yahoo breach
, ,

Do you have a Yahoo email address? If so, your privacy could have been breached

If you have a Yahoo email address, you could be due data breach compensation. Here’s everything you need to know about making a Yahoo data breach claim.

What happened in the Yahoo data breach case?

Due to systemic errors in its cybersecurity systems, between 2012 and 2016, Yahoo suffered a series of system hacks by organised crime groups. In particular, in 2014, a Russian state-sponsored cyber-attack saw personal data stolen from over 500m Yahoo user accounts worldwide. Despite evidence that the firm knew about the hack soon after it happened, it did not report it until September 2016.

The data protection hack led to user’s names, email addresses, telephone numbers, passwords and encrypted security questions and answers falling into the hands of cybercriminals.

What happened in the investigation?

Following the Yahoo data breach, the Information Commissioner’s Office (ICO) investigated the privacy violation. While people in many different countries were involved, the ICO investigation focused on UK accounts that were co-branded Sky and Yahoo, and which the London-based branch of Yahoo had responsibility for.

Following its inquiry, the ICO found that Yahoo had “failed to prevent” the hack. It condemned “inadequacies” at Yahoo. Inadequacies that had existed for some time without being “discovered or addressed”. The investigation also found that:

  • The firm failed to ensure that its data processor complied with the appropriate data protection requirements
  • The firm failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed.

As a result, the ICO imposed a £250,000 fine on Yahoo. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit.

Were you affected by the Yahoo data breach?

The Yahoo data breach affects people who had a Yahoo account between January 1, 2012 and December 31, 2016. According to the ICO, Yahoo has informed those affected.

These people can now make a compensation claim.

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

The data breaches at Yahoo happened because of a failure to implement reasonable and robust processes. So, Yahoo has failed to uphold your privacy rights. Furthermore, claiming compensation isn’t just in your best interests; it is often the only way organisations are persuaded to take their responsibilities seriously and make the necessary improvements.

What has happened since then?

In September 2019, Yahoo emailed its users saying it was nearing a $117.5 million settlement. This settlement would end a massive class-action lawsuit related to a series of data breaches that took place between 2012 and 2016. However, the money available is only for people who live in the US and Israel.

If you had a Yahoo account and live in the UK, what can you do?

At Hayes Connor Solicitors, we are launching a representative action claim to help UK victims of the Yahoo data breach to claim the compensation they deserve. A representative action is a type of group action.

If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. The settlement reached in the US, and the result of the ICO’s investigation in the UK means that you could have a powerful case.

Why should you choose Hayes Connor Solicitors?

As the UK’s leading data breach law firm, we are helping people in the UK to hold Yahoo to account for its failure to protect their personal data (as it is legally obliged to do). We are doing this because we believe that your data protection rights are important. Here’s are some other reasons why it’s essential to use our specialist data privacy lawyers to claim Yahoo data breach compensation.

  • Hayes Connor is an established and trusted firm. Our solicitors have been helping people to claim compensation for over 50 years
  • We have been winning data protection cases longer than most other solicitors, and we are more experienced when it comes to understanding the complexities involved. A lack of understanding about data breach law can leave victims open to advice and representation below the standard expected. And this could see you lose out financially as a result
  • All too often, claims management companies are more concerned about making fast cash than helping victims. So, while they might help you get some money back for a data breach, they are less concerned about ensuring you get compensated for the long-term and often psychological effects of a breach. When you appoint us, we get you the maximum compensation possible
  • We have the legal expertise needed to take on big players such as Yahoo. In fact, our experience in data breach group actions is unmatched in the UK
  • We provide regular emails to all our Yahoo data breach clients to ensure they always know what is happening with their case.

How can you make a no-win-no-fee Yahoo data breach compensation claim?

At Hayes Connor, we always provide a free consultation to make sure we can help you. If you want to make a Yahoo data breach compensation claim with us, we can advise you on whether you have a valid claim, answer any questions you might have and go through your options with you. We will do all this without charging you a penny.

We are also providing no-win, no-fee funding arrangements for anyone that wants to join our Yahoo representative action. And there are no hidden costs or admin expenses.

If you want to join our Yahoo UK Representative Action contact Hayes Connor Solicitors immediately. There are no costs to join our group action, and there is no obligation to proceed.

START YOUR CLAIM

data breaches
, , ,

Data breaches – should you even care?

In 2019, The ICO was still owed 42% of the total amount of fines it has handed out for data breaches, spam, and nuisance calling since 2015. This demonstrates the difficulty the data protection regulator has when it comes to enforcing the punishments it hands out to companies.

Data obtained by The SMS Works via a freedom of information request found that:

  • 152 fines have been issued since 2015
  • 30% of these remain unpaid.

This unpaid amount does not include the £183m and £99m fines facing British Airways and Marriott Hotels. These are under appeal and not yet owed to the ICO.

The sheer amount of unpaid fines shows a complete lack of responsibility and care from offending organisations.

Companies are demonstrating a history of data protection failures

At the same time, it has been discovered that Marriott has suffered another data breach. On this occasion, rather than customers, it is employees who have had their privacy violated due to a third-party. It is astonishing that, even in the face of a £99m fine, Marriot still doesn’t seem to be taking its data protection responsibilities seriously.

But it’s not alone.

Just a few weeks after the ICO announced plans to fine British Airways a whopping £183.93 million for its 2018 data breach, a vulnerability with the airway’s check-in procedures, once again, exposed passenger information.

Also, in November 2019, T-Mobile suffered a severe data breach with over a million pre-paid customers believed to be affected. But this wasn’t the first time T-Mobile had suffered a security failure. In August last year, the company admitted to a data breach which affected around two million customers.

And the list goes on.

In early 2020, Dixons Carphone Warehouse was fined £500,000 by the Information Commissioner’s Office (ICO). The Dixons Carphone data breach resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details were stolen by cybercriminals. But that breach was not the first time that the company had failed to protect its customers. The Carphone Warehouse, which merged with Dixons, was previously fined £400,000 following another cyber-attack. At that time, the huge fine was one of the biggest ever handed out by the Information Commissioner’s Office.

So, at best, we could argue that big companies are not learning from their security mistakes. At worst they just don’t care.

Is there any point in making a complaint?

Here at Hayes Connor Solicitors, we help our clients to claim compensation for breaches of their data privacy rights. And it’s a job we take very seriously. Not least because we understand the full and often traumatic effect a data breach can have on an individual. But, in light of these findings – and with breaches happening on an almost daily basis – is there any point even trying to stand up for your data privacy rights?

Absolutely!

Certainly, where there is a pattern of breaches, there are likely more significant security issues at play. In fact, we would argue that in many cases these organisations are lucky that they haven’t suffered more attacks. Because when you adopt a reactive “break-fix” approach rather than a proactive security-first approach, it’s only a matter of time before something else goes wrong.

But just because some organisations aren’t prioritising data security doesn’t mean you shouldn’t.

Cybercrime can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.” A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So why should you feel any less upset at having your online data taken?

Even if a privacy violation doesn’t cause you damage or distress, that doesn’t mean you shouldn’t do anything about it. Your data has value and organisations are legally obliged to look after it.

Something has to be done to make companies accountable for their data protection failures. And, in many cases, taking action against these organisations is the only way to make them improve their security processes.

Is it really their fault?

Cybercriminals are becoming more and more sophisticated. But even where a company has come under attack, this doesn’t let them off the hook. If they have done everything in their power to protect your data and have robust security processes and procedures in place, it is unlikely that they would be found guilty by the ICO.

Also, where a third-party has been involved in a breach (e.g. in the Ticketmaster data breach), this doesn’t mean the company that collected your data isn’t to blame. It is their responsibility to put adequate checks and processes in place to secure vendor access. So, implicating the third party as the bad actor is both dishonest and legally neither here nor there.

The reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. These organisations must be made to get their houses in order. But it’s essential to get specialist legal help to tackle these offenders head-on.

If the ICO can’t do anything, what can you do?

The scale of unpaid fines begs the question of whether the ICO has the powers it needs to be fit for purpose. But that doesn’t mean there is nothing you can do. Because, while the ICO investigates and fines companies for data protection failures, it does not award compensation to victims.

That’s where we come in.

Hayes Connor Solicitors is a law firm operating in the data breach and protection sector. We help our clients to claim data breach compensation following data protection violations, GDPR breaches and other cyber offences. Our firm has established itself as the leading niche provider of legal services in this area. A relatively new and evolving area of law, this is all we do. Consequently, we have become a specialist in data protection law and data breach compensation claims. As a result, we lead our field when it comes to understanding the complexities involved.

In larger cases, we work alongside expert data protection barristers. This means you will get the very best level of legal support available.

With all the experience and expertise needed to win against even the biggest of companies, we work with you to protect your rights and hold organisations to account for their failures.

YAHOO
, ,

What does the US Yahoo data breach settlement mean for people in the UK?

In October 2019, a US class action settlement allowed Yahoo users to file a claim for compensation. Under this deal, anyone who had a Yahoo account between January 1st, 2012 and December 31st, 2016 became eligible to seek a payout from the fund. But the agreement only applies to residents of the United States or Israel. So, what does the US Yahoo data breach settlement mean for people in the UK?

Yahoo has been found guilty by the ICO

In June 2018, the UK’s Information Commissioner’s Office (ICO) fined Yahoo £250,000 after investigating failures at the company. In particular, the ICO focused on a Russian state-sponsored cyber-attack which resulted in the breach of 515,121 UK Yahoo accounts.

The ICO’s investigation found that:

  • Yahoo failed to ensure that its data processor complied with the appropriate data protection requirements
  • Yahoo failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed.

In short, Yahoo failed to take appropriate measures to protect the data of its customers. And these inadequacies in data security had been in place for a long time.

According to an ICO spokesperson:

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

The watchdog imposed a £250,000 fine on Yahoo. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit. So, you could argue that Yahoo got off very lightly.

Find out more about the ICO’s investigation into the Yahoo data breach.

You can still make a UK claim against Yahoo

At Hayes Connor Solicitors we are launching a group claim to help UK victims of the Yahoo data breach to claim the compensation they deserve.

According to the ICO, Yahoo has informed those affected. If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. The settlement reached in the US and the result of the ICO’s investigation in the UK means that you could have a very strong case.

START YOUR CLAIM

In the UK, you should join a representative action

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have had their email addresses stolen and data privacy violated.

In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

One solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions – including the Yahoo data breach.

If you want to join our Yahoo UK Representative Action contact Hayes Connor Solicitors immediately. There are no costs to join our group action and there is no obligation to proceed.

START YOUR CLAIM

council data breach
, ,

Council data breach after worker illegally accessed records 83 times in six months

A former reablement officer has been prosecuted for accessing social care records without authorisation. In this council data breach case, Dannyelle Shaw, who worked at Walsall Metropolitan Borough Council, inappropriately accessed the social care records of 7 adults and 9 children without any business need to do so.

According to reports, Ms Shaw illegally accessed the social care database without authority 83 times between April and September 2017. One of the adults affected later found out and made a complaint.

Ms Shaw had received training in data protection and confidentiality protocols. As a result, she was dismissed by the council before being prosecuted by the Information Commissioner’s Office (ICO).

Appearing before Wolverhampton Magistrates’ Court, Ms Shaw was sentenced to a fine of £450, ordered to pay costs of £364 and a victim surcharge of £45.

A price not worth paying

Speaking about this council data breach, Hazel Padmore, head of investigations at the ICO, said:

“People whose work allows them access to what can often be highly sensitive personal information need to know that the ICO will act to protect the legal rights of data subjects.

“This is another case where someone clearly knew the importance of confidentiality and protecting people’s personal information but decided to disregard all their training for their own reasons, and ended up paying a heavy price.

“Losing your job and ending up before the courts is not a price worth paying.”

Not Just Hackers

This case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

tmobile
, ,

T-Mobile data breach. Should you be worried?

In November 2019, T-Mobile suffered a severe data breach. Over a million pre-paid customers are believed to be affected. According to T-Mobile, the following data might have been exposed in the data breach:

  • Names
  • Phone numbers
  • Billing addressees
  • Account numbers
  • Rates, plans and calling features

Were you involved in the T-Mobile data breach?

T-Mobile has said that all affected individuals have been notified. However, it also says that if you don’t receive a notification, this could be because they don’t have up-to-date contact information for you. So, all customers should check their contact details on their account in the event that T-Mobile needs to reach them.

If you are a T-Mobile customer, it is also worth checking your spam folder and any old email accounts in case the email has gone there.

If you are/were a pre-paid T-Mobile customer, and you have not received a notification and would like to confirm if your information was impacted, you can email privacy@t-mobile.com.

Should you be worried about the T-Mobile data breach?

It does not appear that payment information and credit card information are included in the breach. However, that doesn’t mean that the people involved in this breach are safe. A phone number alone is often enough for hackers to extort further information and commit crimes. Indeed, we regularly deal with cases where seemingly “safe” data exposed in a breach is used to commit financial and/or identity theft.

Is T-Mobile failing to protect its customers?

At Hayes Connor, our data protection experts certainly think so. T-Mobile has been very unforthcoming about the data hack, stating that it doesn’t want to provide additional information at this time. However, for victims of this data breach, this stance is both unhelpful and potentially dangerous. Not least because, until they know the full picture, T-Mobile customers could still be at risk.

Your privacy matters

A data breach is a serious failure, so, even if your information is never used against you, that doesn’t mean that you can’t hold T-Mobile to account for putting it at risk in the first place.

Regardless of the outcome of this breach, T-Mobile neglected to protect its customers’ privacy rights. So, if your data was involved in this breach, the law agrees that you can make a T-Mobile compensation claim.

How to stay safe following the T-Mobile data breach

Protect your T-Mobile account

  • T-Mobile has advised customers to confirm or update their PIN/passwords on their T-Mobile account immediately
  • Customers are also advised to check their accounts for any suspicious activity.

Protect your finances

  • Contact your bank or credit card provider immediately if you spot any unfamiliar transactions or suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Consider contacting all the major credit reference agencies to ensure credit isn’t taken out in your name.

Watch out for further attacks

  • Be on your guard following the T-Mobile data breach
  • Always question uninvited calls, messages, texts, etc. in case it’s a scam
  • Be aware that, just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Understand that a legitimate bank or other financial organisation will never contact you ask for your PIN or full password or ask you to move money to another account for fraud prevention reasons.

Put some data protection best practices in place

  • Register with the Cifas protective registration service
  • Change all your passwords
  • Make sure your devices are protected by up-to-date internet security software.

Find out more about what to do if you are the victim of a data breach.

Should you make a T-Mobile data breach compensation claim?

At Hayes Connor Solicitors, we are considering starting a no-win, no-fee group litigation action for UK customers who have had their data privacy violated in the T-Mobile data breach. To become part of this group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

Our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. So, we are confident that our team will get the results you deserve. We have all the experience and expertise necessary to get the best possible result for you.

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim against T-Mobile. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to make a claim. Furthermore, claiming compensation isn’t just in your best interests. It could also be the only way to ensure that organisations implement more secure processes.

To become part of our group action, we need you to register with us. This guarantees that you will form part of any compensation claim lodged by us.

We can take on your claim on a no-win, no-fee basis.

Register now

 

Data Breach Overview January 2020

Hayes Connor Solicitors Data Breach Overview: January 2020

Each month at Hayes Connor Solicitors, we take a look at some of the key data breach news that has occurred over the last few weeks. Looking at both significant cases, legal developments, and what’s happening at our firm, we hope to help businesses and individuals to become fully protected in our increasingly online world. So, what happened in January 2020? Find out in our data breach overview.


January 2020 data breach news

Dixons Carphone was fined by the ICO

On 9th January 2020, the ICO fined Dixons Carphone £500,000 after a massive data breach at the company in 2017.

According to the ICO:

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR.”

The ICO investigation found:

  • Systemic failures in the way DSG Retail Limited safeguarded personal data
  • Failures relating to basic, commonplace security measures
  • A complete disregard for the customers whose personal information was stolen.

Later in January, we submitted a disclosure request to Dixons to start the process of legal proceedings against the retailer officially.

See the Dixons Carphone data breach timeline

Our managing director, and data breach expert Kingsley Hayes spoke to the media about the Dixons Carphone Warehouse data breach, and our plans to launch a group action against Dixons representing hundreds of affected individuals.


Hayes Connor was shortlisted for two categories for the Eclipse Proclaim Modern Law Awards 2020

Hayes Connor Solicitors was shortlisted in two categories for the Eclipse Proclaim Modern Law Awards 2020. This is the second year running that our achievements have been recognised by the award panel.

The prestigious awards celebrate and identify sparkling talent and success in the modern legal services arena. They also showcase and set the benchmark for best practice in the ever diverse, challenging and exciting legal landscape.

In the 2020 awards, as in 2019, Hayes Connor is on the shortlist for Boutique Law Firm of the Year and Marketing and Communications Strategy. The Eclipse Proclaim Modern Law Awards 2020 will be held at the Victoria Warehouse in Manchester on 6th February 2020.


Supercasino, Jackpot247 & Vernons suffered a data breach

 We received several queries about a data breach at online betting website Vernons.com. The breach might also impact SuperCasino and Jackpot247.

In an email to customers, the company said:

“We regret to inform you that Vernons has suffered a security incident and some of your personal data has been revealed to an unauthorized person”.


A Travelex data breach was uncovered

 In January, it came to light that foreign exchange company Travelex fell victim to a huge cyberattack on 31st December 2019. Following this, the company was forced to negotiate with the Sodinokibi ransomware group. Customers who ordered money from the foreign exchange company could now be at risk. Adding to this issue, many customers expressed anger at being “fobbed off” by Travelex as the cyber hack left them without access to their money.


We launched a series of blogs to show people how their data is being used

Over the last few years, there has been an explosion of data profiling by companies, public bodies and even governments. Throughout 2020 our data protection experts are taking a look at just some of the ways the average person might find their data being harvested every single day. To start, we discussed smart devices, and how your data privacy could be at risk in your home.

READ OUR ARTICLE HERE


Hayes Connor sponsored Warrington Wolves’ marquee signing Gareth Widdop

Hayes Connor Solicitors agreed to sponsor accomplished Great Britain international half back Gareth Widdop as he joined Super League team Warrington Wolves RLFC on a three-year contract. The 30-year-old, who joined from Melbourne team St George Illawarra Dragons, is known as a strong goal kicker and is described by the club’s chief executive as its biggest signing in its 144-year history.

“As a long term fan of the Warrington Wolves, it’s very exciting to have such a high calibre player signed to the team and we are delighted to be sponsoring Gareth as he progresses his impressive career at the club.”

Dan Thompson, Director, Hayes Connor Solicitors


Thank you for reading our data breach overview. 

About Hayes Connor

At Hayes Connor, we are true experts in data breach law. This is all we do, and we have been doing it longer than most other solicitors. We lead our field when it comes to understanding the complexities involved. What’s more, we have been working to defend consumer rights for over 50 years.

As well as our experienced lawyers, our team also includes some of the UK’s best data breach barristers. This ensures our clients get the very best level of legal support available.

A lack of care and understanding about data breach law can leave victims open to advice and representation below the standard expected. And this could see people lose out financially as a result.  But, despite being the most experienced data protection solicitors around, we also provide no-win, no-fee funding arrangements. So our clients don’t have to worry about costs. There are no hidden charges or administration fees.

Importantly, while we are experts in group actions, we also deal with smaller individual cases. And we understand that for those involved the experience can be devastating. So, regardless of the details, we never belittle anyone’s experience.

And, because making a data breach claim is stressful enough without having to chase your solicitor, we provide regular updates, so our clients always know what’s happening.

Together, this experience and expertise ensure that our data breach solicitors are unmatched in the UK.

Contact Hayes Connor Solicitors today for a free, no-obligation, initial assessment of your case and remember to keep an eye out for our February  2020 data breach overview. 

 

 

hayes connor

Hayes Connor Solicitors releases 2019 data breach report

At Hayes Connor Solicitors, we help our clients to claim data breach compensation following privacy violations, GDPR breaches and other cyber offences. A relatively new and evolving area of law, this is all we do. Consequently, we have become a specialist in data protection law, and we lead our field when it comes to understanding the complexities involved.

To help raise awareness of data breaches, each year we will be taking a look at some of the key developments that have occurred over the last 12 months. By shedding some light on events, we hope to raise awareness of the importance of data privacy. And help businesses and individuals to become fully protected in our increasingly online world.

Our 2019 data breach report is now available

In our report you can find out about:

  • Why we believe that the majority of data violations are entirely avoidable
  • Recent changes to data protection law
  • Key data privacy trends
  • And more.

With an overview of the year, we also look at some high-profile data breaches that have occurred this year, ICO fines, and where we are up to with key cases (e.g. Ticketmaster, BA, Equifax, etc.)

What’s more, in 2019, we celebrated a number of significant wins and developments at our firm. And in this report, we share some of these with you.

READ THE DATA PROTECTION LAW REPORT IN FULL HERE.


