,

The real-life impact of data breaches

When it comes to data breaches, we know that the impact can be serious and long-lasting. Because, every day, our solicitors help people with data breaches that have had a devastating effect on their lives.

The vast majority of these breaches are caused by small mistakes, such as a company sending an email to the wrong person. Sometimes they happen because staff wilfully break data protection rules and access information they have no right to view (e.g. to spy on a neighbour or ex-partner). In other cases, cybercriminals might have hacked a company’s systems and stolen data to exploit. But regardless of why a data breach happened, the impact can be overwhelming.

A data breach can cause serious distress

If a criminal came into your home and stole your private information, you would be distressed.

In fact:

  • It takes around 8 months for those who have been burgled to feel safe at home again[1]
  • 1 in 8 never recover emotionally[2]
  • 43% say they feel violated[3]
  • 44% are scared it may happen again[4]
  • A third of people suffer a huge knock to their confidence[5]

A personal data breach is a 21st-century version of being burgled. And many people feel just as upset at having their online data stolen or violated.

Let’s face it, the amount of information we share with organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So it’s no surprise that we are worried about what could happen if this gets into the wrong hands. Often, victims of data breaches go on to suffer from anxiety, and existing mental health conditions can be made worse.

People can suffer serious losses following a data breach

A data breach can result in financial theft. With your bank/credit card info, cybercriminals can steal directly from you. But, even without this they might be able to apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And getting your money back isn’t always easy.

People are often not taken seriously after a data breach

All too often, people who have had non-financial data stolen and make a data breach claim are accused of “trying to get something for nothing”. But non-financial data breach cases can have a huge impact. For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

We are on your side

The good news is that the law recognises the amount of damage that can be caused by having your information stolen. And, at Hayes Connor Solicitors, we help our clients to make compensation claims after their data privacy rights have been violated.

Something has to be done to make companies accountable for any harm done and make the necessary improvements. Especially as most data breaches happen because of a failure to implement reasonable and robust processes.

If you have been the victim of a data breach find out how we can help you to recover any losses or give us a call to discuss your case in more depth.


[1] Allianz Insurance

[2] MoneySuperMarket

[3] MoneySuperMarket

[4] MoneySuperMarket

[5] UIA Insurance

,

Does a drop in data breach reporting mean data privacy has improved?

In January last year, a report from the Information Commissioner’s Office (ICO), told us that the number of reported data protection breaches had almost doubled since the introduction of the General Data Protection Regulation (GDPR). Of course, GDPR made self-reporting of data breaches mandatory, so this increase was to be expected. However, according to the latest ICO report[1], there was a steady drop in data security incidents between January and March 2020. So, does this mean that data privacy is finally improving?

Not necessarily. Because, according to the ICO, “these figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents.” And, what is becoming more and more apparent is that many organisations do not know that a data breach has occurred until much later. In fact, according to one study[2], on average, companies take about 197 days to identify a data breach. In some cases, it can even take years.

Common causes of data privacy violations

The latest ICO report states that the volume of some cybersecurity incidents has increased considerably year-on-year. It lists the following common causes of data violations:

  • Phishing
  • Ransomware
  • Unauthorised access
  • Hardware/software misconfiguration.

However, just as with earlier reports, despite fears about cybercrime, it is human error that is still the leading cause of data breaches. And, the main culprits are:

  • Data being sent to the wrong recipient
  • Data posted/faxed to the wrong recipient
  • Failure to redact data
  • Failure to use bcc when sending an email
  • Loss of theft of paperwork
  • Unencrypted devices being lost or stolen.

These are the same data process failures that were occurring last year.

Which sectors report the most data protection breaches?

The sectors most affected by data protection breaches are:

  • Healthcare
  • Education & childcare
  • Finance insurance and credit
  • Legal
  • Local government
  • General business
  • Retail and manufacture

What can you do if you are the victim of a data protection breach?

The ICO can impose hefty fines on organisations that don’t meet their obligations under the Data Protection Act. However, the ICO does not award compensation to victims.

If you have suffered damage, distress or a loss of privacy caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And, at Hayes Connor Solicitors, we know what it takes to make a successful data breach compensation claim.

Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you.

We also understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. That’s why we remove the jargon from the process and make sure you always know what’s happening with your case. Of course, it goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.

START A DATA BREACH CLAIM


[1] https://ico.org.uk/action-weve-taken/data-security-incident-trends/

[2] IBM

, , ,

Hold EasyJet to account, even if you haven’t lost any money

At Hayes Connor Solicitors, we have received hundreds of enquiries from people who have had their right to data privacy destroyed in the EasyJet data breach. In some cases, victims of this breach believe that they are not entitled to compensation. Usually because they have read reports like this one in the media.

But, while this reporter states that: “Generally, victims of a cyber-attack are only entitled to be reimbursed for any financial losses they suffer as a result of their card being compromised”, this is not true.

The theft and/or use of your personal data without your consent can cause distress, embarrassment and violation.  And you have a legal right to hold the guilty party to account.

Here’s what you need to know about claiming for emotional distress and breach of privacy caused by the EasyJet data hack.

Claiming for emotional distress following the EasyJet data breach

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So it’s understandable that people feel upset at having their personal online data taken. Especially if EasyJet effectively gave the thief the keys.

And the effects can be very real. For some people, a data breach can cause a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move to a new house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

What’s more, living with the threat of “what if” after a data breach can develop/ exacerbate mental health conditions. Victims of the EasyJet all now face living with heightened concern about their personal data being used for online scams, fraud and phishing attempts. And, at a time when the coronavirus pandemic is already having an impact on mental health, this additional worry is proving devastating for some.

So, while some people might believe that claiming for emotional distress is an over-reaction, this is not true. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish.

Claiming for breach of privacy following the EasyJet data breach

As data breaches continue to rise, we must hold organisations to account for their violations of trust when it comes to your valuable information. Indeed, while cybercriminals often target organisations to steal their data, in most cases the hackers are only successful because nobody put a “lock on the door”.

But just because EasyJet didn’t prioritise data security doesn’t mean you shouldn’t.

Data breach and cybercrime claims are not frivolous. As we have discussed, the emotional impact can be devastating, even without losing any money. But even if a privacy violation doesn’t cause you damage or distress, that doesn’t mean you shouldn’t do anything about it. Your data has value and organisations are legally obliged to look after it.

Something has to be done to make companies accountable for their data protection failures. And, in many cases, taking action against these organisations is the only way to make them improve their security processes.

As such, if EasyJet failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

Has EasyJet failed to look after your data?

At Hayes Connor, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

EasyJet data breach victims reporting financial losses

According to Action Fraud – the UK’s national reporting centre for fraud and cybercrime  as of last month there were 51 reports in relation to the EasyJet data breach, with a total of  £11,752.81 in stated lossesOne customer lost £2,750 following the cyberattack.  

That’s despite the airline claiming that there was no evidence of any financial damage caused by the incident. The Action Fraud stats were shared recently.   

Action Fraud has warned those involved in the EasyJet data breach to be vigilant 

Action Fraud has provided advice and guidance if you think you have been affected. A statement on its website says:  

Action Fraud has been made aware by the National Cyber Security Centre of the cyber breach affecting EasyJet customers. We’re currently monitoring our system for EasyJet related reports to see if there has been a significant increase.

At this time we’re advising the public that if they think they’ve been a victim of fraud as a result of a data breach, to report it Action Fraud via the online reporting tool or by calling 0300 123 2040.

Here is what to do if you think you have been affected:

    • Phishing – Criminals may use your personal details to target you with convincing emails, texts and calls. Be suspicious of unsolicited requests for your personal or financial details. If you receive an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk.
    • Financial details – If your financial data was compromised, be vigilant against any unusual activity in your bank accounts or suspicious phone calls and emails asking for further information. If you notice any unauthorised transactions, notify your bank or card company.  
    • Passwords –Customers should ensure their passwords are secure. If you have been affected, you may want to consider changing passwords for key accounts such as banking. See Cyber Aware’s advice on creating a good password that you can remember, or read the NCSC’s blog post for help on using a password manager.
    • Report - If you think you have been a victim of fraud or cybercrime, report it to us. 

Our data protection solicitors are also warning people about the risks, with advice on what to do to protect yourself. You can read our guidance here 

Crucially, the effects of a data hack might not be immediately apparent, as stolen data is often used in batches over time. So, even if you have not yet suffered a loss, this doesn’t mean you are safe. You must take steps to protect yourself if you were involved in the EasyJet data breach.  

Make an EasyJet compensation claim

In addition to implementing the suggested security steps, if EasyJet has failed to uphold your data security rights, you should also consider making a compensation claim. 

At Hayes Connor Solicitors, we are watching this case with interest, and, if it transpires that EasyJet has failed to protect its customers, we will launch a no-win, no-fee group litigation action. Group actions can be a powerful tool and can have a bigger impact than a single claim.

We have already been contacted by people concerned that their data has been breached by EasyJetmanywho are understandably upset and anxious about the breach.

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen. 

If you were a part of this breach you should have been contacted by EasyJet by 26th May 2020.Everyone who received this confirmation can make a data breach claim with Hayes Connor Solicitors.

There are no costs to register and no obligation to proceed. 

REGISTER NOW

, , ,

What evidence do you need to join our EasyJet breach group action?

By now, EasyJet should have contacted everyone involved in its data breach to let them know. Certainly, at Hayes Connor, we have been inundated with queries from victims of the EasyJet breach, many of whom are understandably upset and anxious. On another page, we have attempted to answer some of the most frequently asked questions we have received so far. Here, we provide more guidance on the evidence we’ll ask you to provide if you join our claim.

1. Confirmation that you were involved in the EasyJet data breach

When you register to join our group action, one of the first things we’ll ask, is whether you have received notification from EasyJet that your details have been breached. Everyone who had their financial information hacked was informed in early April. And, by now, the nine million people who had their travel data compromised (this includes your name, email address, origin airport, destination, and departure date), should also have been informed.

If EasyJet hasn’t been in touch, it is unlikely that you were involved in this breach. However, if you booked a flight with EasyJet from 17 October 2019 to 4 March 2020, you should check your spam folder just in case.

We will require this confirmation to add you to our data breach group action.

2. Details of any phishing attacks or scams you might have experienced that you believe are linked to the data breach

Phishing criminals and other scammers could target victims of the EasyJet breach. Phishing occurs when a cybercriminal poses as a legitimate organisation, the police, or someone else you trust to trick you into handing over sensitive information such as usernames, passwords, financial data, etc.

Because of COVID-19, there is heightened concern about the personal data in this hack being used for online scams. And cybercriminals will likely try to take advantage of people who are cancelling flights because of the pandemic.

If you experience any phishing or other scam attempts that you believe are linked to this data breach, please make a note of these and keep any evidence. If you decide to make a data breach claim, we can use this to support your case. In particular, let us know of any fraudulent communications purporting to come from easyJet or easyJet Holidays.

However, you do not need this to join our EasyJet data breach group action.

3. Details of any money lost because of the EasyJet breach

Over 2,200 customers had their credit card details stolen in the EasyJet data hack. Some of these people may have had their card information used fraudulently. Even if your financial data wasn’t included in the breach, you could still have suffered a loss if a phishing scammer was able to use your personal data against you.

If you experience any financial loss because of this data breach, please make a note of this and keep any evidence (e.g. bank statements, correspondence, etc.). However, contrary to what we have seen reported in the media, you do not need to have lost money to make a data breach claim.

4. Details of any mental health conditions caused or made worse because of the EasyJet data breach

The impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic. A personal data breach is a 21st-century version of being burgled.

If you experience emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach).

5. Details of any expenses or inconvenience incurred

Following a data breach, people often have to spend a significant amount of time on the phone to their bank. Or to the credit reference agencies to rectify any dips. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim.

It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. So, please keep a hold of anything that might be useful just in case.


Join our EasyJet breach group action

We are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

EasyJet took four months to warn customers that hackers had their personal information. So, you might have already experienced phishing attempts and financial losses because of the breach. Even if you didn’t know that was the reason before now. If this has happened to you, we encourage you to let us know. However, the full impact of a data breach is often not felt until months after the initial violation, so once you join our group action, we will give you plenty of opportunities to update us should your situation worsen.

To become part of our EasyJet breach action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, ,

5 questions to ask when choosing an EasyJet data breach lawyer

At Hayes Connor Solicitors, we have launched a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim. But we understand that choosing a solicitor can be daunting. How do you know if they are the right firm for you, and, can you be sure that you won’t have to pay any unforeseen costs? To make the process a little bit easier, here are just some of the questions you should ask when choosing an EasyJet data breach lawyer.

Is you firm a data breach expert?

The best way to make EasyJet pay for its failure to look after your data is to use a specialist data breach lawyer.

A dedicated data breach law firm will employ specialists in data breach law. So they will understand what it takes to make a successful data breach claim. Some firms are keen to take on data breach cases, but they are not experts in this field. Even “litigation specialists” may not have significant data breach experience.

But, if you use a firm that only deals with data breach law, all its resources will go towards enhancing this area of expertise. And, every single person who works there – from the individual who first picks up your call to the managing director – will have data breach experience.  This can be invaluable in getting you the compensation you deserve.

Hayes Connor is the leading data breach law firm in the UK.

How much will it cost to make a claim with your EasyJet data breach lawyers?

Many firms will offer their services on a no-win, no-fee basis. In such cases, if you don’t win, you don’t have to pay a penny.

But it’s also worth looking at what you will be charged if you win. Because if your claim is successful, you will have to contribute towards your EasyJet data breach lawyer’s costs. This ‘success fee’ is taken from the compensation awarded to you, and in some cases, it can be much higher than you expected. We’ve seen some solicitors charge 30% or more.

At Hayes Connor, we believe that our success fee is one of the most competitive around, and with us, you never have to pay more than 25% of your compensation.

There are no other hidden fees or admin charges.

Have you any experience managing data breach group actions?

We believe that a group action is the best way to claim EasyJet compensation. This is because a group action allows people to bring their claims together to strengthen their overall position and increase their chances of success.

There are a number of UK firms that have knowledge of multi-party litigation, but it’s worth checking to see if they have managed multiple data breach group actions. Because, when it comes to winning cases, understanding the law is only half the battle. You also need experience.

At Hayes Connor, we are currently managing a number of large data breach group actions. You can find out more about these here.  Currently, we are taking on big players such as Ticketmaster, Dixons, BA and Equifax (among others!).  In fact, in 2019 we were the only UK legal firm to launch a multi-party action against Ticketmaster and we issued a landmark £100 million data breach claim against Equifax.

And, in addition to our own legal expertise, we also work with expert barristers to help us win our group action cases. So, we are confident that our team will get the results you deserve.

How long have you been doing this for?

Data breach and cybercrime breaches are a relatively new and evolving area of law, so it can be difficult to find specialist EasyJet data breach lawyers.

But, over the past few years, our firm has established itself as the only niche provider of legal services in this area. And, because we have been doing this for longer than most, we lead our field when it comes to understanding the complexities involved.

Before that, we worked on different types of compensation claims. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you.

Because of the level of our legal expertise, we provide an authoritative voice on data protection and cybercrime hot topics. Check out our latest media coverage here.

What is your success rate like?

When appointing EasyJet lawyers, you should ensure that they have a record of success when it comes to winning data breach cases. Last year at Hayes Connor:

  • 75% of our claims were concluded in under 9 months
  • We secured the largest amount of compensation for an individual claimant. In this case the client was awarded £100,000
  • We saw the average amount recovered for clients increase by over 25%. We are anticipating further growth in 2020.

Contact our EasyJet data breach lawyers and find out how we can help you

At Hayes Connor, we have been contacted by hundreds of people concerned that EasyJet has breached their data; many of whom are understandably upset and anxious. In response, we are registering victims of this breach to a no-win, no-fee group litigation action against the airline.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


, , , ,

Where to get help following the EasyJet data hack

Following a data breach at budget airline EasyJet, the personal details of nine million people have been accessed and 2,208 individuals have also had their credit card details stolen. Since the EasyJet data hack, Hayes Connor has been contacted by many customers, many of whom are upset and anxious about the breach.

The emotional impact of a data breach can be significant

The impact of data breaches goes much further than financial losses. Many victims experience stress, anxiety and distress. Following a robbery, people often feel shock, anger, fear, helplessness and panic, and a personal data breach is a 21st-century version of being burgled.

Furthermore, the psychological effects of a data hack might not be immediately apparent. Knowing that your information has been “burgled”, living with the increased risk and the extra vigilance needed can all cause distress to victims over time.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. However, following the EasyJet data breach, victims must keep an eye on their emotional wellbeing to ensure that their mental health doesn’t suffer.

To help, our data protection solicitors have listed some helpful links to ensure victims of the EasyJet data breach know where they can turn.

Help & support for people following the EasyJet data breach


Information Commissioner’s Office

The Information Commissioner’s Office (ICO) protects the data privacy rights of individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties. You have the right to ask the ICO to assess if an organisation breached the Data Protection Act. At Hayes Connor Solicitors we often work with the ICO to gather as much evidence as possible to help our clients succeed. The ICO has also provided advice on its website on how victims of the EasyJet breach can spot phishing scams.

www.ico.org.uk


Victim Support

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims across the UK.

www.victimsupport.org.uk


Samaritans

The Samaritans are a group of passionate volunteers working together to make sure fewer people die by suicide. If you are struggling emotionally after a data breach, they can help. You can call them free from any phone.

https://www.samaritans.org/


Mind

The Mind Community Support Service provides advice, information, onward referral and holistic support to people who are experiencing mental ill-health and drug/alcohol difficulties (which could be exacerbated following the EasyJet hack). The service can also provide support to people who have been a victim of crime.

https://www.mind.org.uk/


Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety. It contains lots of helpful guidance to protect you and your data from the threat of fraud, identity theft and abuse.

www.getsafeonline.org


Take Five to Stop Fraud

Take Five offers straight-forward and impartial advice to help everyone in the UK protect themselves against financial fraud. Following the EasyJet data breach, cybercriminals might use contact information to try and extract financial data from victims.

www.takefive-stopfraud.org.uk


Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime. Victims of online offences such as scams and financial/identity fraud following the EasyJet data hack should contact Action Fraud to report their loss. You can do this online or via telephone. Victims of data breaches do sometimes become the targets of criminals, so it’s important that anyone affected by the EasyJet data breach is vigilant.

www.actionfraud.police.uk


How can Hayes Connor help you after the EasyJet data hack?

At Hayes Connor, we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

The law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW


,

Babylon app has breached patient confidentiality

A GP video appointment app has given some users access to videos of other patient consultations. The app, which is provided by Babylon Health has more than 2.3 million registered users in the UK. Babylon Health has admitted that the app has suffered a data breach and has apologised for the privacy violation. But, with many patients sharing confidential medical information via the app, users are understandably very distressed. What do we know about the Babylon app data breach so far?

What happened in the Babylon app data breach?

The Babylon app provides access to doctors, therapists and other health specialists via video calls and texts. It is available via the NHS and as part of private health insurance packages.

The app has become especially popular during the COVID-19 pandemic, as it provides an alternative to visiting the doctor in person.

Babylon Health became aware of the problem after a user of the service discovered he could view about 50 videos of other peoples’ appointments. Speaking to the BBC, he said:

“You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”

He flagged the issue and the firm investigated the incident and discovered that some people could see consultations that they should not have had access to.  A spokesperson for Babylon Health said:

“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording.”

“Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.

“This was the result of a software error rather than a malicious attack. The problem was identified and resolved quickly.

“Of course we take any security issue, however small, very seriously and have contacted the patients affected to update, apologise to and support where required.”

It is believed that the issue happened by error when a new feature was introduced.

What happens now?

Babylon Health has notified the ICO, and there is likely to be an enquiry into why the violation was able to happen.

But users of the app are now very concerned. Certainly, the man who discovered the breach said that he would not use the service again.

Have you been affected by the Babylon GP app data breach?

Babylon says that it has already been in touch with everyone involved. So, if you haven’t heard from the firm, it is unlikely that your data was compromised.

However, if your information was exposed in this breach, you have a right to be concerned.

Commenting on the breach, specialist data protection solicitor Kingsley Hayes said:

“Healthcare is rapidly going digital. But, amidst this online information revolution, there must be robust protections in place. This is essential to secure confidential and sensitive medical data. Especially because, should such information become public, this could cause considerable distress and embarrassment to those involved. And, it might even be exploited by criminals.

 “By allowing GP sessions to become public, Babylon has breached the data protection act, and doctor-patient confidentiality. The healthcare sector handles some of our most sensitive personal data. And, as patients, we have the right to expect this will be taken care of. Babylon failed to do this, so saying sorry isn’t really enough.”

 Claim compensation for the Babylon app data breach

In most cases – as with the Babylon app – medical data breaches happen because of human error and a failure to implement reasonable and robust processes. As such, if Babylon failed to protect your data, you can make a data breach compensation claim.

Claiming compensation isn’t just in your best interests. It is the only way medical organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Our professional, friendly team will advise you on whether you have a valid claim against Babylon. Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

CONTACT US

Hayes Connor Solicitors Data Breach Overview: May 2020
,

Hayes Connor Solicitors Data Breach Overview: May 2020

Each month at Hayes Connor Solicitors, we take a look at some of the key data breach news that has occurred over the last few weeks. Looking at both significant cases, legal developments, and what’s happening at our firm, we hope to help businesses and individuals to become fully protected in our increasingly online world. So, what happened in May 2020? Find out in our data breach overview.

Read more

, , ,

Why you shouldn’t accept EasyJet data breach compensation

EasyJet has admitted that the personal details of nine million customers and the financial data of 2,208 passengers have been accessed in a sophisticated cyber-attack. Those involved booked flights from 17th October 2019 to 4th March 2020. And, while the airline doesn’t appear to want to offer EasyJet data breach compensation to the vast majority of victims (and we’ll get to that…), it might have offered a settlement to those at significant financial risk. Especially as, according to the BBC, the “stolen credit card data included the three digital security code – known as the CVV number – on the back of the card itself”. So, the results could be disastrous for these cardholders.

But, even if EasyJet does offer you compensation, you might not want to accept it. Here’s why…

Are you being fobbed off by EasyJet?

All too often, organisations that have suffered a data breach are more concerned about limiting their exposure to liability than helping victims. So, while they might give you some money after a data breach, they are less concerned about ensuring you are fully reimbursed for the long-term and often psychological effects.

Indeed, in our experience, we often see companies make low offers of compensation in an attempt to get people to accept a small sum and prevent group litigation.

But, in 2020, we would expect any large business to have insurance in place to protect itself against cyberattacks and data breaches. Let’s face it, there are very few companies that don’t face cyber risk in this day and age. So EasyJet should be able to compensate victims properly.

Cybercriminals can do serious damage with your financial data

With enough financial information, cybercriminals set up fraudulent bank accounts and access your existing accounts. They can make payments using your data, and even apply for credit/loans.

Some financial information can also be used in targeted scams in an attempt to extract additional information from victims (phishing). And hackers often sell stolen financial data to other criminals to use in future scams.

Even if no money is lost, the impact of a financial data breach can be significant. Many victims go on to suffer from stress, anxiety and distress due to living with the added risk and the extra vigilance needed. To make matters worse, the effects of a data hack might not be immediately apparent, as information is often used in batches over time. So there is no quick fix.

At Hayes Connor, we understand that the full impact of a data breach is often not felt until months after the initial violation, so, we refuse to let people be fobbed off in such a way. We believe that your suffering should be taken seriously.

The amount of compensation you get should reflect the losses you have suffered

We take a long-term view when it comes to claiming compensation on your behalf. This means we look at a whole range of factors so you don’t lose out financially. This includes:

  • The privacy violation itself
  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

What’s more, when we review a client’s experience following a data breach, we often uncover information that allows us to increase the value of their claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law. That’s why it’s vital that you don’t simply accept a low offer that could be designed to make you go away.

Why hasn’t everyone been offered compensation?

On its website, EasyJet says that:

“Apart from the very small subset of customers who we have already notified, no credit card details have been impacted.  We therefore do not expect there to be any financial loss caused by this incident.  We are advising customers to continue to be alert as they would normally be, especially should they receive any unsolicited communications”.

This statement proves that EasyJet is not taking responsibility for failing to protect its customers. The airline might think that there is “no evidence that any personal information of any nature has been misused” but, as we have already established, the impact of data breaches goes much further than financial losses. And, it does these nine million customers a disservice to assume otherwise.

Following a robbery, people often feel shock, anger, fear, helplessness and panic. Some will go on to suffer from psychological problems, and existing conditions are often exacerbated. And a personal data breach is a 21st-century version of being burgled. Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of physiological suffering and anguish. What’s more, the law understands the damage that can be caused by worry and upset. So today, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

What’s more, even if your financial data hasn’t been stolen, your personal information could still be used for nefarious purposes. According to a report in the Independent:

“Experts suggest that personal information “drives a higher price on the dark web” – the area of the internet inaccessible by mainstream search engines – and could be used for organised crime or ransomed.”

So, the risk to everyone involved – regardless of whether they have had their financial or personal data accessed – is very real.


Has EasyJet put you at risk?

At Hayes Connor, we have been contacted by people concerned that EasyJet has breached their financial or personal data; many of whom are understandably upset and anxious about the breach. We believe that EasyJet may have failed to uphold your data security rights and we are now registering victims of this breach to a no-win, no-fee group litigation action against the airline. Group actions can be a powerful tool and can have a bigger impact than a single claim.

FIND OUT MORE ABOUT OUR EASYJET DATA BREACH GROUP ACTION

To become part of our EasyJet group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us. We will also keep you updated about developments in this case as they happen.

There are no costs to register and no obligation to proceed.

REGISTER NOW