, ,

Woman prosecuted for social services data breach

A woman has prosecuted for accessing social care records without authorisation. Michelle Shipsey, a former social services support officer at Dorset County Council, accessed the records of four people she knew without any business need to do so. She also gave the details to parents at their children’s school. Following the social services data breach, an internal investigation was launched by Dorset County Council. However, no further action was taken at this time as the woman then resigned from the council.

Appearing before Poole Magistrates’ Court, Ms Shipsey was sentenced to a 6-month conditional discharge, ordered to pay costs of £700 and a victim surcharge of £20.

The ICO sends a clear warning

Commenting on the privacy violation, Hazel Padmore, head of investigations at the Information Commissioner’s Office said:

“Individuals accessing social services support are often already in a vulnerable position and have the absolute right to expect their dealings are treated with the utmost respect and in accordance with data protection laws.

“Although new to the role, Shipsey had undertaken both data protection and cyber security training and therefore was acutely aware of the responsibilities she had towards maintaining client confidentiality.

“Our successful prosecution of this individual sends a clear message, that we will take action against individuals who take it upon themselves to abuse their position of trust”.

Lessons learned following social services data breach

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

OnePlus
,

The latest High Court decision has made it easier for victims of the OnePlus data breach

In 2019, OnePlus emailed its customers to let them know that a data breach caused by an unauthorised third-party had put their personal information at risk. According to OnePlus, names, contact details, email addresses and shipping addresses were exposed in the data hack.

People expect big companies to put enough security processes in place to keep intruders out. So, victims of this data breach might be angry that OnePlus allowed this to happen. But, until recently, victims of the latest OnePlus data breach (there has been more than one!) wouldn’t have had any avenue for legal redress – unless they could prove they suffered financially or emotionally as a result of the breach.

However, because of a ground-breaking High Court decision, this has now changed.

Making a data breach claim. What has changed?

A recent case against Google has transformed how data breach claims are managed in the UK. You can find more details about what happened here.

Here is a summary of how this decision relates to the OnePlus data breach.

You can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If OnePlus hasn’t protected your privacy in the way that it is legally obliged to do, you can claim for this failure.

You can make a data breach claim even if the only thing exposed was your email address

There is a misconception that some forms of personal data are not as valuable as financial data. But this isn’t necessarily the case. All too often, cyber-criminals use names and email addresses stolen in a data protection act breach to extract additional information from victims (such as your banking details).

Also, this “safer” data can also be used to carry out identity fraud, or even be used against you in a targeted political campaign. For example, The Electoral Commission, the ICO, The Department for Digital, Culture, Media & Sport Committee and The Institute of Practitioners in Advertising have all raised concerns about microtargeting specific voters profiled using unknown data.

The good news is that the Court of Appeal recognised that all personal data now an economic value (e.g. it can be sold). So, people involved in the OnePlus data breach can seek compensation even if the only personal information breached was their email address.

Everyone has the right to the protection of their personal data

While the changes are more wide-reaching than this, the bottom line is that everyone in the UK has the right to the protection of their personal data. So, if you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation. A data breach is a serious failure, and it is clear that OnePlus has neglected to protect its customers’ privacy rights.

If your data was involved in this breach, you should make a OnePlus compensation claim.

Claiming compensation for the OnePlus breach

At Hayes Connor Solicitors, we are considering launching a group action for everyone who has had their data privacy violated in the OnePlus data breach. To become part of this group action, we need you to register with us. We can take on your claim on a no-win, no-fee basis.

Crucially, at Hayes Connor, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the best possible result for you.

OnePlus has said that it has informed all impacted users by email. So, if you have received this email, you can make a data breach compensation claim against the company.

If you haven’t received a notification yet, OnePlus says you have not been affected. However, if you have ever been a OnePlus customer, it is worth checking your spam folder and any old email accounts in case the message has gone there.

Claiming compensation for the OnePlus data breach isn’t just in your best interests. It could also be the only way to ensure that organisations implement more secure processes.

REGISTER NOW

t mobile
,

The T-Mobile Breach doesn’t include financial data so why does it matter?

T-Mobile has admitted to a severe data breach. And, while it has been very unforthcoming about the details of the data hack, it doesn’t appear that financial info has been exposed. So, does it even matter?

Well, yes.

According to T-Mobile, names, phone numbers, account details and addresses of pre-paid customers have been exposed in the data breach. And that should worry everyone involved.

Personal data can be used to scam people into handing over financial info following the T-Mobile breach

While payment and credit card information are not thought to be included in the breach, that doesn’t mean victims are safe. A phone number alone is often enough for hackers to extort further information and commit crimes. Indeed, we regularly deal with cases where seemingly “safe” data exposed in a breach is used to commit financial theft.

For example, phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Typical phishing scams include:

  • Where fraudsters contact you posing as your bank and tell you that you are at risk of fraud
  • Where fraudsters contact you posing as a company (e.g. T-Mobile) and encourage you to update your financial details with them
  • Where scammers send out an email from a service you use (e.g. T-Mobile). This message instructs you to click on a link which leads to a fake page that collects further details.

Unfortunately, where someone has become a victim of a phishing scam, their bank is not always responsible for their losses. So, people can be left not knowing where to turn.

The theft of personal data can be extremely distressing

The impact of data breaches goes much further than financial losses.  We’ve seen cases where experiencing a data breach has resulted in adverse life events. For example, having to move to a new house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of this can have an impact on a person’s mental health. And, like financial losses, this often happens months after the initial breach.

We interviewed renowned clinical psychologist Professor Hugh C. H. Koch to find out more about the typical psychological effects experienced by victims of data breaches. He told us that:

“Data breach victims typically experience high levels of anxiety, specific to the data breach but also generalised to other aspects of dealing with correspondence, telephone and digital communication and payment for services. Victims experience social anxiety, with difficulties dealing with friends and neighbours, tradesmen, shopping transactions and can develop oversensitivity or paranoia in their communications with others. They can also develop varying aspects of mood disturbances or depression especially including poor sleep and tearfulness.”

You can read this article in full here.

Your personal data can be used against you following the T-Mobile data breach

According to a report by The Independent, the personal data of UK citizens is selling for as little as £10 on the dark web. And there is a misconception that some forms of personal data are not as valuable as others. But this isn’t necessarily the case. All too often, cyber-criminals use names and email addresses stolen in a data protection act breach to commit identity fraud.

Also, there are serious concerns about how (often stolen) data is being used for political purposes. In fact, in 2017, the UK’s data protection regulator (the ICO) launched a formal investigation into this very topic. The investigation is one of the largest of its kind and is ongoing. Furthermore, the Electoral Commission, the Department for Digital, Culture, Media & Sport Committee and The Institute of Practitioners in Advertising have all raised concerns about how data is being used to micro-target voters.

According to an ICO report:

“Citizens can only make truly informed choices about who to vote for if they are sure that those decisions have not been unduly influenced. The invisible, ‘behind the scenes’ use of personal data to target political messages to individuals must be transparent and lawful if we are to preserve the integrity of our election process”.

You have a legal right to data privacy

Everyone in the UK has the right to the protection of their personal data, and we expect big companies to put enough security processes in place to keep intruders out.

A data breach is a severe failure, so, even if your information is never used against you, that doesn’t mean that you can’t hold T-Mobile to account for putting it at risk in the first place.

Regardless of the outcome of this breach, T-Mobile neglected to protect its customers’ privacy rights, so, you have a right to claim compensation.

Are you at risk?

T-Mobile has said that all affected individuals have been, or will shortly be, notified. However, it also says that if you don’t receive a notification, this could be because they don’t have up-to-date contact information for you. So, all customers should check their contact details on their account in the event that T-Mobile needs to reach them.

If you are a T-Mobile customer, it is also worth checking your spam folder and any old email accounts in case the email has gone there.

If you are/were a pre-paid T-Mobile customer, and you have not received a notification and would like to confirm if your information was impacted, you can email privacy@t-mobile.com.

Making a T-Mobile data breach claim

At Hayes Connor Solicitors, we are considering starting a no-win, no-fee group litigation action for UK customers who have had their data privacy violated in the T-Mobile data breach. To become part of this group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.

Our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. So, we are confident that our team will get the results you deserve. We have all the experience and expertise necessary to get the best possible outcome for you.

We can take on your claim on a no-win, no-fee basis.

Register now


[1] https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-id-value-hackers-cyber-crime-a8683821.html

Dixons carphone fine
, ,

Dixons Carphone Warehouse fined half a million pounds for huge data breach

In summer 2018, Dixons Carphone Warehouse (DSG Retail Limited) admitted that millions of its customers had their details exposed in a massive data breach.

  • Hackers got access to 14 million personal data records. This compromised dates of birth, addresses and phone numbers
  • Dixons Carphone also discovered a separate attempt which compromised the records of 5.9 million payments cards.

In response, the Information Commissioner’s Office (ICO) has now fined the company £500,000 for this shocking data privacy failure.

What was the result of the ICO investigation?

An ICO investigation into the breach has found the national retailer guilty of having poor security arrangements and failing to take adequate steps to protect personal data. This included vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing.

Commenting on the breach, Steve Eckersley, ICO’s Director of Investigations, said:

“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR.”

Will victims of the Dixons Carphone Warehouse receive this money?

No, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation.

However, now that the ICO has found Dixons Carphone Warehouse guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim.

Why should you make a data breach compensation claim?

A data breach can lead to financial and identity fraud

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

“The ICO considered that the personal data involved would significantly affect individuals’ privacy, leaving affected customers vulnerable to financial theft and identity fraud.”

The emotional impact of a data breach can be devastating

The impact of data breaches goes much further than financial losses. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. Mr Eckersley added:

“Such careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud.

“We recognise that cyber-attacks are becoming more frequent, but organisations have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.”

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

It’s essential to hold companies to account if data security is to improve

This is not the first time the company has failed to protect its customers’ data. In fact, there is a history of data negligence at the company.

The Carphone Warehouse (which merged with Dixons) was fined a £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees were put at risk.

Something must be done to hold them to account.

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Making a Dixons Carphone Warehouse data breach compensation claim

If you were affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is at the mercy of cybercriminals following the Dixons Carphone Warehouse data breach.

In response, and in light of the ICO’s findings, we will now be launching a group action to help people claim Carphone Warehouse breach compensation.

We have appointed Barrister Ian Whitehurst to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

To become part of this group action, we need you to register with us. This guarantees that you will form part of the Carphone Warehouse breach compensation claim that will be lodged by us.

We can take on your claim on a no-win, no-fee basis so you have nothing to lose.

REGISTER NOW

conditional fee
,

How much does it cost to join a data breach group action claim?

When you appoint Hayes Connor as your solicitors, you enter into a Conditional Fee Agreement (CFA) with us. This is also known as a no-win, no-fee arrangement. But, for many people thinking about joining a group action claim, concerns about hidden fees and expenses can put them off. Not least because, a CFA has to use specific words and phrasing. And this “legalspeak” can be confusing.

So, what does “no-win, no-fee” really mean? And just how much does it cost to join a data breach group action claim?

What is a Conditional Fee Agreement (CFA)?

A CFA is a written agreement between you and your solicitor. It is designed to give you peace of mind and states that you won’t have to pay a penny if your claim is unsuccessful. It also sets out what you will pay if you win.

The CFA should list all the standard services that are likely to be needed in your case, and which are designed to help you get the compensation you deserve. The amount and type of services needed will depend on your particular case.

The CFA should also set out what isn’t covered under the terms of the agreement. In other words, where you might be liable for fees. In most cases, this includes things like the cost of any counterclaims or some appeals. Counterclaims are extremely rare in data breach cases. But we will advise you as to the likelihood of a counterclaim before we start your case. Appeals by your opponent against the final decision are covered in our CFAs.

Your obligations under a CFA

To make sure you don’t become liable for unnecessary costs, you must follow the T&Cs set out by your solicitor. For example:

  • You must not mislead your solicitor
  • You must not fail to co-operate
  • Should you wish to terminate your claim, you will be responsible for all costs and disbursements incurred by your solicitor
  • You must act in accordance with the agreement and the advice given by your solicitor.

What will you pay if you win?

If your claim is successful, your solicitor will probably charge a success fee. This fee covers the costs they have incurred in representing you in your group action case.

We often attempt to recover the cost of the success fee from the other side. But, where we cannot, you will be liable for this cost. At Hayes Connor, we cap this fee at 25% of any compensation you receive. This gives you the peace of mind that you will always receive 75% of any compensation awarded.

The amount you will pay if you win should be clearly set out in your CFA.

