Ticketmaster data hack.

Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit card scheme.

A new report by RisqIQ states that there are clues linking the same operation to the British Airways breach. The company said the code found on the British Airways site was very similar. However, the code was modified to suit the way the airline’s website had been designed.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”.

If the British Airways data breach was carried out by the same group, the threat to consumers could be much worse than thought. RisqIQ has said that it looked like the group behind the attack had decided to target specific brands, and that more breaches of a similar nature were likely.

What should you do about the British Airways data breach?

Regardless of who was behind the attack, British Airways was responsible for keeping your data safe, and this is something it has failed to do.

The British Airways data breach has compromised payment details and personal data. This information that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. British Airways has said that it has informed those involved, so if you have received this email let us know.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

cybercrime
, , ,

BA customers victims of huge data breach with cybercriminals stealing bank card details

Almost 400,000 British Airways customers have had their bank card details stolen in what is reported to be one of the most severe cyber-attacks in UK history.

Worryingly, while the huge data breach started over two weeks ago, it was only detected by the airline on Wednesday night. At that time BA told its customers about the breach and reported the incident to the police.

However, with 12 days between the BA data breach occurring and the incident being detected, questions are now being asked as to whether poor systems have made this cyber-attack worse.

All 380,000 customers who booked flights online or via the BA app during that time using a debit or credit card are affected.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the BA data breach.

What happened in the BA data breach?

Hackers carried out a “sophisticated, malicious criminal attack” on the BA website. BA has confirmed that the personal and financial details of customers making bookings had been compromised. In total, about 380,000 transactions were affected.

Along with the financial info stolen, it appears that the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data or financial information following the BA data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you have been affected by this BA data breach, please contact your bank or credit card provider immediately.

BA has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals.

What has BA done about the data breach?

BA has notified the police and relevant authorities. The National Crime Agency has also been brought in to investigate this case.

The airline has also issued an email to affected customers stating that:

“From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.

 “The breach has been resolved and our website is working normally.

 “We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.

 “We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.

 “Further information can be found at ba.com.”

Is BA offering compensation for the data breach?

British Airways customers have rightly vented their fury at the airline, especially as it long it took them so long to notice that they had been attacked.

Customers have also taken to social media to raise concerns about how secure BA’s IT security processes are. And they are right to do so. Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

The airline has said that compensation claims will be discussed on an ‘individual basis’. However, it is not up to BA to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

What can you do about the BA data breach?

With investigations now underway into the data breach, if BA is found responsible for this appalling data protection failure, the airline will no doubt have to pay a hefty fine. But, while the Information Commissioner’s Office does issue fines, it does not award data breach compensation. At Hayes Connor Solicitors, our data breach solicitors can help you with that.

We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.

In response, we are preparing a group action compensation claim for everyone who has had their data accessed in the BA data breach if it is found that BA have failed to adequately protect that data.

To preserve your ability to claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

data compensation
,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW