data breach appeal
, ,

Morrisons loses data breach appeal

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

The Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

 

Where Next

Over the last 18 months, we have seen numerous examples of significant personal data loss. Many of these violations have been able to occur due to weaknesses contained in companies’ IT software.

As the trend towards a cashless society accelerates, this will only continue as retailers and other businesses seek quicker and slicker interfaces with their consumers. Both at the point of sale and throughout their customer journey.

In the case of Morrisons, significant steps were taken to protect data, but those steps failed. In this instance, the data was lost at the hands of an employee turned hacker. However, data is also at threat simply due to careless employees going about their day-to-day business.

The latest ruling is the tip of a very large iceberg. Mass data breach actions are also being made against Ticketmaster and British Airways among others. Such actions, when properly prepared and investigated, will have significant financial consequences in terms of damages and costs.

Data breaches on a large scale are a real and pressing threat. In response, the clear and overwhelming view of the Court of Appeal is that such events must be foreseen by companies, and insured against.

The reaction of the insurers to such events, their provision of cyber cover and premium costs is now under the spotlight. Indeed, we predict a situation where the volume of exclusions to policies will increase.

Companies must now protect themselves better from data loss. But they also need to be extremely vigilant as to the activities and errors of their employees to be afforded the cover they pay for, or think they pay for.

 

If you have been affected by this or any other data breach then you can get in touch with our experts today

data breach solicitors
,

Morrisons loses data breach challenge

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

 

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

Today, the Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

Why is this case so important?

In 2015 – in the first group litigation of its kind in the UK – over 5,000 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

In December 2017, despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was liable for its omissions such as not ensuring the proper security measures to protect the data.

The judge in the original case also ruled that Morrisons was “vicariously liable” for the employee’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

The decision to hold Morrisons vicariously liable is important, as it gives victims more opportunities to seek compensation (companies are more likely to be insured against such liability than employees).

The case also paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

 

Morrisons has now said that it will now appeal to the Supreme Court. If that appeal fails, those affected will be able to claim compensation for “upset and distress”.

The latest decision is good news for people who want to hold businesses to account for a failure to protect personal and sensitive data.

The judgement has been referred to as a “wake-up call for businesses” and Morrisons could now face a hefty compensation bill.

 

data breach compensation
,

Hayes Connor Solicitors launches group action following Equifax data hack investigation

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation.

Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

What happened in this case?

The fine follows a 2017 cybersecurity incident which led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent. Following the data breach, it was revealed that Equifax’s failure to patch a server flaw resulted in hackers potentially stealing 143 million US citizens’ data, and the personal details of up to 15 million Brits. This sensitive information included email addresses, passwords, driving license numbers and phone numbers.

Furthermore, while Equifax originally said that no UK passwords or financial information were stolen in the hack, it has since admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

The ICO investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

Information commissioner Elizabeth Denham said Equifax showed a “serious disregard” for its customers and their personal information.

Why should you join the Equifax group action?

The sheer scale of the Equifax data breach means that millions of people across the UK are now at an increased risk of theft and identity fraud. So we welcome the news that the ICO is holding Equifax to account.

However, while fines are an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

What can you claim compensation for?

Many Equifax customers have had their financial information stolen, and that can be devastating if it gets used by cybercriminals to carry out fraud or theft. But, in addition to this, much of the data stolen from Equifax is considered to be personally identifiable information. This means that the data can be used to identify a specific individual, and be manipulated to undertake identity fraud.

We should all be very worried about what could happen if our personal data gets into the wrong hands. With enough information, cybercriminals can steal our identities, apply for credit in our name, set up fraudulent bank accounts and access our existing accounts. So, it is understandable that victims would want to seek compensation for Equifax’s failure to look after their information correctly, and the best way to do this is through a group action case.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

What is a group action?

A group action allows people with the same type of claim to bring it together on a collective basis. Doing this strengthens their overall position and increases their chances of settlement or success at Court. What’s more, with a group action, claimants often share the legal fees. So, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

How to join the Equifax group action

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by our firm. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is also providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if someone is awarded £1,500, they will get all of the compensation. There are no solicitor’s fees win or lose.

If you have been affected and want to join the group action, you can register your details here.

,

INFOGRAPHIC: Everything you need to know about the Equifax Data Hack

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation. Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

Here’s a quick overview of this case:

Register your details here.

,

Data protection complaints increase leading to possible rise of GDPR breach compensation

According to the Information Commissioner’s Office (ICO) – the watchdog responsible for regulating data protection laws in the UK – the number of reported data protection complaints has almost doubled since April this year. If the regulator upholds these complaints, there could be a corresponding rise in GDPR breach compensation claims.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.  This saw more robust data protection laws come into force. GDPR is the most significant change to data privacy regulations in over two decades. The new rules are designed to:

  • Boost the rights of individuals by giving them more control over their information
  • Put more limitations and responsibilities on how organisations can handle personal data
  • Make data protection (including data breaches) more transparent.

The GDPR also saw the introduction of tough penalties for data breaches. In fact, companies who fail to put adequate data protection processes in place and subsequently suffer a breach could face fines of up to €20,000,000 or 4% of their total global annual turnover for the last financial year.

While the ICO does not award GDPR breach compensation to victims, if a company is found guilty of a data violation this can strengthen an individual’s claim.

According to the ICO:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

The stats exclude the health sector.

The figures indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months. For example, at Hayes Connor Solicitors we are currently pursuing cases against:

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

If you have been affected by any of these cases, or if you want to make a GDPR breach compensation claim against another organisation, let us know.

Making a GDPR breach compensation claim

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

You can make a GDPR breach compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your GDPR breach compensation claim, quickly and easily.

Our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.

CONTACT US AND START YOUR GDPR breach compensation CLAIM TODAY

British Airways breach caused by the same hackers as Ticketmaster
, , ,

British Airways data breach caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent British Airways data breach. The group has been very active in the past three years. It is also thought to be behind the Ticketmaster data hack.

Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit card scheme.

A new report by RisqIQ states that there are clues linking the same operation to the British Airways breach. The company said the code found on the British Airways site was very similar. However, the code was modified to suit the way the airline’s website had been designed.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”.

If the British Airways data breach was carried out by the same group, the threat to consumers could be much worse than thought. RisqIQ has said that it looked like the group behind the attack had decided to target specific brands, and that more breaches of a similar nature were likely.

What should you do about the British Airways data breach?

Regardless of who was behind the attack, British Airways was responsible for keeping your data safe, and this is something it has failed to do.

The British Airways data breach has compromised payment details and personal data. This information that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. British Airways has said that it has informed those involved, so if you have received this email let us know.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

British Airways data breach responsibility
, ,

British Airways accused of not taking responsibility for data breach

Last week it was revealed that almost 400,000 British Airways customers had their bank card details stolen in one of the most severe cyber-attacks in UK history. However, the company’s statement on how it would be awarding compensation for the British Airways data breach has been accused of being “unprofessional” by some customers.

Following the British Airways data breach, the personal and financial details of 380,000 customers were put at risk. In response, British Airways said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

In response, customers have spoken to the media and taken to social media to share their fury at the airline’s handling of a data breach.

According to an article in The Metro, one BA customer said “They talk about compensation to be discussed on a case-by-case basis. To me, this seems incredibly unprofessional.”

He added: “They are trying to not take full responsibility for it”.

The same customer is reported to have suffered fraudulent activity on his credit card, which he used to book a British Airways flight during the time the data was at risk.

Other customers have complained that they have not been contacted by British Airways about the data breach, despite having seen fraudulent activity on their payment cards.

Should you accept compensation from British Airways?

At Hayes Connor Solicitors, we are experts in data breach cases. As such we are preparing to launch a British Airways Data Breach Group Action once the relevant investigations are complete.

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim in principle to bring it together on a collective basis. This strengthens their overall position and increases their chances of settlement or success in litigation. And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Also, in such cases, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation. That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

 

Data breach
,

Can you make a data breach claim against Gloucestershire Police?

Following a worrying data breach scandal, Gloucestershire Police has been fined £80,000 for sending a bulk email that identified victims of historical child abuse.

Commenting on the breach, Steve Eckersley, Head of Enforcement at the Information Commissioner’s Office (ICO) said: “This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity”.

As such, those affected should now be looking to claim compensation.

 What happened in this case?

 A police officer involved in a non-recent sex abuse investigation sent an update on the case to 56 people. These people included victims, witnesses, journalists and lawyers. However, the officer carelessly made all the email addresses viewable by all recipients.

Gloucestershire Police realised the mistake two days after it happened in December 2016. But while it successfully recalled three emails (and one email was undeliverable), 56 full names and emails were visible by to up to 52 people. The email also referenced schools and social services that were being investigated following the allegations of abuse.

On realising its error, the force reported it to the ICO and sent an apology to all recipients. However, this remains a “serious breach” of data protection laws.

What was the result of the investigation?

An investigation by the ICO into the breach found that adequate security processes were not put in place to prevent such errors from occurring. For example, the “bcc” (blind carbon copy) function, which can be used to keep addresses private when sending bulk emails was not automatically selectable on the system. In addition, Gloucestershire Police failed to provide staff with adequate (or any) training, guidance or policies on bulk email communication and the importance of keeping private and sensitive information safe.

The ICO spokesperson added: “The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law – especially when such sensitive and confidential information was involved.”

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Gloucestershire Police is particularly worrying as those involved were likely to suffer significant distress knowing that they could be identified as victims of child abuse. The investigation also concluded that many of these victims were suffering from the lifelong consequences of this abuse, and were already vulnerable. As such, the failure to protect their privacy is likely to cause considerable emotional anguish.

To make matters worse, despite the findings by the ICO, and while Gloucestershire Police has since apologised for the mistake, it has failed to accept full responsibility. In fact, the force has said that it is disappointed by the decision and is considering an appeal.

While human error does happen, Gloucestershire Police simply did not make sure that appropriate procedures and training was in place to avoid such a breach from occurring. So it must be held to account.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM

data hack
, ,

Should you accept data breach compensation from British Airways?

Over the last few days, it has been revealed that almost 400,000 British Airways customers have had their credit/bank card details stolen. The “sophisticated, malicious criminal attack” is thought to be one of the most serious cyber-attacks in UK history.

In response, British Airways has contacted those customers affected and has said that it will be discussing data breach compensation claims on an ‘individual basis’. However, it is not up to British Airways to dictate the terms of any compensation payments.

Instead, at Hayes Connor Solicitors we would ask anyone affected by the breach to consider the following if they want to achieve the maximum data breach compensation possible following the British Airways data hack.

  1. It appears that British Airways has made this data breach worse than it needed to be

While the British Airways data hack started over two weeks ago, it took the airline until Wednesday night to alert its customers. We believe that this is a severe failure by British Airways.

British Airways has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals. So, in addition to any failure in its IT systems (failures that allowed the hackers to gain access to your data), we also believe this delay in reporting should be considered in any compensation claim.

  1. You deserve compensation even if you haven’t lost money

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual.

If this data gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

We want to make sure that anyone affected by the data breach understands that they can claim compensation for a failure to look after their data – and how much they could be entitled to – even if they haven’t suffered financially.

  1. British Airways might try to fob you off with a low offer

At Hayes Connor Solicitors, we are experts in data breach cases. And, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law.

That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Find out more about the benefits of using an expert data protection lawyer.

  1. You can claim compensation for distress

It doesn’t matter if you haven’t lost out financially as a result of the British Airways data hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information and bank details you would be distressed. So why should you feel any less upset at having your online data taken; particularly when British Airways may have given the burglar the keys?

If the British Airways data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation. And, at Hayes Conner Solicitors, we know exactly how much compensation you could get.

  1. A group action could strengthen your chances of success

Where lots of people have been affected in a similar way, group actions can be a powerful tool and can have a bigger impact than a single claim.

Find out more about making a group action claim.

We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the British Airways data breach.

To join this group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

cybercrime
, , ,

BA customers victims of huge data breach with cybercriminals stealing bank card details

Almost 400,000 British Airways customers have had their bank card details stolen in what is reported to be one of the most severe cyber-attacks in UK history.

Worryingly, while the huge data breach started over two weeks ago, it was only detected by the airline on Wednesday night. At that time BA told its customers about the breach and reported the incident to the police.

However, with 12 days between the BA data breach occurring and the incident being detected, questions are now being asked as to whether poor systems have made this cyber-attack worse.

All 380,000 customers who booked flights online or via the BA app during that time using a debit or credit card are affected.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the BA data breach.

What happened in the BA data breach?

Hackers carried out a “sophisticated, malicious criminal attack” on the BA website. BA has confirmed that the personal and financial details of customers making bookings had been compromised. In total, about 380,000 transactions were affected.

Along with the financial info stolen, it appears that the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data or financial information following the BA data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you have been affected by this BA data breach, please contact your bank or credit card provider immediately.

BA has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals.

What has BA done about the data breach?

BA has notified the police and relevant authorities. The National Crime Agency has also been brought in to investigate this case.

The airline has also issued an email to affected customers stating that:

“From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.

 “The breach has been resolved and our website is working normally.

 “We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.

 “We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.

 “Further information can be found at ba.com.”

Is BA offering compensation for the data breach?

British Airways customers have rightly vented their fury at the airline, especially as it long it took them so long to notice that they had been attacked.

Customers have also taken to social media to raise concerns about how secure BA’s IT security processes are. And they are right to do so. Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

The airline has said that compensation claims will be discussed on an ‘individual basis’. However, it is not up to BA to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

What can you do about the BA data breach?

With investigations now underway into the data breach, if BA is found responsible for this appalling data protection failure, the airline will no doubt have to pay a hefty fine. But, while the Information Commissioner’s Office does issue fines, it does not award data breach compensation. At Hayes Connor Solicitors, our data breach solicitors can help you with that.

We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.

In response, we are preparing a group action compensation claim for everyone who has had their data accessed in the BA data breach if it is found that BA have failed to adequately protect that data.

To preserve your ability to claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW