, , ,

What information was stolen in the LOQBOX data hack?

The information stolen in the LOQBOX Data Hack includes

  • Customer names
  • Postal addresses
  • Dates of birth
  • Email addresses
  • Phone numbers
  • Two digits of the bank account number used to make payments to LOQBOX
  • Payment card expiry dates.

According to some reports, the first six and last four digits of customer card numbers may also be at risk[1]. This information is very valuable to cybercriminals. For example, the first six digits identify the financial provider. This information is often used in phishing scams (see more on this below).

LOQBOX funds have not been affected by this data breach.

What can cybercriminals do with this data?

LOQBOX states that “this information on its own cannot be used to access your bank accounts or other accounts”. However, the Fintech does acknowledge that this data could be used for phishing scams.

What is phishing?

Phishing is where a fraudster poses as a legitimate organisation, your bank, the police, or someone else you trust to trick you into handing over sensitive information such as usernames and passwords.

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information (to commit identity or financial fraud).

Typical phishing scams include:

  • Where fraudsters contact you posing as your bank to trick you into giving them sensitive financial data
  • Where fraudsters contact you posing as a company (e.g. LOQBOX) and encourage you to hand over sensitive information (e.g. passwords)
  • Where scammers send out an email with a fraudulent link. This email instructs you to click on a link which leads to a fake page that collects more of your sensitive data
  • Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment.

You can find out more about Phishing here.

The full impact of the LOQBOX data hack is not yet known

Phishing scams can lead to your personal and sensitive data getting into the wrong hands. In the worst cases, this can lead to you falling victim to financial fraud and identity theft.

Dealing with hundreds of different types of data breach cases, one thing that has become apparent to our solicitors is that the full impact is often not felt until months after the initial violation.

The impact of a phishing scam can be devastating, and we have seen cases where the financial losses only start to occur three to six months later. This is often because the data stolen is used in batches over time.

What’s more, many clients involved in phishing cases go on to suffer from distress and/or psychological trauma as a result of having their details stolen and used in fraudulent activity.

Speaking about the possible consequences of the LOQBOX data hack, expert data protection solicitor Richard Forrest said: “At this stage, we cannot say with any certainty that the LOXBOX breach will not result in future fraud and financial loss. So, while LOQBOX might want to play this hack down, it must face up to its responsibilities and be held accountable for any data security failures that made the attack possible.”

Are you at risk because of the LOQBOX data hack?

If you are a LOQBOX customer, or if you have been a LOQBOX customer in the past, then you are affected by this cyber-attack. If you are in any way concerned you should contact the LOQBOX dedicated support team at help@loqbox.co.uk.

LOQBOX also works in partnership with a number of banks (e.g. Natwest, TSB and Monzo). Customers from these banks who use LOQBOX may have had their data stolen.

Make a LOQBOX data breach compensation claim

LOQBOX has told customers it is not currently offering compensation for the loss of personal data. Although it did say it was “extremely sorry”.

However, at Hayes Connor Solicitors, we are considering launching a no-win, no-fee group litigation action to help compensate victims of the LOQBOX data hack. We can take on your claim on a no-win, no-fee basis.

To become part of our LOQBOX group action – and receive updates on what is happening in this case – we need you to register with us. This ensures that you will form part of any LOQBOX breach group action compensation claim lodged by us.

Our process is fully compliant with ICO guidance, there is no obligation to proceed, and we never put your details at risk.

Register Now


[1] https://www.theregister.co.uk/2020/03/02/financial_startup_loqbox_data_breach/

, , , ,

You might be involved in the Equifax data breach but not know it

Equifax is the second-largest credit reference agency in the UK. But, in March 2017, a staggering data breach demonstrated how weak the company’s security processes were. This happened when the personal data of hundreds of millions of people was stolen from the credit reporting giant.

Luckily for Equifax, the breach happened pre-GDPR (General Data Protection Regulation). So, while the Information Commissioner’s Office (ICO) did fine Equifax £500,000 for its security failures, this punishment could have been much, much higher.

The fact that the Equifax data breach happened under old data protection laws has proved to be even more fortuitous for the company. Not least because Equifax didn’t have to adhere to newer, more stringent, consumer rights guidelines.

Equifax hasn’t informed everyone that was impacted by the data breach

Two sets of data were hacked. And, following the breach, Equifax wrote to 693,665 customers in the UK to confirm that they had their data stolen. Equifax also wrote to a further 167,431 UK consumers whose landline telephone numbers were already published in the public Phone Book and were accessed as part of the cyberattack. Many people who received this letter have since contacted Hayes Connor to claim Equifax data breach compensation.

But not everyone put at risk by the breach has been informed.

Today, in our post-GDPR world, companies must tell people if their personally identifiable data is involved in a security breach. But, before the GDPR was introduced on 25 May 2018, these businesses were only advised to do so.

Following its investigation into the Equifax data breach, the UK’s data privacy regulator (the ICO), said that millions of people in the UK could be affected by the hack. So, many victims will not have received a letter from Equifax to let them know that their data was put at risk.

Did you use an Equifax security product between 2015 and 2017?

Following investigations into the breach, it has come to light that anyone who used an Equifax security product between 2015 and 2017 could have had their data exposed.

But, if you haven’t had a letter, how can you find out if you were involved?

The good news is that Equifax knows exactly who was impacted by this breach. And it is legally required to tell you if your data was involved. The bad news is that you have to ask Equifax for this information.

Making an Equifax subject access request

In the UK, you have a legal right to find out if and how an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this information. This is called making a subject access request (SAR).  You can make a SAR to find out if your data was involved in a hack or breach.

The ICO has provided a handy template to help you to make a SAR.

However, sometimes, defendants like to swamp people with information in response to SARs. And this can make it very difficult to find the information required in the info supplied.

So, to make sure the process is as straightforward as possible, when you appoint Hayes Connor as your data protection lawyers, we’ll provide the exact wording needed to get the information you require from Equifax – and only this data.

Don’t let Equifax get away with it

There are many failings from Equifax that led to this breach being one of the largest disclosed. It is entirely down to these vast number of failings that the breach is so large and that the attack went undetected for so long.

In the US, a settlement required Equifax to pay $1.4 Billion into a fund to compensate affected consumers. And, if you live in the UK and were impacted by the Equifax data breach, we believe that you should also be compensated.

Register today to join our No-Win, No-Fee Equifax data breach

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that we have all the experience necessary to get the best possible result for you.

We are dealing with all Equifax data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.  What’s more, if your claim is successful, we expect to be paid by the offending party (Equifax). So, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means there are no solicitor’s fees win or lose.

There are strict time limits in place for making Equifax breach compensation claims, so it’s essential to act now.

REGISTER NOW

 

Stark warning that ransomware attacks are the next consequence of the coronavirus outbreak

If people and businesses across the world don’t have enough to worry about, a new report warns that ransomware attacks could be an additional consequence of the coronavirus outbreak. RiskIQ – a world-leading cybersecurity company – made the stark forecast.  

In its latest intelligence brief, RiskIQ states that, as the coronavirus spreads around the globe, it is likely that cybercriminals will leverage global anxiety to execute ransomware attacks.  

The report also highlights how cybercriminals have deployed many of the attack methods being used during previous international health scares. 

What types of ransomware attacks and cyber-scams should we look out for?  

RiskIQ believethat the most likely methods of attack involve phishing campaigns. Phishing scammers use emails, texts, websites, phone calls and social media to access data, computers/networks, or financial accounts. Tricking people into thinking they are responding to a legitimate communication, the ultimate goal is to steal money and/or personal information (to commit identity or financial fraud).  

In particular, RiskIQ turns the spotlight on three identified phishing operations 

AZORult malware

Using AZORult malware – which is a credential and payment card information-stealer – perpetrators have been sending emails with malicious Microsoft Word documents attached. Targets have included companies from a variety of sectors where the coronavirus outbreak could disrupt supply chain operations and revenue streamsIn the past, AZORult has been used to download ransomware as a secondary infection, and RiskIQ expects that cybercriminals will follow the previous pattern. 

Emotet Trojan

Criminals are using phishing scams to spread the Emotet Trojan. This comes in the form of malicious messages that purport to contain information about coronavirus and capitalise on our desire to learn more about the threat. Emotet has been able to disrupt governments and private sectors as well as individuals and organisationsThe Emotet Trojan has also been used previously in conjunction with ransomware 

Phishing links 

Cybercriminals are sending emails that claim the existence of “unreleased cures”. The email urges recipients to click on a link to find out more. Victims are then asked to share personal information to receive the sought-after information. 

Also, some phishing campaigns use fake domains claiming to be from organisations such as the Centre for Disease Control and Prevention (CDC) and the World Health Organisation (WHO). These emails ask people to visit their website and download health and safety documents to help stop the spread of coronavirus. Victims believe the link is taking them to genuine websites, but it redirects them to fake sites where they are asked to verify their username and password. This information is then sent to the attackers. 

further warning from Hayes Connor Solicitors 

The RiskIQ report gives weight to predictions made by Hayes Connor after we raised concerns about a potential increase in data breaches during the coronavirus pandemic. In particular, we are worried about:  

  • An increase in phishing emails and coronavirus scams 
  • How data will be processed and shared at a time when technological innovation – while necessary – is happening at speed 
  • An increase in human error – due to heightened levels of stress and an upsurge in homeworking.  

Talking about the heightened concerns over ransomware, data protection heavyweight and Hayes Connor MD, Kingsley Hayes said:  

“Right now, information has never been more valuable. Not least because those on the frontline need it to track the pandemic, target resources, ensure accurate data, and save lives.  

“However, as the coronavirus situation escalates, we are all feeling more anxious than usual. And it is to be expected that mistakes might increase when people are worried and confused. So, at this time of crisis, now more than ever, both businesses and individuals must deploy stringent data security. Not least because, human error is the greatest cause of data breaches, and, in many cases, malware and ransomware attacks are only possible because companies haven’t educated people about the risks and put the necessary security measures in place.  

“By making robust data security a priority, we can all ensure that criminals don’t have the power to stop our efforts to fight the virus.” 

How to reduce the risk 

The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are aware of the increased risksBecause it only takes one stressed employee to click on a dangerous link to start a devastating chain of events.  

RiskIQ also suggests the following security measures for organisations and business owners: 

  • For information about the coronavirus, visit the WHO’s website. 
  • Only use trusted news sources for additional information 
  • Do not click on links or open attachments in unsolicited email messages 
  • Run up-to-date security software on your computer 
  • Educate users to be on guard for threats, like Emotet, that present emails that appear to be unexpected replies to older email threads, emails that seem out of context, or messages from familiar names but are sent from unfamiliar email addresses 
  • Ensure systems are patched on time. 
  • Update endpoint detection and response and anti-virus solutions deployed
  • Segregate networks to limit the reach of self-propagating malware. 
  • Review privileged access and users to enforce principles of least privilege 
  • Keep up to date on blacklists of malicious IPs and compromised websites. 

For individuals, Hayes Connor has collated some top tips on how to protect yourself from coronavirus scams. This means:  

  • Never clicking the links or attachments in suspicious emails or texts 
  • Only visiting the WHO website or another trusted source for information about the coronavirus, 
  • Never responding to unsolicited messages and calls that ask for your personal or financial details 
  • Understanding that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password 
  • Knowing that a legitimate bank or other business would never ask you to move money to another account for fraud reasons 
  • Not assuming that an email, text or call is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine 
  • Being careful about who you trust. Criminals often try and trick people by telling them that they have been a victim of fraud and scaring them into revealing their security details 
  • Knowing that criminals can make any telephone number appear on your phone handset, so even if you recognise a number, or it seems authentic, it might not be genuine 
  • Not being rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot 
  • Listening to your instincts. If something feels wrong, then it is right to question it 
  • Having the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it 
  • Never hesitating to contact your bank or financial service provider on a number you trust, such as the one listed on their website or the back of your payment card 
  • Being careful when making a purchase from a company or person you don’t know and trust 
  • If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases 
  • Always installing the latest software and app updates to protect your devices from the latest threats. 

You can read the RiskIQ report in full here.  


Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.  

The ICO issues advice on data protection during the coronavirus outbreak

The UK’s data protection regulator – the Information Commissioner’s Office (ICO) – has provided some information on how preventing the spread of the COVID-19 virus interacts with data protection law.

In summary, the regulator has raised the following key points.

Organisations must work together to respond to the pandemic

Data sharing between bodies is regulated by data protection law. And, the ICO recognises that:

“The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater”.

 The regulator provides assurances to those working on the frontline that data protection law does not stop this happening:

“Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.

“The ICO is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency”.

Organisations that require support to share public data while remaining compliant can call the ICO’s helpline on 0303 123 1113. There is also advice for community groups on how to handle the data they need responsibly.

Data innovation will be of crucial importance

The ICO also stated its support of innovative uses of personal data for public benefit. However, this doesn’t mean that data protection laws can or should be flouted. Instead, the ICO said that a “sound understanding of the principles of data protection can encourage innovation, rather than stand in its way”.

At Hayes Connor, we share the ICO’s view. Commenting on how apps and other technology is being used at this time, our managing director and data breach and cybercrime specialist Kingsley Hayes, said:

“Technological innovation during this unprecedented period of crisis may help official health organisations learn more about the coronavirus contributing to the global effort to contain and tackle the disease.

“Caution should be taken however, in relation to how personal information such as gender, age, medical information and location will be stored, processed and shared. At a time of crisis, these and other developments will be introduced quickly and will likely be adopted rapidly by the general public as we all come to terms with significant disruption.

“The organisations behind the apps should be transparent about how the collected confidential data will be used, stored and shared both during the pandemic and after.

“While technological advancements mean that some have been able to respond quickly to the crisis by introducing apps which may prove helpful, protecting confidential data – even in times of crisis – should remain a priority.”

Working from home will be challenging for data protection

The ICO recognises this is a difficult time for many people, and that working from home can bring practical challenges. Again, this is something that Hayes Connor has spoken about over the last week or so.  Commenting on this, Kingsley said:

“Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.”

 To help organisations move to a homeworking model, the ICO’s helpline remains open, and its website continues to provide a wealth of information on topics like cybersecurity for remote working.

Ways of working may have to change

Organisations must educate themselves to ensure data protection. And, the ICO has highlighted a range of helpful resources to help them remain data-safe at this challenging time. This includes:

People might have to answer some sensitive questions

The ICO has created a blog post to explain how organisations may need to handle your information. For example, your employer might ask for details about sensitive health conditions and recent travel. However, they shouldn’t be asking for more information than is necessary, and if you are concerned, you should speak to the organisation involved.

You can read more about this here.

Personal information breaches can be devastating

As organisations navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is paramount.

Not least because, at Hayes Connor, we are already hearing about some serious and worrying data protection failures as a result of the pandemic. And, at a time when coronavirus is already having an impact on mental health, in some cases, the additional worry is proving devastating to victims.


Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

 

, , ,

Another Marriott data breach sees 5.2 million guest records stolen

In 2018, a huge data breach put 339 million Marriott International customers at risk.  And, while you think the hotel giant would have learned its lesson, this doesn’t seem to be the case. In fact, Marriott has confirmed that it has suffered another data breach – this time involving the personal information of 5.2 million guests.

In this breach, hackers obtained the login details of two employees, and broke into a Marriott franchise property system during mid-January.

What do we know about the latest Marriott data breach?

On Tuesday 31st March, Marriott announced that it was notifying some guests of a security incident involving an unspecified system at a franchise hotel. In a statement, the hotel chain said:

“At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.

“Although Marriott’s investigation is ongoing, the company currently has no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers”.

What data was exposed in the breach?

The following information may have been compromised in the hack. Although Marriott states that not all of this information was present for every guest involved:

  • Contact details (e.g. name, mailing address, email address, and phone number)
  • Loyalty account information (e.g. account number and points balance, but not passwords)
  • Additional personal details (e.g. company, gender, and birthday day and month)
  • Partnerships and affiliations (e.g. linked airline loyalty programs and numbers)
  • Preferences (e.g. stay/room preferences and language preference)

Are you affected by the latest Marriott data hack?

Marriott believes that up to 5.2 million guests may have been affected. It will be sending these people an email to confirm their involvement. You might find this email in your spam folder.

Where to get help/further information

Marriott has set up a dedicated website and call centre resource to support victims of the data breach. The website can be accessed here

Marriott customers living in the UK who are concerned about the data breach should call 08003457018. The call centre will be staffed during ordinary business hours in the United States, 8:00am-8:00pm EDT Monday through Friday. Language support will be provided in English and French, and additional translation services will be available upon request.

Was financial information exposed?

Marriott says there is “no reason” to believe payment data was stolen. However, the information that is at risk could be used by cybercriminals to extract additional financial data. For example, fraudsters may pose as a legitimate organisation to trick victims into handing over sensitive information (phishing).

As such, anyone affected by this breach must take additional steps to protect themselves.

  • Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances
  • Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  • Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  • Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  • Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  • Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. This also applies to any contact claiming to be from Marriott
  • Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  • If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  • If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you could register with the Cifas protective registration service. You should also change your passwords and make sure your devices are protected by up-to-date internet security software
  • Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Can you claim compensation following the Marriott data breach?

Yes. If an organisation breaches the Data Protection Act you have a right to claim compensation. Marriot carries cyber insurance, and the company says that it is working with its insurers to assess coverage. However, while it also says that it does not currently believe that its total costs related to this incident will be significant, it is far too early to say.

The impact of a data breach can be both long-lasting and significant. A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Furthermore, many victims go on to suffer from stress, anxiety and distress. And, according to Victim Support, the effects of crime can last for a long time.

To make matters worse, this isn’t the first time Marriott has been responsible for failing to protect its customers. Last year, the Information Commissioner’s Office (ICO) announced plans to fine the hotel group £99.2million for failing to secure its systems. And the regulator is unlikely to look favourably on a further breach.

Why choose Hayes Connor Solicitors?

At Hayes Connor Solicitors, we have the expertise to investigate the impact of such breaches. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that we have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

REGISTER NOW

, ,

How to keep safe after the 118118 Money data breach

This week, many people contacted our data protection solicitors, concerned about how the 118118 Money data breach might affect them. This comes after 118118 Money informed customers about a security incident at the company.

In an email headed “Important information about your account”, 118118 Money confirmed that:

  • On Friday 20th March, illegal access to the network which includes 118118Money.com was discovered
  • The data obtained was call recordings. So, people who had called the 118118 Money customer service line could be affected
  • The customer service calls were accessed by the criminals responsible for the cyber attack
  • The data compromised could include names, addresses and dates of birth
  • Other personal information discussed in calls might also be at risk.

If you are a 118118 Money customer, you might find this email in your spam folder. It is also important to note that, while the breach was discovered on 20th March, it is not yet clear how long the hackers had access to the network before then.

Is financial data at risk after the 118118 Money data breach

While 118118 Money does not mention financial details, we have spoken to people who have confirmed that they did share their bank account info with the company over the phone. So, it is very likely that this sensitive information is in some recordings.

118118 Money states that it believes that there is a “low risk of your data being used fraudulently”. And that, “since the data is held in the form of call recordings, it would be extremely time-consuming for anyone to attempt systematically to extract or copy your personal information”.

However, there is absolutely no way of knowing this. And, sophisticated technology does exist to help cybercriminals extract specific pieces of data from conversations. So, anyone impacted by this breach is right to be worried.

One customer we have spoken to said that there was cash taken out of her credit card account around the time of the breach.

Protect yourself from cybercriminals after the data breach

To help protect customers, 118118 Money is offering complimentary access to the Experian ‘Identity Plus’ fraud monitoring service for the next 12 months. But, while we would recommend using such a service, we would advise customers to check the small print to make sure that, by accepting this offer, they do not sign away their rights to make a compensation claim.

Customers are also being warned that:

“Fraudsters may claim to be 118118 Money and attempt to contact you over phone or email. This is known as “phishing”.Please be aware that we will never call or email you to request your financial information. You should report any such requests to Action Fraud, the UK’s national fraud and cybercrime reporting centre on 0300 123 2040.”

In addition, at Hayes Connor, our data protection experts recommend that anyone affected by this breach follows these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.

  1. Contact your bank or credit card provider for advice on what to do. They will advise if any additional security measures should be implemented to protect your finances. This may include organising a replacement bank card
  2. Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  3. Keep an eye on your credit score for any unexpected dips and contact all the major credit reference agencies to ensure credit isn’t taken out in your name
  4. Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  5. Rollover hypertext links (without clicking them), to see if the actual URL differs from the one displayed. You should also hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  6. Always question uninvited approaches (calls, emails, texts, letters, etc.) that ask you for further information in case it’s a scam. Don’t assume a communication is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  7. Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud reasons
  8. If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  9. Change your passwords and make sure your devices are protected by up-to-date internet security software
  10. Be aware of common phishing techniques. For example, as well as those outlined above, if you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. And do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.

If you are in any doubt, DO NOT click on any links, open any attachments or provide any information. Instead, you should go to the organisation’s website directly (not via the link provided in the communication) and contact them to make sure the email is legitimate.

Can you claim compensation for the 118118 Money data breach?

Since the breach, 118118 Money has been liaising with the relevant regulators and authorities (as it is legally obligated to do). At Hayes Connor Solicitors, we are watching this case with interest, and, if 118118 Money has failed to protect its customers, we will launch a no-win, no-fee action.

You do not need to have suffered any financial loss to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. So, should personal data be found to be compromised, customers can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

Why should you choose Hayes Connor as your solicitors?

At Hayes Connor Solicitors, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. So, we are confident that our team has all the experience and know-how necessary to get the best possible result for you.

We also help steer you through the aftermath of a data breach – minimising the impact on you as much as possible. Our process is fully compliant with ICO guidance, and we never put your details at risk.

To become part of any future action against 118118 Money, we need you to register with us. There are no costs to do this and no obligation to proceed.

REGISTER HERE

 

 

, ,

Your personal information is at risk during the coronavirus pandemic

Hayes Connor has raised concerns about a potential increase in data breaches during the coronavirus pandemic. Primarily, our expert data breach solicitors believe that personal information is at risk in four different ways.

An increase in phishing emails and coronavirus scams

Hayes Connor has warned people to be on their guard in case of coronavirus scams and phishing messages. Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Find out more about this, and how to protect yourself from coronavirus scams here.

An increase in coronavirus apps

As the UK enters a period of full lockdown, a number of Covid-19 apps have been launched, one promises to check users’ symptoms remotely and to provide the latest guidance, while another seeks to help researchers identify hotspots and non-typical symptoms.

This follows similar apps being launched in other countries including Taiwan which is utilising technology during the global pandemic to monitor quarantined users’ movements, alerting the police if they leave their homes.

Talking about this, Kingsley Hayes, our managing director and data protection expert, said:

“Technological innovation during this unprecedented period of crisis may help official health organisations learn more about the coronavirus contributing to the global effort to contain and tackle the disease.

 “Caution should be taken by users however, in relation to how personal information such as gender, age, medical information and location will be stored, processed and shared. At a time of crisis, these and other developments will be introduced quickly and will likely be adopted rapidly by the general public as we all come to terms with significant disruption.

 “The organisations behind the apps should be transparent about how the collected confidential data will be used, stored and shared both during the pandemic and after.

 “While technological advancements mean that some have been able to respond quickly to the crisis by introducing apps which may prove helpful, protecting confidential data – even in times of crisis – should remain a priority.”

An increase in human error – the leading cause of data breaches

As the coronavirus situation escalates, we are all feeling more anxious than usual. Human error is the greatest cause of data breaches at the best of times, so it is to be expected that such instances might increase when people are worried and confused.

For example, when sending out an email to residents to inform them of changes to services during the coronavirus outbreak, Watford Community Housing Trust inadvertently leaked the personal details of 3,545 tenants. It did this by attaching a spreadsheet containing their highly sensitive and personal data. Watford Community Housing has apologised unreservedly for this breach, but had it implemented some simple security measures (e.g. password controls/encryption on sensitive data), any damage could have been alleviated.

So, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place.

An increase in data breaches due to homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Kingsley Hayes said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far-reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

What to do if you are the victim of a personal information breach

If you want to claim compensation following a data breach, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have.

We also understand that making a compensation claim can be stressful; especially where sensitive information is already breached. So, we remove the jargon and make sure you always know what’s happening with your case.

The UK’s leading data breach law firm, we may be able to act for you on a NO WIN, NO FEE basis – so you have nothing to lose.

Register to tell us about how a data breach has affected you. Or contact us on 0330 041 5131*.

*Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

, ,

Hayes Connor moves forward with LOQBOX data breach group action

Hayes Connor Solicitors is pressing forward with its group action case against LOQBOX. This comes after LOQBOX contacted customers to let them know that the company had been hacked. As a result of the LOQBOX data breach, sensitive personal information may have been compromised – including financial data in some circumstances.

Issuing LOQBOX with an Early Notice of Claim, Hayes Connor hopes to enter into negotiations with the company, and settle its client’s claims without them having to go to court.

LOQBOX data breach group action

Talking about the LOQBOX data breach group action, data protection expert and managing director at Hayes Connor Solicitors, Kingsley Hayes said:

“We have submitted the initial paperwork in our action against LOQBOX. This means issuing LOQBOX with an Early Notice of Claim on behalf of the many claimants who have registered with Hayes Connor in this case.

 “While LOQBOX made it clear that a personal data breach took place, customers have been left with no more than the barest of information as to the true circumstances surrounding the loss of their data. And no sense of how this breach was allowed to happen and what has actually been done as a result.

 “As a result, as well as letting LOQBOX know that we plan to start proceedings against the company, our letter also requests that LOQBOX provide us with evidence to establish how this breach was able to happen and an explanation of the response.

 “The bottom line is that we are very serious about getting our clients the compensation they deserve.”

What will happen next?

Many defendants take an Early Notice of Claim very seriously. So, we hope that LOQBOX responds to our request to enter discussions and provides the details we have asked for. Regardless, LOQBOX’s response will dictate our next steps. We are fully prepared to take this matter further, and to litigation if needs be.

It’s not too late to join our LOQBOX data breach group action

A data breach is a serious failure, so if your personal information was involved in this violation, you might be able to make a LOQBOX compensation claim.

To become part of our LOQBOX group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

We can take on your claim on a no-win, no-fee basis.

Why choose Hayes Connor for your LOQBOX data breach claim?

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years.

We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

Crucially, at Hayes Connor, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most.

In addition to our data protection solicitors, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve. We have all the experience and know-how necessary to get the best possible result for you.

Our process is fully compliant with ICO guidance, and we never put your details at risk.

If you wish to be part of our LOQBOX data breach, please register using the link below. You will then be contacted by our office to advise of the next steps. There are no costs to join our group action and no obligation to proceed.

REGISTER

, ,

Are you worried about the Watford Community Housing Trust data breach?

Watford Community Housing Trust has inadvertently leaked the personal details of 3,545 tenants. The violation happened when the Trust sent out an email to residents, informing them of changes to services during the coronavirus outbreak and the closure of its offices on Clarendon Road. At Hayes Connor, we have been contacted by many Watford Community Housing Trust residents, all of who are worried about the increased risk, and some of who are vulnerable and now living in fear.

What details were breached by Watford Community Housing?

Attached to the email was a spreadsheet containing the personal information of thousands of tenants. This included addresses, contact details, gender and sexual orientation. It is believed that everyone who received the email, also received the spreadsheet.

While Watford Community Housing Trust had hoped to reassure residents, the data breach has only led to more anxiety at this already difficult time.

The impact of the Watford Community Housing Trust data breach is devastating for many people

There are already calls for all 3,545 tenants to be compensated for the breach.

Speaking to the Watford Observer, one of the individuals affected said: “There’s vulnerable people out there, the information being leaked has put so many tenants in life changing and life-threatening situations. This is not appropriate. Therefore, an apology isn’t enough – everyone should be compensated.”

Another was reported to feel “horrible” that her sexuality was shared with thousands of people.

There were also concerns that home addresses were now publicly available, perhaps to people that some of those affected were trying to avoid.

Coronavirus and data breaches

Hayes Connor has already raised concerns about a potential increase in data breaches during the coronavirus pandemic. We believe that these could occur in several different ways. For example:

An increase in phishing emails and coronavirus scams

Hayes Connor has warned people to be on their guard in case of coronavirus scams and phishing messages. Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Find out more about this here.

An increase in data breaches due to homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Talking about this, Kingsley Hayes, our managing director and data protection expert, said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far-reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

 An increase in human error

As the coronavirus situation escalates, we are all feeling more anxious than usual. Human error is the greatest cause of data breaches at the best of times, so it is to be expected that such instances might increase when people are worried and confused.

However, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place.

Watford Community Housing might “apologise unreservedly for this breach”, but had it implemented some simple security measures (e.g. password controls/encryption on sensitive data), any damage could have been alleviated.

What can you do about the Watford Community Housing Trust data breach?

According to Watford Community Housing, anyone with concerns should email CustomerRelationsTeam@wcht.org.uk in the first instance.

However, with many tenants left upset, angry and even scared, many are seeking compensation and have turned to Hayes Connor for help.

If you are concerned about this breach, our professional, friendly team will be pleased to answer any questions you might have.

We also understand that making a compensation claim can be stressful; especially where sensitive information is already breached. So, we remove the jargon and make sure you always know what’s happening with your case.

The UK’s leading data breach law firm, we may be able to act for you on a NO WIN, NO FEE basis – so you have nothing to lose.

Register to tell us about how the Watford Community Housing Trust data breach has affected you. Or contact us on 0151 363 5895*.


*Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

 

, ,

Hayes Connor warns of coronavirus scams

Following warnings from the police that “individuals may be taking advantage of the vulnerable by posing as door-to-door coronavirus testers in order to gain access to people’s properties”, Hayes Connor has also warned people to be on their guard in case of coronavirus scams and phishing emails.

Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Types of coronavirus scams

In a recent blog post, Action Fraud listed the types of scams it has been seeing in relation to COVID-19. They include:

  • Online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived
  • Phishing emails purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area. To access this information the victim needs to either click on a link which redirects them to a credential-stealing page, or make a donation of support in the form of a payment into a Bitcoin account
  • Phishing emails from fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates
  • Phishing emails from fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn. For example, emails entitled “the positive impact on staying home (Corona-virus), make thousands a day trading Bitcoin”
  • Phishing emails from fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details.

In total, Action Fraud has received over 200 reports of coronavirus-themed phishing emails.

How to protect yourself from coronavirus scams

As we all try to navigate this difficult time, it’s essential that individuals remain vigilant to protect themselves from coronavirus scammers. This means:

  • Never clicking the links or attachments in suspicious emails or texts
  • Never responding to unsolicited messages and calls that ask for your personal or financial details
  • Understanding that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Knowing that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  • Not assuming that an email, text or call is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Being careful about who you trust. Criminals often try and trick people by telling them that they have been a victim of fraud and scaring them into revealing their security details
  • Knowing that criminals can make any telephone number appear on your phone handset, so even if you recognise a number, or it seems authentic, it might not be genuine
  • Not being rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Listening to your instincts. If something feels wrong, then it is right to question it
  • Having the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
  • Never hesitating to contact your bank or financial service provider on a number you trust, such as the one listed on their website or the back of your payment card
  • Being careful when making a purchase from a company or person you don’t know and trust
  • If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases
  • Always installing the latest software and app updates to protect your devices from the latest threats.

Reducing the risk of data breaches while homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Recognising the increased risks around data protection for employees working outside the office environment and implementing simple measures to mitigate the risk of a data breach is essential.

Kingsley Hayes, managing director at Hayes Connor Solicitors and data breach expert said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

For more advice on how to keep your data safe, follow Hayes Connor on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.