data breach
,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW

data breach
,

Serious data breach uncovered at Reddit

Social news aggregation, web content rating and discussion website Reddit, has revealed that it was the victim of a data hack. In this case, a cybercriminal broke into some of Reddit’s systems and accessed user data.

Many people use Reddit to post highly personal anonymous stories. In fact, the platform prides itself on providing a safe space for people to say whatever they want, without their messages being linked to their real identities.

But if usernames can be connected to emails following this breach, the identities of ‘Redditors’ could be revealed. And the consequences for these people could be devastating.

At Hayes Connor, our data breach solicitors set out what you should do if you are a user who is concerned about the impact the data breach at reddit could have on you.

What information was stolen?

The data accessed included complete information from a 2007 database backup which contained old protected (salted and hashed) passwords, email addresses, public posts and private messages.

Reddit has confirmed that it will be contacting all users affected by the breach of this database. The company has also urged users who used the platform anywhere near 2007 to reset their passwords and enable 2-factor authentication. So, if you are a long-standing Reddit user (or were a user back then), it’s worth checking your spam folder just in case. Those who signed up for the online service after 2007 should be in the clear.

In addition to the old database, more recent data, including email addresses and ‘subreddits’ people have subscribed to have also been accessed by cybercriminals.

However, there is no indication that Reddit will be contacting those individuals who have had their current email addresses stolen. So you’ll have to figure that out for yourself.

Reddit is asking users who have had their email address affected, to “think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address” and remove it. Put simply, affected users should delete any posts they don’t want to be traced back to.

What happens now?

The attack happened between 14th – June 18th June, and was discovered a day later.

Reddit has said that it is conducting a “painstaking investigation to figure out just what was accessed”, and to improve its systems and processes to prevent this from happening again.

Reddit has also said that it has reported the issue to law enforcement and is cooperating with investigations.

Why are people worried?

While much of the data accessed is at least 11 years old, that doesn’t mean that people aren’t right to be distressed at the thought of their private communications – including messages – falling into the wrong hands. Especially when this data can be linked to a specific email address (and therefore a person).

The security incident has been described as a “serious attack,” and just because Reddit was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

Your distress matters!

Some people would have you believe that claiming for distress is an overreaction, but our data breach solicitors and the law don’t look at things this way.

The sheer scale of the information we share on social media is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this gets into the wrong hands.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And you can do this if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

At Hayes Connor Solicitors, our data breach solicitors have been helping people to claim compensation for over 50 years, so we know what it takes to make a successful data breach claim. Our initial evaluation is always free of charge, and there’s never any obligation to take things further.

If we do think you have a reasonable chance of winning your case, we’ll let you know straight away. What’s more, once appointed, we provide a NO WIN, NO FEE service; so you have nothing to lose.

IF YOU THINK YOU HAVE A CLAIM, CONTACT OUR DATA BREACH SOLICITORS TODAY.

data breach claim
,

Dixons Carphone data breach affects 16 million customers

Dixons Carphone has admitted that almost 16 million of its customers have their details exposed in a massive data breach.

The electronics retailer has said that around 10 million records containing personal data may have been accessed in 2017. That’s up from an initial estimate of 1.2m people. The additional 8.8 million customer records include dates of birth, addresses and phone numbers. However, while the personal information accessed was all non-financial, the records compromised can be used to carry out data theft and fraud.

Dixons Carphone has also been investigating a separate attempt to compromise 5.9 million payments cards.

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

However, while Dixons Carphone chief executive Alex Baldock, has said that the business has been “working around the clock to put it right”, it appears that the hack is now much, much larger than initially thought.

The retailer has said that it will contact all customers to apologise and advise on the steps they can take to protect themselves. However, if customers are offered any free data security services, it is vital that they check the small print to ensure they don’t waive their rights to compensation from Dixons Carphone.

This is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees were put at risk. Including the historical payment card details for some 18,000 customers.

With a history of failures, the regulator will now be looking very carefully at this latest revelation.

What can you do following the Dixons Carphone data breach?

Data breaches can have severe consequences for those affected. So, customers of Dixons Carphone should now be looking to claim compensation; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you were affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

dixons data breach
,

Dixons Carphone admits huge data breach

Dixons Carphone has admitted a huge data breach following a prolonged hacking attempt. The data hack involves 5.9 million payment cards and 1.2 million personal data records. The breach occurred following a number of attacks – carried out over a period of 12 months.

The personal data records compromised by the hackers includes information such as names, addresses and email addresses. All of which can be used to carry out data theft and fraud.

Also, while most of the cards had chip and pin protection, some105,000 non-EU issued cards did not have this technology. While the company has said there is no evidence that any of the cards had been fraudulently used, a full police investigation is now underway. The regulators have also been informed and it is thought that the breach could leave the company open to a large fine.

Alex Baldock, chief executive at Dixons Carphone said:

“We are extremely disappointed and sorry for any upset this may cause.

“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

A history of data protection failures

Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a whopping £400,000 following another cyber-attack. The fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO). In that breach, the personal data of over three million customers and 1,000 employees were put at risk. Including the historical payment card details for some 18,000 customers.

Find out more about the Carphone Warehouse breach here.

While Dixons Carphone claims that the two incidents are unrelated, the Information Commissioner (ICO) will now be looking very carefully at this latest failing.

What can you do?

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse and the merged Dixons Carphone should now be looking to claim compensation.

The company has said that it will be contacting those affected to advise them of the breach. We would urge anyone contacted to let us know and start a data protection compensation claim; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you are affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

data breach solicitors
, ,

Can you make a data breach claim against the Crown Prosecution Service?

In May this year, the Information Commissioner’s Office (ICO) issued a £325,000 fine following the loss of recorded police interviews by the Crown Prosecution Service (CPS). The DVDs contained interviews with 15 victims of child sex abuse and were to be used at trial.

Shockingly, the recordings were also unencrypted, and the failure to protect such sensitive information has led to concerns that a “loss in trust could influence victims’ willingness to report serious crimes”.

Such data breaches could also have severe consequences for those affected. So, victims should now be looking to make a data breach claim against the Crown Prosecution Service.

What happened in this case?

In November 2016, the DVDs were sent by tracked delivery from Guildford to Brighton for a trial. But, because the delivery was made outside of office hours, they were left at an office reception in a shared building.

The recordings, which were not sent in tamper-proof packaging, contained highly intimate and sensitive details of the victims, as well as the personal data of the perpetrator, and identified information about other individuals.

It was over a week before the loss was discovered and while the building’s entry doors were locked, deliveries that were left there could be accessed by anyone with admission to the building.

The DVDs and the information contained on them have not been found, so it is unclear what has happened to them and whether anyone has watched them.

To make matters worse, this is the second time that the CPS has failed to take necessary steps to protect sensitive data. In 2015, the CPS was fined £200,000 by the ICO after the theft of laptops containing videos of police interviews uncovered serious security failures by the government body.

What was the result of the latest investigation?

In its judgement, the ICO found that the CPS was negligent by failing to ensure that the videos were kept safe. The CPS was also accused of not taking into account the substantial distress that would be caused if the videos were lost.

Astonishingly the investigation also revealed that while encryption software is available to the CPS, it is not routinely used to protect such evidence.

As a result, as well as the £325,000 fine, the ICO ruled that, due to a lack of proper processes across the organisation, staff training within the CPS was needed immediately.

Stephen Eckersley, head of enforcement at the ICO, said:

“The CPS failed to take basic steps to protect the data of victims of serious sexual offences. Given the nature of the personal data, it should have been obvious that this information must be properly safeguarded, as its loss could cause substantial distress.

“The CPS must take urgent action to demonstrate that it can be trusted with the most sensitive information.”

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by the CPS is particularly worrying as many of the victims were already vulnerable and had already endured significant distress during their interviews with the police. As such, the loss of these recordings is likely to cause considerable emotional anguish.

What’s more, while the CPS has said that it has now strengthened arrangements to prevent further incidents, its failure to do so following the last data protection breach highlights a shocking disregard for those people it should be protecting. The CPS simply did not make sure that appropriate care was taken to avoid similar breaches re-occurring.

The CPS was aware of the graphic and distressing nature of the personal data contained in the DVDs, but it was complacent in caring for that information and those it is supposed to protect. So it must be held to account.

Victims who had their data accessed were informed about the breach. And, while the CPS has offered to meet victims’ families to apologise, this does not cancel the right to proper compensation.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to make a data breach claim against the Crown Prosecution Service and claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM COMPLETE OUR CONTACT FORM.

make a data breach claim
, ,

Can you make a data breach claim against the British and Foreign Bible Society?

This month, the British and Foreign Bible Society was fined £100,000 for failing to protect the personal data of 417,000 of its supporters. Following an investigation by the Information Commissioner’s Office (ICO), it was revealed that the Society exposed these supporters to possible financial or identity fraud.

While the Society was a victim of a cyber-attack, this does not negate the fact that it failed to take appropriate steps to protect the personal data it was entrusted with.

With data breaches often causing significant distress for those affected, victims of the British and Foreign Bible Society data breach may now want to claim compensation.

What happened in this case?

Between November and December 2016, criminals exploited the weakness of the Society’s computer network – which used an easy-to-guess password – to access the personal data of its supporters.

Using ransomware to encrypt almost one million files, the data compromised included names and contact details, as well as payment card and bank account details for some. Fortunately for the Society, the data had recently been backed up, so it could not be held to ransom. But, many of the files were transferred, copied and extracted by the attacker.

What was the result of the investigation?

During its investigation, the ICO found that supporter details were kept on an insufficiently secured internal network which offered inappropriate remote access rights.

Commenting on the case, Steve Eckersley head of enforcement at the ICO said:

“The Bible Society failed to protect a significant amount of personal data and exposed its supporters to possible financial or identity fraud.

 “Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated.

 “Cyber-attacks will happen, that’s just a fact, and we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders.”

The British and Foreign Bible Society was fined £100,000 for breaching data protection legislation.

What can you do?

Today, many people choose to donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data. Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often such organisations are insured against such data breaches, so you don’t have to worry about the impact of the good work you support.

In this case, the ICO found that the Society’s failure was likely to cause substantial damage or distress to those supporters who had their data stolen.

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The Society has notified victims who have had their payment details stolen, but it is not clear if those who had other personal data put at risk were informed. However, modern cybercriminals are increasingly sophisticated and such information can be used to carry out identity theft and fraud, so it is vital you are told.

What’s more, it doesn’t matter if criminals haven’t used your data. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. If you are not sure if your information was compromised, we can find this out for you. We can also help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM COMPLETE OUR CONTACT FORM.

 

 

data breach compensation
, ,

Can you make a data breach claim against Nottinghamshire County Council?

Last year, Nottinghamshire County Council was fined £70,000 by the Information Commissioner’s Office (ICO). The fine came after the Council left the personal information of vulnerable people it was supposed to protect exposed for five years.

The sensitive data included the gender, addresses, postcodes and care requirements of 3,000 elderly and disabled people.

Such failures could have severe consequences for those affected. So, victims should now be looking to make a data breach claim against Nottinghamshire County Council. 

What happened in this case?

In 2011, Nottinghamshire County Council launched its Home Care Allocation System. This was an online portal which allowed social care providers to confirm that they were able to support a particular person.

However, five years later, a member of the public informed the Council that the unprotected directory could be accessed via a simple online search. During this time the data could have been viewed by anyone. With no need to log in. And, although the service user’s names and house numbers were not included, it would have been possible to identify them.

This situation is particularly worrying as the data contained in the system could have been used by criminals to target vulnerable people. It could also have been used to alert criminals about when people were in hospital, and when their homes were sitting empty.

What was the result of the investigation?

The incident has been called a serious and prolonged breach of the law by the ICO. The investigation also found that, despite having the financial and staffing resources available, the Council overlooked the need to put robust measures in place to protect people’s personal information.

Calling the data protection breach “totally unacceptable and inexcusable”, the ICO said that the distress to services users was likely to be substantial. Particularly given the sensitive nature of the personal data and the vulnerability of the people involved. For example, the report into the breach states that “elderly and vulnerable service user may worry that a thief or burglar would use the information to prey on her whilst at home or in hospital.”

Furthermore, the ICO has agreed that such concerns are entirely justifiable, even if they never actually happen.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

Central and local government bodies handle some of our most sensitive personal data, and we have the right to expect this will be looked after and kept safe. As such, organisations such as Nottinghamshire County Council must start to look after our data as carefully as they would their own money or offices.

Very often, the only way to ensure they do this is by claiming compensation for data protection breaches and holding them to account.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

While Nottinghamshire County Council informed the ICO as soon as the failure was uncovered, because it occurred before the General Data Protection Regulation came into force in May 2018, it was not obligated to tell individuals if their data was breached. So, you may not know if your sensitive information was put at risk. But if you are in any doubt, it’s worth finding out, and we can do this for you.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to make a data breach claim against Nottinghamshire County Council and claim the maximum amount of compensation in the minimum amount of time. We can do this on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM AGAINST NOTTINGHAMSHIRE COUNTY COUNCIL COMPLETE OUR CONTACT FORM.

data breach solicitors
, ,

Can you make a data breach claim against the Carphone Warehouse?

Earlier this year, the Carphone Warehouse was fined a whopping £400,000 following a cyber-attack. The assault on the company’s computer systems compromised customer and employee data and uncovered severe failures in Carphone Warehouse’s data security systems.

The data protection breach put the personal data of over three million customers and 1,000 employees at risk. Including the historical payment card details for some 18,000 customers.

The £400,000 fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO).

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse should now be looking to claim compensation.

What happened in the Carphone Warehouse data breach case?

In 2015, a Carphone Warehouse computer system fell victim to a cyber-attack. The data breach affected the company’s online division which operated the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites.

The attack took place after the assailant made a scan of the system using a commonplace penetration tool. The tool looked for things such as outdated software and other vulnerabilities. Uncovering that such weaknesses did exist with a WordPress website, the scammer exploited this to access the system, and the customer and employee data.

While Carphone Warehouse did have processes in place to monitor cyber threats, staff were not alerted to the attack until 15 days after the system was first compromised. This timelapse further highlighted the lack of adequate security measures in place at the company. In fact, according to the ICO, the “number of distinct and significant inadequacies in the security arrangements for the System is striking”.

What was the result of the investigation?

In its judgement, the ICO found that the Carphone Warehouse data breach significantly affected the privacy of those involved. It also said that if the data was misused, it was likely to cause substantial damage or distress.

“The real victims are customers and employees whose information was open to abuse by the malicious actions of the intruder.

“The law says it is the company’s responsibility to protect customer and employee personal information.

“Outsiders should not be getting to such systems in the first place. Having an effective layered security system will help to mitigate any attack – systems can’t be exploited if intruders can’t get in.

“There will always be attempts to breach organisations’ systems and cyber-attacks are becoming more frequent as adversaries become more determined.

“But companies and public bodies need to take serious steps to protect systems, and most importantly, customers and employees”.

In failing to do this, the ICO found that the severity of the Carphone Warehouse data breach merited a £400,000 fine.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

 

equifax data breach even worse
, , ,

Equifax data breach is even worse than first thought

In September last year, it was revealed that up to 400,000 people in the UK might have had their personal details stolen when Equifax was hacked by cybercriminals.

Equifax is the second largest credit reference agency in the UK and is used by a wide range of companies to decide whether to issue mortgages, loans, store cards, credit cards, etc. So, even if you are not an Equifax customer, it could still hold a wealth of information about you. That’s why, when it was revealed that hackers had gained access to the private details of Equifax customers (both here and in the US), it was big news.

At the time, it was reported that the stolen data included names, address, dates of birth, and credit card numbers. However, last month it became apparent that the sheer scale of the Equifax breach had gone from bad to worse, with more information stolen than initially reported. In fact, 3,200 passport images were also taken by cybercriminals, despite initial denials from the company.

How can cybercriminals use your private data?  

Along with the original info stolen, our images are considered to be personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following a data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

Holding Equifax to account

While Equifax was the victim of a cyber-attack, it was responsible for protecting your personal information. So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

The stolen passport images relate to those individuals already impacted by the breach, so, if you have previously received a letter from Equifax informing you that your data was put at risk, it is vital that you now make a compensation claim and hold them to account.

To make matters worse, not only did Equifax fail to come clean straight away about the scale of the breach, but a former Equifax executive also sold his shares in the company before the news of the hack went public. Earning roughly $1 million in the process, the executive was set to profit at the expense of millions of customers. He has since been charged with insider trading, but his actions reflect a disdain for consumer data protection that is all too common.

With data breaches on the rise, something has to be done to make big companies accountable for these losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

What should you do now?

In the UK, investigations into the Equifax data breach are still ongoing, and, we’ve been contacted by hundreds of people worried that their personal data was not looked after as carefully as it should have been.

In response, at Hayes Connor, we are preparing a group litigation action for everyone who has had their data accessed in the Equifax data breach. To become part of this group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

While each case is different, we expect to claim £1,000 to £2,500 per person. And, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you are awarded £1,500, you’ll get all of the compensation. So there are no solicitor’s fees whether you win or lose.

If you have been affected and want to join our group action, register your details here.

, , ,

Can you make a data breach claim against the Bayswater Medical Centre?

The Bayswater Medical Centre has been found guilty of a serious data protection breach. The London based GP and healthcare provider has been fined £35,000 by the Information Commissioner’s Office (ICO) after it left highly sensitive medical records, registration forms and repeat prescription information unsecured in an empty building for a year and a half. The data was left on decks, in unlocked cabinets, on windowsills, and in bins.

With medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre may now be able to claim compensation.

What happened in this case?

The breach occurred after the Bayswater Medical Centre vacated a practice but continued to use the building for storage. The failure to protect sensitive patient data was only discovered after another GP practice visited the site to take over the lease.

Perhaps most worryingly, despite repeated warnings from the new surgery and a local Clinical Commissioning Group, Bayswater Medical Centre did nothing to collect and secure the sensitive information.

Concerns were escalated to NHS England (NHSE). And, when officers investigated the building, they found that “it would have been apparent to anyone looking through the window that the premises were abandoned and patient files left littered throughout the premises with windows left ajar with potential access”. Medical records were also left on a windowsill, with the blinds not closed and the window not secure. NHSE also reported that the building was secured by a single lock, and had no other physical security measures such as an alarm. In fact, just one week after the records were eventually removed, the building was broken into.

What was the result of the investigation?

The ICO has called the breach a “serious contravention” of data protection legislation that could lead to serious damage and distress for victims. In fact, the ICO said that any concerns by patients went beyond mere irritation and that fears about data falling into the wrong hands were understandable – even if such fears didn’t actually happen. As such, the ICO found that the severity of the breach merited a £35,000 fine.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter that the data remained secure in the building and didn’t fall into the hands of criminals. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

If you registered with Bayswater Medical Centre before July 2015 (even if you have since moved to another practice), and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Before the General Data Protection Regulation came into force in May 2018, organisations were not obligated to tell individuals if their data was breached, so, you may not know if your medical records were put at risk. But if you are in any doubt, it’s worth finding out, and we can do this for you.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.