Hayes Connor shortlisted for two Modern Law Awards

Modern Law Awards 2019

We are delighted to announce that Hayes Connor Solicitors, (part of the Forster Dean Solicitors group of companies) has been shortlisted for two Modern Law Awards.

Now in their sixth year, the Eclipse Proclaim Modern Law Awards were launched to celebrate and identify sparkling talent and success in entrepreneurship, market development, business management and best practice in the modern legal services arena. The event organisers were overwhelmed with nominations this year, receiving more submissions than ever, so it is a significant achievement to be shortlisted.

Hayes Connor has been shortlisted in two categories in the 2019 awards: Boutique Law Firm of the Year and Marketing and Communication Strategy of the Year.

Commenting on the accomplishment, Kingsley Hayes, managing director at Hayes Connor said: “Through an almost entirely online approach,Hayes Connor Solicitors has fast become one of the most recognised names in the sector when it comes to helping clients to get the support they deserve following data protection breaches, cybercrime, and other online offences.

“Indeed, over the past 12 months, we have marketed, assessed and processed all our work to a successful conclusion; establishing ourselves as a major player in this developing and niche area of law.

 “As consumers, we all want a fast, efficient, no-nonsense service. And this is just as true when it comes to technically complex legal services. So this is precisely what we deliver to our clients; using new technologies as we strive to ensure continued innovation.

“We have also established our position as a thought-leader, using content to provide value to claimants. We have invested heavily in client education to demonstrate our expertise in this area. The ability to provide clear and concise information about our clients’ rights is key. The nature of the work undertaken is complex and sensitive; so consumers need to understand exactly what redress they can seek.

“While our core strategy is to inform and educate consumers on their rights, this also allows us to market our services across multiple online platforms. We are one of the very few established and well-known law firms that adopt this methodology.

“We are also working with Victim Support to help those affected by cybercrime and data breaches. The partnership sees us provide the charity with regular expertise and advice on its legal content. Together we also create resources that raise awareness of the growing threat of cybercrime and data breaches. We believe that this helps us to exceed the expectations of client care and professionalism, as ultimately, the more people are aware of the risk, the better protected everyone will be.

“Ultimately, we believe that our approach will ensure long-term business success for us, while supporting those we serve, and we are thrilled that we are being recognised for our achievements.”

The award ceremony, which showcases and sets the benchmarks for best practice in the ever diverse, challenging and exciting legal landscape takes place on Thursday 31st January in Manchester.

Starwood Guest Reservation Database Security Incident – have you had this email?

UK customers affected by the Starwood Hotels & Resorts data breach are now receiving an email from Marriott International (which owns the hotel group).

The Starwood brands affected by the data breach include W Hotels, St. Regis,Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels,Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels& Resorts, Four Points by Sheraton and Design Hotels. Starwood branded time share properties are also affected.

The email confirms that:

“On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred.

“Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

“Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.

“Marriott reported this incident to law enforcement and continues to support their investigation. The company is also notifying regulatory authorities.

“Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

The email also sets out some steps that Marriott has taken since discovering the breach. These include:

  • Establishing a dedicated call centre to answer questions you may have about this incident. The call centre is open seven days a week, and is available in multiple languages
  • Sending emails on a rolling basis to affected guests whose email addresses are in the Starwood guest reservation database  
  • Providing guests with the opportunity to enrol in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found.       

Marriott has also provided some additional security steps victims of the breach cantake. This includes:

  • Monitoring your SPG account for any suspicious activity
  • Changing your password regularly
  • Not using easily guessed passwords
  • Not using the same password for multiple accounts
  • Reviewing your payment card account statements for unauthorised activity
  • Immediately reporting any unauthorised activity to the bank that issued your card.
  • Being vigilant against third parties attempting to gather information by deception (“phishing”), including through links to fake websites
  • Contacting the relevant authorities if you believe you are the victim of identity theft or your personal data has been misused.

In the UK, Action Fraud is the national fraud reporting service, and is the starting point for any police investigation into your loss. UK residents should also in form the Information Commissioner’s Office (ICO).

Committed to helping victims of data breaches and cybercrime, Hayes Connor Solicitors can also help you to claim compensation following the Starwood Hotels & Resorts data breach. And we can do this on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

If you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here. 

TAKE ACTION NOW!

hayes connor solicitors
,

Claiming compensation for distress following a data breach

At Hayes Connor Solicitors, we have launched compensation claims against a number of high-profile companies that have failed to keep your personal data safe. We believe that these companies must be held to account for their failure to protect your information.