Data protection solicitors

At Hayes Connor, we are true experts in data protection law. This is all we do, and we have been doing it longer than most other solicitors. We lead our field when it comes to understanding the complexities involved. What’s more, we have been working to defend consumer rights for over 50 years.

As well as our experienced lawyers, our team also includes some of the UK’s best data breach barristers. This ensures our clients get the very best level of legal support available.

A lack of care and understanding about data breach law can leave victims open to advice and representation below the standard expected. And this could see people lose out financially as a result.  But, despite being the most experienced data protection solicitors around, we also provide no-win, no-fee funding arrangements. So our clients don’t have to worry about costs. There are no hidden charges or administration fees.

Importantly, while we are experts in group actions, we also deal with smaller individual cases. And we understand that for those involved the experience can be devastating. So, regardless of the details, we never belittle anyone’s experience.

And, because making a data breach claim is stressful enough without having to chase your solicitor, we provide regular updates, so our clients always know what’s happening.

Together, this experience and expertise in data protection law ensure that our solicitors are unmatched in the UK.

Contact Hayes Connor Data Protection Solicitors today for a free, no-obligation, initial assessment of your case

data privacy
, ,

Is your data privacy safe when travelling?

Do you know exactly how much of your data is being collected, by who, and for what purpose? With a rise in smart devices, there has been an explosion of data profiling. And in a series of blogs, our data protection experts are taking a look at some of the ways the average person might find their data being harvested every single day.

In our last blog, we discussed how your data privacy could be at risk in your home. This month, we are examining how much information is collected when you are travelling.

Data privacy in your car

If you watch the popular TV show Hunted, you’ll know that the government can use CCTV, ANPR (Automatic Number Plate Recognition), GPS and Oyster cards to track an individual’s movements. But it’s not just the state that can track us as we go about our daily lives.

In August 2019, Mercedes sparked a privacy row when it admitted that it uses tracking devices covertly installed in its cars to effectively spy on drivers and pinpoint a vehicle’s exact location. According to Mercedes, the sensors are only used in “extreme circumstances”. This includes when a customer has defaulted on a payment. In such instances, Mercedes would activate the tracker and then share car owner information and vehicle location details with bailiffs and car recovery firms.

Worryingly, it seems that many people who bought a car from Mercedes had no idea that their data could be used in such a way. And, at Hayes Connor, we would argue that such surveillance is legally very concerning, not least because tracking a car without the knowledge of the driver is illegal under EU data protection laws.

“Any company that handles personal data should explicitly disclose how this information is gathered and how it could be used. In the case of Mercedes, there has been a shocking lack of transparency when it comes to how it is processing personal data. Yes, there are details about the sensors in the extensive terms and conditions, but Mercedes is no doubt aware that these are often misunderstood, or not read at all. As such, we believe that the company is playing fast and loose with the data privacy rights of its customers”.

Christine Sabino, Data Protection Solicitor, Hayes Connor Solicitors


Does car insurance pose a data privacy risk?

It’s not just car brands that drivers need to be aware of. Apps which supply data to insurance companies are also raising privacy concerns.

For example, car insurance companies are now experimenting with charging for insurance based on an individual’s actual driving rather than statistics and algorithms. So, people would let their insurance company watch them drive via an app, and then receive a quote based on their actual driving history. But there are significant privacy concerns with this approach. Not least because, to work, such apps will have to monitor drivers at all times and can’t be switched off.

Of course, for many, a reduction in insurance premiums might be worth it. But we must know what we are signing up to. Because, with a wealth of data to track, where does this stop? It’s not at all unlikely that in the future, insurance-based technology could examine the music you listen to or the restaurants you drive to and use this data to make assumptions about you and your driving habits. And we should also think about how this information might be shared with third parties.

Uber data breach

If you don’t drive you shouldn’t worry about your data being used in such a manner, right? Think again.

In 2018, the Information Commissioner’s Office fined Uber £385,000 following a data breach which was covered up by Uber for a year. In this case, the personal details of approximately 2.7 million UK customers were accessed by hackers. This included full names, email addresses and phone numbers. The records of almost 82,000 UK drivers were also taken during the incident.

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Steve Eckersley, Director of Investigations, ICO


British Airways data breaches

Like other transport providers, airlines must also ensure that sensitive passenger information is kept secure. But, for British Airways, this doesn’t look like it is a priority after a series of data protection failures at the airline.

  • British Airways Data Breach One (2018): Booking website and app. Almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. In response, the airline is now facing a staggering £183 million penalty by the Information Commissioner’s Office (ICO).
  • British Airways Data Breach Two (2018): Reward bookings. When investigating the first data, a second data breach was also spotted at the airline. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.
  • British Airways Data Breach Three (2019): e-Ticketing system. Security researchers uncovered unencrypted links within BA’s e-ticketing process. The vulnerability with British Airway’s e-ticketing system may have exposed sensitive passenger information such as email addresses, names, phone numbers and more.

Find out more about the BA data breaches.

Data privacy concerns for the London Underground

According to reports, passengers using the London Underground network are to be tracked via the WiFi beacons on their smartphones. TfL said it would use the data to work out how commuters use the network and to send targeted information about avoiding congestion. The move comes following a trial of the system in 2016.

However, as well as using the data to improve its service, experts predict that TfL will look to commercialise this data. For example, by pricing advertising based on footfall.

While Tfl states that it has “pored over” guidance provided by the Information Commissioner’s Office, it also believes that it is not subject to GDPR because there is no way of directly identifying an individual from their phone signal. Whether that remains the case is yet to be seen. But unless a security-first approach is adopted, this could have long-term privacy implications.

Is Big Brother watching?

You might expect to be free from data collection when you are on foot or your bike. But in our connected online world, this is far from the truth. Your exposure to data harvesting depends on the number and type of smart devices that you own and the apps that you use. But today’s intelligent devices have the potential to collect a vast amount of data about you.

For example, cyclists have been warned about sharing data on ride-tracking apps because they could be helping bike thieves. Also, Google could be keeping a detailed record of your exact movements. In fact, it could know everywhere you have ever been! Check here to make sure your location history is turned off.

And it’s not just your own technology you have to think about. The ICO was said to be ‘deeply concerned’ about how AI surveillance systems were being used in central London. In this case, it was revealed that hundreds of thousands of people were being secretly spied on by face-recognition systems. The area watched included King’s Cross railway station. The ICO launched an investigation after concerns about this mass surveillance were reported in the media.

“Scanning people’s faces as they go about their daily business is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding.”

Elizabeth Denham, Information Commissioner, ICO


Education is key to minimising the impact of data privacy breaches

Of course, our world is changing, and technology is here to stay. So, we wouldn’t recommend not using smart devices or apps. Especially as they have the potential to deliver enormous benefits. But, when signing up to any new service it is vital to check the small print and make sure you understand how your data is being used.

At Hayes Connor Solicitors, we believe that the better informed we all are, the better-protected everyone will be. As such, we invest heavily in data privacy education. For more information on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, please contact us to find out how we can help. Our initial advice is completely free, and there is no obligation to process.

dixons breach
, ,

Has Dixons got off lightly following data breach fine?

Dixons has been fined half a million pounds for failing to protect its customers’ personal data. But, while £500,00 might seem like a lot of money, Dixons actually dodged a much bigger financial penalty. Because, had the attack happened now, the fine would inevitably have been much higher under new data protection regulations (GDPR). So it’s important that people hold the retailer to account by making a Dixons data breach compensation claim.

What happened in this case?

The data breach saw a hacker install malware on 5,390 cash registers at Dixons Travel stores and Currys PC World. The attack exposed the full names, postcodes, email addresses, credit checks of millions of customers. Payment card data was also compromised in a separate attack.

Data Protection in the UK

The General Data Protection Regulation (GDPR) came into force on May 25th 2018. This means that the breach was considered under the Data Protection Act (DPA) 1998, not the newer Data Protection Act (DPA) 2018 (the UK’s version of GDPR).

These acts have drastically different level of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

So, while the ICO imposed the highest possible fine, Dixons got off lightly.

Is Dixon’s taking responsibility for its data privacy failings?

Not really. In fact, while the company has apologised for the breach, Dixons is “considering our ground for appeal”.

That’s despite the fact an investigation into the breach by the Information Commissioner’s Office (ICO) found:

  • Systemic failures in the way DSG Retail Limited safeguarded personal data
  • Failures relating to basic, commonplace security measures
  • Vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing

So, you could argue that the retailer continues to show a complete disregard for the customers whose personal information was stolen.

What does the ICO fine mean for you?

In truth, while data protection lawyers like to talk about the changes that have occurred since GDPR, for people who had had their data breached, the level of fine doesn’t make much difference. Mainly because, while the ICO can impose a monetary penalty on a company, this isn’t given to victims of the data breach.

The only way for you to hold Dixons to account is to make a data breach compensation claim.

That being said, the ICO fine is good news for victims of the data breach. Because now that the ICO has found Dixons Carphone guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim.

Who can claim compensation for the Dixons data breach?

Everyone who was impacted by the breach should have been contacted by the national retailer and can now make a data breach compensation claim.  You can claim for:

  • Financial losses. A data breach can result in both financial and identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress, anguish and anxiety. Being the victim of a crime can have a significant impact on you mentally and physically. Everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. If a company does not protect your data in the way it is legally obliged to do, and you have suffered a loss of privacy, you can make a claim. For example, if your email address was stolen or otherwise put at risk.

Why use Hayes Connor Solicitors to make a Dixons data breach compensation claim?

At Hayes Connor, we are making a group action case against Dixons. A group action allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and make a big organisation take the matter seriously. This increases their chances of settlement or success in litigation.

Crucially, we are data breach and cybercrime experts. A relatively new and evolving area of law, this is all we do, and we have become a true specialist in data breach law. As such, we lead our field when it comes to understanding the complexities involved. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you.

We have also appointed an expert Barrister to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you. So, when you work with us, we make sure you are fully protected. And we remove the jargon from the compensation process, so you always know just what’s happening.

To become part of this group action, we need you to register with us. We can take on your claim on a no-win, no-fee basis so you have nothing to lose.

REGISTER NOW

dixons
, ,

Dixons Carphone guilty of systemic data protection failures

The Information Commissioner’s Office (ICO) has fined Dixons Carphone half a million pounds for “systemic failures” in the way it safeguarded its customers’ personal data.

In this case, a hacker installed malware on 5,390 cash registers at Dixons Travel stores and Currys PC World between July 2017 and April 2018. This allowed the attacker to access the personal data of customers. This information included full names, postcodes, email addresses and failed credit checks.

Following an investigation into the breach, the ICO uncovered:

  • Systemic failures in the way DSG Retail Limited safeguarded personal data
  • Failures relating to basic, commonplace security measures
  • Vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing
  • A complete disregard for the customers whose personal information was stolen.

But, while the ICO’s fine is significant (although not as big as it could have been under new data protection legislation), victims of the Dixons Carphone data breach won’t get a penny. That’s because, while the ICO has the power to issue fines to organisations that breach the Data Protection Act, it doesn’t have any authority when it comes to compensating victims.

Why can you do if Dixons Carphone breached your data?

In this shocking data privacy failure, 14 million customers had their personal data records exposed. Dixons Carphone also discovered a separate attempt which compromised the records of 5.9 million payments cards.

Everyone who was impacted by the breach should have been contacted by the national retailer and can now make a data breach compensation claim.

The ICO fine is good news for victims of the data breach

Now that the ICO has found Dixons Carphone guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim. This is important because:

  • This data breach left customers vulnerable to financial theft and identity fraud
  • The careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud
  • This is not the first time the company has failed to protect its customers’ data. In fact, there is a history of data negligence at the company. It’s essential to hold Dixons Carphone to account if data security is to improve.

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Making a Dixons Carphone Warehouse data breach compensation claim

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is at the mercy of cybercriminals following the Dixons Carphone data breach.

In response, and in light of the ICO’s findings, we will now be launching a group action to help people claim Dixons Carphone breach compensation.

Why use Hayes Connor Solicitors?

  • We have appointed expert Barristers help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve
  • We are making a group action case against Dixons Carphone. A group action allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and make a big organisation take the matter seriously. This increases their chances of settlement or success in litigation
  • We are data breach and cybercrime experts. A relatively new and evolving area of law, this is all we do, and we have become a true specialist in data breach law. As such, we lead our field when it comes to understanding the complexities involved.
  • We are taking on this case on a no-win, no-fee basis
  • With over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you. We can help you claim for both financial loss and emotional distress
  • We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you. So, when you work with us, we make sure you are fully protected
  • We remove the jargon from the compensation process, so you always know just what’s happening.

To become part of this group action, we need you to register with us. We can take on your claim on a no-win, no-fee basis so you have nothing to lose.

REGISTER NOW