Expenses

Your solicitors will probably run up some expenses (often called disbursements) on your behalf while working on your case. However, when you join a Hayes Connor group action, as long as you abide by the terms of our agreements and follow our T&Cs, you won’t have to pay these disbursements and expenses, win or lose.

What will you pay if you lose?

Absolutely nothing! Let us explain why…

If your claim is not successful, you will be responsible for the Defendant’s costs. This would be a share of the costs they incurred in defending the group action claim. However, at Hayes Connor, we take out After the Event (ATE) insurance on your behalf. This protects you from having to pay the other side’s costs and expenses if you lose your case.

So, if you lose your claim, you won’t have to pay a penny*.

Removing the jargon from data privacy claims and the conditional fee agreement

At Hayes Connor Solicitors, we make sure our clients have as much information as possible before making a claim. This makes sure that they are fully informed at all times. Using plain English to explain what everything means, you can use our jargon-free guides to make sure you understand exactly what is involved when claiming compensation for a data breach or cybercrime.

* Provided that you have complied with our Terms and Conditions.

ticketmaster
, , ,

Why is the Ticketmaster data hack investigation taking so long?

At Hayes Connor, we have issued a claim against ticketing giant Ticketmaster following its 2018 data breach. But even though the privacy failure took place 18 months ago, we still have some way to go before compensation can be issued to victims. But why is the Ticketmaster data breach investigation taking so long?

Ticketmaster is refusing to accept any blame for the data hack

The Ticketmaster data breach happened when hackers gained access to thousands of Ticketmaster details via chatbot software hosted by Inbenta Technologies. It was this software that was compromised in the data breach incident. As such, Ticketmaster claims that all responsibility for the data breach rests with Inbenta.

However, Inbenta has refuted that it is responsible. It admits that it supplied the code accessed in the Ticketmaster hack, but says that it did not know Ticketmaster planned to use it on a payment page. If it had been told that its product was going to be used that way, Inbenta states that it would have advised against it.

The fact that a third-party is involved in this breach does complicate matters. But it doesn’t mean that Ticketmaster wasn’t to blame. Ticketmaster is the company responsible for the security of the data it collects (e.g. customer names, payment card details, etc.). As such, it was responsible for making sure that adequate checks and processes were in place when it came to any third-party integration. So, implicating Inbenta as the one responsible is both dishonest and legally neither here nor there.

In our expert opinion, Ticketmaster is attempting to using Inbenta as a scapegoat for this breach. And in doing so, is dragging out the compensation process.

The ICO is delaying its decisions

In group action cases, there is only so much that can be done until the UK’s data protection regulator (the ICO) has carried out its investigation into a breach, and announced its findings. And, despite our frustration at the wait, that’s as it should be. It’s important to know the extent of any security failures before compensation can be properly discussed.

But despite our understanding of the ICO and its processes, we are concerned about the time some decisions are taking.  And this includes the Ticketmaster data hack group action.

One possible reason for the ICO’s delay when it comes to Ticketmaster is that this case is legally very challenging. The Ticketmaster data breach affects people who bought tickets between September 2017 and 23 June 2018. With the GDPR coming into force on May 25th 2018, this means that the violation spans two different data protection acts:

  • The Data Protection Act (DPA) 1998
  • The Data Protection Act (DPA) 2018 (the UK’s version of the GDPR).

These acts have drastically different levels of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

It is not yet clear which legislation is relevant, but the breach could be judged under both. Alternatively, the entire data protection failure could be treated as a breach under GDPR as it kept happening after the new laws came into force. If GDPR is used, the Ticketmaster data breach case will set the tone for action to be taken by the ICO in future breaches.

So, it is understandable – in this instance at least – why the ICO would need time to get its decision right.

Ticketmaster data hack group action

At Hayes Connor, we are helping people who want to make a compensation claim because of the Ticketmaster data breach.

If you have already contacted us, and we have confirmed that you are part of our first group action, there is nothing for you to do at this stage. We will keep you updated, and as soon as the investigation is complete, we will take your case to the High Court.

If you have contacted us and are waiting to join our second group action, we’ll be in touch about anything we need from you. We will then progress your claim once our first group action has been decided in court.

If you haven’t yet contacted us, it’s not too late. If you have suffered a privacy violation caused by Ticketmaster’s breach of data privacy laws, you have a right to claim compensation. All you need to do is register with us and we will keep you updated.

There is no cost to join our group action, and no obligation to proceed.

REGISTER NOW

 

YAHOO representative
, ,

What is the Yahoo Representative Action?

In 2014, a Russian state-sponsored cyber-attack resulted in personal data being stolen from over 500 million Yahoo user accounts worldwide. Despite evidence that the firm knew about the hack soon after it happened, the data breach wasn’t reported until September 2016.

Following its inquiry into the breach, the ICO (the UK’s data protection regulator) found that Yahoo had failed to prevent the hack. The ICO also condemned inadequacies that had been in place at Yahoo for some time without being discovered or addressed. In response, Yahoo was fined £250,000 for the data breach.

But what has happened since then?

Yahoo agrees to set up a $117.5 million compensation fund

In October 2019, a US class action settlement allowed Yahoo users to file a claim for compensation.

Under this deal, anyone who had a Yahoo account between January 1st, 2012 and December 31st, 2016 became eligible to seek a payout from the fund. People who had a Yahoo account – including traditional Yahoo email or accounts on Yahoo Fantasy Sports, Yahoo Finance, Tumblr and Flickr – during this time, could also get two years of free credit monitoring services.

But the settlement only applies to residents of the United States or Israel.

At Hayes Connor, we believe that UK customers deserve compensation too. And, in response, we are launching a representative action against Yahoo.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have had their email addresses stolen and data privacy violated.

In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

One solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions – including the Yahoo data breach.

A recent data protection case has made claiming against Yahoo even easier

A recent data protection case has transformed how data breach claims will be managed in the UK. The result of this court action will impact those people in the UK consumers who had their personal details put at risk in the Yahoo data breach.

This is because, until now, to join a group action data breach claim, victims had to be able to prove that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. However, the Court of Appeal has now decided that all data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

So, many more people are now free to claim from Yahoo. What’s more, following the ruling, people can now seek compensation from Yahoo, even if the only personal information breached was their email address.

Join our Yahoo representative action claim

If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. The settlement reached in the US and the result of the ICO’s investigation in the UK mean that you could have a very strong case. There are no costs to join our group action and there is no obligation to proceed.

START YOUR CLAIM

new years honours
, ,

1,000 New Year Honours recipients suffer a data breach

While most of us were enjoying a well-earned break, the home addresses of 1,000 people were posted online. In this case, the impact of the data breach could have far-reaching repercussions as those affected included high-profile individuals such as Sir Elton John and Olivia Newton-John. Politicians (including former Tory leader Iain Duncan Smith) and serving police officers were also impacted by the breach.

Of course, at Hayes Connor, we don’t distinguish between celebs and ordinary people when it comes to upholding data privacy rights. But it is especially worrying that this sensitive information was put at risk and could have fallen into the wrong hands – particularly as many of the recipients are controversial figures. As such, many of those affected will need to assess/increase their current security arrangements.

What happened in this case?

The house numbers and postcodes of hundreds of famous people recognised as part of the British honours system were left available online about an hour. It is likely that the data breach was caused by human error. The Cabinet Office has since apologised for the data protection failure, and the matter has been reported to the Information Commissioner’s Office (ICO), but this is unlikely to help soothe the concerns of those affected.

Commenting on the data breach a spokesperson for privacy campaign group Big Brother Watch said:

“It’s extremely worrying to see that the Government doesn’t have a basic grip on data protection, and that people receiving some of the highest honours have been put at risk because of this.

“It’s a farcical and inexcusable mistake, especially given the new Data Protection Act passed by the Government last year – it clearly can’t stick by its rules.”

What can be done about the New Year Honours data breach?

According to press reports, one victim of the data breach has said that “If those responsible have apologised and it is a genuine error, then there is not much more that can be done”. But this is not actually the case. The vast majority of data breaches are caused by poor data protection policies and a failure to put adequate security procedures and training in place. As such, organisations that expose people to this level of risk must be held accountable for their actions.

Every day we help the victims of data breaches who have become miserable, upset and emotionally distressed by privacy violations. All too often, these victims will have tried to engage with the organisation that has committed the violation. But they will have been rebuffed or offered a wholly inadequate excuse. Almost every organisation fails to recognise the stress, anxiety, upset and anguish caused by the data breach. And it looks like the government is no exception.

What is Hayes Connor doing to help victims of data breaches?

Hayes Connor Solicitors is a law firm operating in the data breach and protection sector. We help our clients to claim data breach compensation following data protection violations, GDPR breaches and other cyber offences.  We are an established and trusted firm that has been helping people to claim compensation for over 50 years.

Over the past two years, we have become a true specialist in the relatively new but increasingly important field of data breach law. And today, this is all we do. Because we have been winning data protection cases longer than most other solicitors, we are more experienced when it comes to understanding the complexities involved. We are also the only legal firm to launch a multi-party action against the ticketing giant Ticketmaster and, in April 2019, our multi-million-pound damages claim against Ticketmaster was issued in the High Court. The estimated total value of our claim on behalf of more than 650 clients is £5 million.

In 2019 we were highly commended for two prestigious legal awards, and so far this year we have already been shortlisted in two categories for the Eclipse Proclaim Modern Law Awards 2020.

Last year alone we opened over 4500 new cases and, crucially, we have a history of winning data breach compensation cases on behalf of our clients.

In larger cases, we work alongside Louis Browne QC and Ian Whitehurst of Exchange Chambers Liverpool. This is the same expert data protection team currently engaged in Equifax, Ticketmaster and British Airways litigation. We also work with Hugh Tomlinson QC – an esteemed expert in data protection law. He acted for the claimants in a highly successful case against Google.

This means that when someone appoints us, we ensure they get the very best level of legal support available.

Find out more about our data breach experts. 

 

data breach compensation
,

Making a data breach claim

As the UK’s leading data breach law firm, we understand that making a claim for compensation can be daunting. So, we’ve made the process of making a data breach claim as quick and easy as possible.

To make sure you are fully informed before starting, here’s some information on who can claim, what making a claim involves, and who we are. By making sure you are fully informed before you take the next step, we ensure a stress-free experience from start to finish.

Are you eligible for data breach compensation?

Organisations must tell you if they have breached your personal data. So, if you have been informed that your privacy has been violated, you might have a case. Furthermore, you can claim compensation if an organisation has failed to protect your personal data, regardless of whether or not you have suffered as a result of the breach.

What can you claim data breach compensation for?

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Emotional distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

Are there any reasons why you shouldn’t claim?

With hacks and breaches happening more and more often, something has to be done to make companies accountable. So, claiming compensation isn’t just in the best interests of victims – it could also be the only way to ensure that organisations implement more secure processes.

But it’s important to get specialist legal help, especially as there are a number of “claims management companies” all too keen to turn data breach claims into the new PPI.

What do you need to know about Hayes Connor?

  • We are an established and trusted firm that has been helping people to claim compensation for over 50 years
  • We are true experts in data breach law. This is all we do, and we have been doing it longer than most other solicitors. We lead our field when it comes to understanding the complexities involved
  • We offer no-win, no-fee funding arrangements. And there are no hidden costs or admin expenses. Find out more about what no-win no-fee means
  • In larger cases, we work alongside Louis Browne QC and Ian Whitehurst of Exchange Chambers Liverpool. This is the same expert data protection team currently engaged in Equifax, Ticketmaster and British Airways litigation. This means you will get the very best level of legal support available
  • We have created a range of jargon-free guides to make sure you understand exactly what is involved when claiming compensation
  • At Hayes Connor Solicitors, we have never done PPI claims. What’s more, we only ever get in touch with people who have asked us to. This means we never cold call, send spam texts, spam emails, or engage in any other form of nuisance marketing. We never pressure anyone into making a claim.

What type of cases are there?

There are three key types of data breach claim:

Group action

Group actions can be a powerful tool and can have a bigger impact than a single claim. Group action claims are usually used for significant data breach cases where a group of people have experienced financial loss and/or emotional distress.

Representative action

A representative action is a type of group action. Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have had their email addresses stolen and data privacy violated.

Individual case

Every day, smaller data breaches are causing misery and upset to people across the UK. And while these incidents don’t make the headlines, for those involved the experience can be devastating.

What happens once you contact us?

Once you’ve let us know about your experience, we’ll be in touch to let you know what we need from you, and what the next steps will be.

What do you need to do now?

Starting a data breach case is easy. All you need to do is sign up here.

merry christmas

Merry Christmas

A very Merry Christmas to all our Clients, Staff and Followers!

Thank you for your support this year!