The General Data Protection Regulation (GDPR) places strict obligations on businesses to keep our data safe. And you could be entitled to compensation if an organisation fails to meet these. But did you know that you can also claim for GDPR distress as well as financial losses?

What the law says

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure. However, in order to be entitled to compensation for GDPR distress you must show that you have suffered emotionally because of the breach.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private letters you would be distressed. So why should you feel any less upset at having your online data taken; particularly when these companies gave the burglar the keys?

Why shouldn’t you seek compensation for a failure to look after your information correctly?

The emotional impact of data breaches

Some people would have us believe that claiming for GDPR distress is an overreaction. That your physiological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information stolen.

But according to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

The sheer scale of the information we share online is enough to leave victims open to the threat of fraud. For example, with enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

So we should all be very worried about what could happen if our data gets into the wrong hands.

What’s more, being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to “get over it” isn’t helpful.

Crucially, the law understands the damage that can be caused by worry and upset. So you are 100% within your rights to make a compensation claim.

Claiming for GDPR distress following a data breach

At Hayes Connor Solicitors, we are committed to helping those affected by data breaches and cybercrime. And, we believe that the best way to make big companies pay for their failures is to use an expert lawyer to make a data breach compensation claim.

In addition, we also work with, and refer our clients to, other organisations and partners such as Victim Support. The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents, last year Victim Support offered help to nearly a million victims of crime across the UK.

If you need assistance after a data breach, there are many resources on the Victim Support website to help you cope.

Don’t let them get away with it!

Something has to be done to make companies accountable for not looking after our information correctly. Claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

If you want more help or advice about making a claim then contact us today

personal data
,

High street stores and personal data: know your rights

Most of have been there. We’re in a shop, just about to pay for our purchases, or sort a refund, when the assistant asks for “a few details”; usually our full name, our home address, and our email. Even if we’re only buying a pair of shoes, or returning a scented candle, many of us will hand over this information without understanding why it is needed.

 For some, it’s about not making a scene. The assistant is friendly, and they appear to be in no doubt as to why they are asking for our personal information. Also, there’s often a growing queue of people who aren’t going to be happy with a customer kicking up a fuss and holding up the line. So, what should you do?

What should you do if a store asks for your personal information?

 Put simply; the shop doesn’t NEED your details. Even television retailers, who previously had to request these to send to TV Licensing when they sold or rented out equipment, no longer require this info from you.

And with stringent data protection laws now in place following the introduction of the General Data Protection Regulation (GDPR), you are entirely within your rights not to hand this over.

 Do shops need personal data for a refund?

 If you’ve challenged why the shop needs this information, you might have been met with a vague response; “to process the return”, “for our records”…that sort of thing. However, we all have a statutory right to return faulty goods and, should you wish to change your mind about a purchase you simply need to do two things:

  • Keep hold of the receipt
  • Check out the shop’s returns policy before you buy.

Unless the return policy states explicitly that you have to hand over this information (and most of them don’t), then they cannot force you to. If the policy does state that it needs your personal information, you should still query why with a manager as this is not a legal obligation.

 Why do retailers want this information?

 Stores use your details for different purposes, most often for security, for marketing, and to improve the customer experience. You might like the shop retaining information about your shopping habits to help improve their service to you. For example, if you buy a particular shade of lipstick but can never remember the name, with access to the right info the shop assistant can find out that your preferred shade is ‘Frosted Pink.’ Also, most of us like it when we are offered discounts on our favourite buys.

 That’s fine. It’s your choice. But even if you are happy with this, to protect your sensitive information, you should still care about how your personal details are stored.

What are retailers allowed to do with your information?

Any personal data we provide (e.g. email addresses collected at the point of sale) is protected by UK data protection regulations. This means that it must be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”

For example, if an email address is given so that you can receive an e-receipt, then your data can only be used for this specific purpose. There is no issue with a shop offering an e-receipt, but if your email address is then used to send you marketing emails without your consent they might also be breaching electronic marketing rules. You also do not have to give your email details to a retailer, and you can ask to receive your receipt in the normal way.

If a shop does want your data to market to you, then they must make it clear that this is why they are asking for your information, and you have to give your consent before they can do this.

How is your data protected?

 With more and more shops using computers to store and process personal information, The Data Protection Act (the UK’s interpretation of the GDPR) sets out how it can be used; and how it can’t. The basic things you need to know is that:

  • Your personal data should be processed fairly and lawfully
  • It must be obtained only for a specified reason and can’t be handled in a way that is incompatible with that purpose
  • The information held must be adequate, relevant and not excessive when compared with the purpose for which it is to be used
  • It must be accurate and, where necessary, kept up to date
  • It must not be kept for longer than is necessary for the intended purpose
  • It must be processed in accordance with the Data Protection Act. This means that it must be kept safe and secure, and that appropriate measures will be taken against unauthorised or unlawful processing of this information, as well as against accidental loss, destruction, or damage. So, businesses must keep the information backed up and away from any unauthorised access
  • No company can sell or give away your information without your explicit consent.

 You can find out more about these principles on the Information Commissioner’s Office (ICO) website.

 What should you do if asked to hand over your details?

 In most cases, we trust these retailers. Why wouldn’t we? They are high street shops, with familiar names, big shiny signs above their windows and friendly authoritative staff. So, it can be easy to assume that they wouldn’t ask us for our address if they weren’t allowed to do so. We also trust them to hold our information safely once given.

 However, in 2018, high street chemist Superdrug was held to ransom by hackers. The cybercriminals contacted Superdrug claiming to have accessed the details of 20,000 customers.

The compromised data included names, addresses, dates of birth, phone numbers, and point balances. And, while no bank or payment card details were believed to have been accessed, the information stolen is already enough to cause severe distress to those affected. And this is just one example of a high street retailer being hit by a data breach.

Today’s cybercriminals don’t just care about our financial details. They can also cause havoc with our personally identifiable information. In fact, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

So, should you hand over your details? Well, as with most things, you have a choice. A choice to ask questions, and a choice to exercise your own free will based on the answers that are provided to you.

While we have previously been content to hand out our personal information, with a huge jump in cyber fraud, it’s perhaps no wonder that consumer confidence is now lacking, and that data breach claims are on the rise.

Can you make a data breach compensation claim?

 When a breach happens, it’s vital that the Information Commissioners Office (ICO) investigates. If the company is found responsible, the ICO will then issue a fine.

However, such fines are little compensation for victims who have suffered financial loss and/or stress due to an organisation’s negligence. So, while the ICO does not award data breach compensation, our data breach solicitors can help you with that.

At Hayes Connor Solicitors, we’ve been helping people to get the compensation they deserve for over 50 years, so we know what it takes to make a successful data breach claim.

Data breaches often have severe consequences for those affected, and you could be entitled to thousands of pounds in compensation depending on your circumstances. And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

,

What should you do immediately after a data breach?

In today’s digital world, your personal data is a valuable commodity. However, all too often negligent business processes, human error and cybercrime mean this sensitive data isn’t as protected as it should be. With warnings that consumer trust is “becoming more fragile” following a spate of high-profile data breaches, if you have been the victim of a breach or cyber-attack it is important that you know how to react.

Steps to follow after a data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. You should also:

  • Inform the Information Commissioner’s Office (ICO) about your concerns. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  • Read our handy step-by-step guide to making a data breach claim
  • If you are worried that your banking details have been exposed, contact your bank immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.
  • If you are offered any form of compensation or free services from the organisation that put your data at risk it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  • Contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Can you claim compensation if you didn’t lose any money?

In short, yes. Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

Organisations have a duty to protect your sensitive data. And letting other people access this is a complete failure of this responsibility. So, why shouldn’t you seek compensation for this inability to look after your information correctly if it has caused you distress?

If you want to find out more about claiming for a data breach you can contact us here

data protection breach
,

My personal information has been lost after a data breach, what are my rights?

With the number of data breaches and cyber-attacks on the rise, it is essential that you understand your rights. So what do you need to know?

What type of information do organisations hold about me?

Modern organisations hold a tremendous amount of information about us. This could include data such as:

  • your name
  • your address
  • your date of birth
  • your email address
  • your telephone numbers
  • your credit card details
  • your bank details
  • your password(s)
  • your medical records
  • your religion
  • your political allegiances
  • and more.

 Of course, it’s easy to figure out what could go wrong if our financial information gets into the wrong hands. But it’s more complicated than that.

The UK’s data protection laws safeguard your personally identifiable information (PII). PII includes any data that can be used to identify a specific individual; either on its own, or in conjunction with other information an organisation has about us.

If PII gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

 What is a data breach?

 A personal data breach occurs when personal information, protected under the law, is destroyed, lost, altered, disclosed or accessed due to a security incident.

It doesn’t matter if this happens accidentally or deliberately. If the confidentiality, integrity or availability of your personal data has been put at risk, then a data breach has occurred.

 If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. The Data Protection Act is the UK’s interpretation of the General Data Protection Regulation (GDPR).

Some of the most common types of data protection breaches include:

  • Where your data has been inadvertently lost, hacked or leaked
  • Where your identity has been stolen to obtain credit cards fraudulently
  • Where your personal data has been sent to someone else without your express permission
  • Where your personal information has been misused or mishandled
  • Where an organisation failed to maintain up-to-date, accurate information about you and this caused you damage.

What is the difference between a data breach and a data hack?

The terms “breach” and “hack” are often used interchangeably. But there are some differences.

  • A data breach refers to any situation where data has been put at risk. A data breach can occur because of hackers and other cybercriminals, or by human error, negligence and poor security processes
  • A data hack is caused by people with malicious intent who break into a company’s systems to steal information.

Hackers do not cause the majority of data infringements, but in each of these instances, data can be exposed and put at risk. As such, identity theft often occurs after a data breach as well as a data hack.

How does an organisation have to respond to a data breach?

There are strict procedures that an organisation must follow if it experiences a data breach that could put your personal data (and therefore you) at risk. This includes informing the regulators that a data violation has occurred and letting you know without undue delay.

Should this happen, you should be told:

  • What has happened
  • The likely consequences
  • What they are doing to respond to the breach and minimise the risk to you
  • Who you can contact for more information.

What to do following a data breach

 If you have been told your data is at risk following a data breach, you should:

  • Contact your bank or card provider if your financial details have been compromised. If you’re not happy with the way your bank deals with your complaint, you can refer it to the Financial Ombudsman Service (FOS)
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.

If you find that you have become the victim of cybercriminals following a data breach, you should contact Action Fraud as soon as possible.

Make a compensation claim for damage and distress

To claim compensation, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm, as well as anguish and anxiety. In many cases, a violation will not cause damage but will cause distress.

While some people would have us believe that claiming for distress is an overreaction, the law doesn’t agree with them.

Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

Organisations have a duty to protect your sensitive data. And letting other people access our bank accounts is a complete failure of this responsibility. So, why shouldn’t you seek compensation for this inability to look after your information correctly if it has caused you distress?

Until recently, a person who suffered damage might have had their compensation increased to take into account any associated distress, but in most cases, compensation would not have been awarded for distress alone. However, a recent ruling has paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

To start a compensation claim

  1. Inform the Information Commissioner’s Office (ICO) about your concerns. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  2. Read our handy step-by-step guide to making a data breach claim
  3. If you are offered any form of compensation or free services for not being able to access your funds it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date

Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim

data breach appeal
, ,

Morrisons loses data breach appeal

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

The Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

 

Where Next

Over the last 18 months, we have seen numerous examples of significant personal data loss. Many of these violations have been able to occur due to weaknesses contained in companies’ IT software.

As the trend towards a cashless society accelerates, this will only continue as retailers and other businesses seek quicker and slicker interfaces with their consumers. Both at the point of sale and throughout their customer journey.

In the case of Morrisons, significant steps were taken to protect data, but those steps failed. In this instance, the data was lost at the hands of an employee turned hacker. However, data is also at threat simply due to careless employees going about their day-to-day business.

The latest ruling is the tip of a very large iceberg. Mass data breach actions are also being made against Ticketmaster and British Airways among others. Such actions, when properly prepared and investigated, will have significant financial consequences in terms of damages and costs.

Data breaches on a large scale are a real and pressing threat. In response, the clear and overwhelming view of the Court of Appeal is that such events must be foreseen by companies, and insured against.

The reaction of the insurers to such events, their provision of cyber cover and premium costs is now under the spotlight. Indeed, we predict a situation where the volume of exclusions to policies will increase.

Companies must now protect themselves better from data loss. But they also need to be extremely vigilant as to the activities and errors of their employees to be afforded the cover they pay for, or think they pay for.

 

If you have been affected by this or any other data breach then you can get in touch with our experts today

data breach solicitors
,

Morrisons loses data breach challenge

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

 

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

Today, the Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

Why is this case so important?

In 2015 – in the first group litigation of its kind in the UK – over 5,000 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

In December 2017, despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was liable for its omissions such as not ensuring the proper security measures to protect the data.

The judge in the original case also ruled that Morrisons was “vicariously liable” for the employee’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

The decision to hold Morrisons vicariously liable is important, as it gives victims more opportunities to seek compensation (companies are more likely to be insured against such liability than employees).

The case also paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

 

Morrisons has now said that it will now appeal to the Supreme Court. If that appeal fails, those affected will be able to claim compensation for “upset and distress”.

The latest decision is good news for people who want to hold businesses to account for a failure to protect personal and sensitive data.

The judgement has been referred to as a “wake-up call for businesses” and Morrisons could now face a hefty compensation bill.

 

cybercrime claims
,

UK banking customers at risk as scammers steal half-a-billion pounds

According to the latest figures, over £500m was stolen from British banking customers in the first half of 2018.

What’s more, a whopping £145m of that was due to authorised push payment (APP) scams. A push payment scam happens when a cybercriminal tricks someone into sending them money online.

Purchase scams, where people are tricked into paying for products or services that do not exist, were the most common form of APP fraud reported in the first half of 2018.

There were also 3,866 cases of impersonation scams reported. This is where cybercriminals pretended to be from a trusted body (e.g. a bank or the police) to trick account holders into transferring money.

During the same period in 2017, push payment scams saw £101m stolen from UK banking customers. This year’s £44m increase is thought to be partly down to more banks reporting data.

Another £358m has been lost to unauthorised fraud. This includes transactions made without account holders’ knowledge.

How to protect yourself from push-payment fraud

UK Finance, the body behind the latest report offers the following advice:

  • Never disclose security details, such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret.

However, according to a spokesperson from consumer group Which? the banks’ efforts to tackle fraud has been “woefully insufficient”. He said: “They have not done enough to protect their customers, who continue to lose life-changing sums of money to ever-more sophisticated crooks”.

Can victims of bank fraud get their money back?

While unauthorised fraud victims are usually refunded by their banks, until now, most victims of push-payment scams do not get their money back.

However, the industry has recently introduced new safeguards to help victims of push payment scams to secure compensation as well as a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

This means that victims of push payment fraud can be confident that any claim for reimbursement will be given fairer and quicker consideration.

In fact, your bank can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness.

Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation. Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

Get legal help making a cybercrime claim

If you want to claim compensation following a push payment (or any other form of cyber-scam or bank fraud), Hayes Connor can help.

Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making a cybercrime claim, it’s essential to act now.

START YOUR CYBERCRIME CLAIM TODAY

data breach compensation
,

Hayes Connor Solicitors launches group action following Equifax data hack investigation

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation.

Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

What happened in this case?

The fine follows a 2017 cybersecurity incident which led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent. Following the data breach, it was revealed that Equifax’s failure to patch a server flaw resulted in hackers potentially stealing 143 million US citizens’ data, and the personal details of up to 15 million Brits. This sensitive information included email addresses, passwords, driving license numbers and phone numbers.

Furthermore, while Equifax originally said that no UK passwords or financial information were stolen in the hack, it has since admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

The ICO investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

Information commissioner Elizabeth Denham said Equifax showed a “serious disregard” for its customers and their personal information.

Why should you join the Equifax group action?

The sheer scale of the Equifax data breach means that millions of people across the UK are now at an increased risk of theft and identity fraud. So we welcome the news that the ICO is holding Equifax to account.

However, while fines are an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

What can you claim compensation for?

Many Equifax customers have had their financial information stolen, and that can be devastating if it gets used by cybercriminals to carry out fraud or theft. But, in addition to this, much of the data stolen from Equifax is considered to be personally identifiable information. This means that the data can be used to identify a specific individual, and be manipulated to undertake identity fraud.

We should all be very worried about what could happen if our personal data gets into the wrong hands. With enough information, cybercriminals can steal our identities, apply for credit in our name, set up fraudulent bank accounts and access our existing accounts. So, it is understandable that victims would want to seek compensation for Equifax’s failure to look after their information correctly, and the best way to do this is through a group action case.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

What is a group action?

A group action allows people with the same type of claim to bring it together on a collective basis. Doing this strengthens their overall position and increases their chances of settlement or success at Court. What’s more, with a group action, claimants often share the legal fees. So, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

How to join the Equifax group action

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by our firm. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is also providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if someone is awarded £1,500, they will get all of the compensation. There are no solicitor’s fees win or lose.

If you have been affected and want to join the group action, you can register your details here.