Why is the ICO delaying its decisions?

Here at Hayes Connor Solicitors, we help our clients to claim compensation for breaches of their data privacy rights. And it’s a job we take very seriously. Not least because we understand the full and often traumatic effect a data breach can have on an individual. However, while it’s not always necessary, in some cases – primarily our group actions – there is little we can do until the UK’s data protection regulator (the ICO) has carried out its investigation into a breach. And, despite our frustration at the wait, that’s as it should be.

Data privacy rights  – getting the balance right

We are passionate about holding companies accountable for any security failures. But sometimes, a data breach is simply unavoidable. As such, it’s vital that we wait for the results of an investigation by the ICO before starting a claim. Because only then will we know the extent of the failure. But despite our understanding of the ICO and its processes, we are concerned about the time some decisions are taking. And the impact this is having on individual data privacy rights.

The BA and Marriott cases

For example, in July 2019, the ICO announced:

  • Its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR)
  • Its intention to fine British Airways £183.39m under GDPR for data breach

Following this announcement, both BA and Marriott International were given 28 days to respond. But this period has long since passed.

The ICO has responded to questions about this delay stating: “Under Schedule 16 of the Data Protection Act 2018, BA [and Marriott] and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time.”

Which doesn’t tell us anything. Although there are concerns that the limited legal budget of the ICO makes it difficult for the regulator to hold large multinationals to account.

Why the delay?

It is impossible to know. Some people suspect that political uncertainty in the UK (Brexit and the General Election) held things up.

Of course, the Data Protection Act 2018 (DPA 2018), which currently supplements and tailors the GDPR within the UK, will continue to apply when we leave the EU. Still, the GDPR is an EU Regulation and, in principle, it will no longer apply to the UK. However, in practice, very little should change when it comes to core data protection principles, rights and obligations. So it’s hard to justify why Brexit should cause such a holdup.

Certainly, the ICO has delayed other investigations because of political reasons.

For example, a probe into the NI Civil Service – following accusations of not minuting meetings to avoid Freedom of Information (FOI) disclosures – has been shelved until Stormont is restored.

An ICO spokeswoman said, “the decision was taken to postpone the proposed audit, pending the restoration of the Northern Ireland Executive”. However, Alliance MLA Stewart Dickson has said that “The ICO is independent of the civil service so I can see no reason for this audit to be postponed. Indeed, it would be an advantage to have the audit completed and recommendations ready for the restoration of the assembly and executive”.

More than 40 per cent of ICO fines haven’t been paid

As well as the delays, it has come to light that the ICO is still owed 42% of the total amount of fines it has handed out for data breaches, spam, and nuisance calling since 2015. This begs the question of whether the ICO has the powers it needs to be fit for purpose. Surely a change in the law is needed to make sure that organisations take their data protection responsibilities seriously.

Is the ICO failing victims when it comes to their data privacy rights?

Whatever the reasons for the delay, the length of time it is taking to make a final judgement is making it difficult for victims of data breaches to move on with the rest of their lives. Perhaps the ICO requires education on the lasting a full impact of data breaches. Because to date, the experience of the individual is still being downgraded.

, ,

Supercasino, Jackpot247 & Vernons data breach

Over the last few days, we have received several queries about a data breach at online betting website Vernons.com. In an email to customers, the company said:

“We regret to inform you that Vernons has suffered a security incident and some of your personal data has been revealed to an unauthorized person”.

Payment information is said to be secure. However, the company does admit that names, email addresses, telephone numbers and home addresses have fallen into the hands of a cybercriminal. This information is hugely valuable to fraudsters, so customers of Vernons must take steps to protect themselves.

The breach might also impact SuperCasino and Jackpot247.

According to a discussion on an internet forum, the company became aware of the breach on 8th December 2020. So, it looks like there may have been a delay in reporting this issue – leaving customers vulnerable to malicious attacks during this time.

Vernons is currently working with police to identify the criminals involved and protect itself from further similar incidents.

What are your rights?

First and foremost, it’s important to know that your private and confidential data is valuable. Some criminals sell this kind of information on the dark web and others buy it and use it to commit further crimes such as identity fraud and theft. That’s why it’s so important that organisations who have access to your data keep it safe.

Crucially, the law recognises the value of this information and has put steps in place to protect your consumer rights. This means that:

  • If anyone holding your data has suffered a data breach (either at the hands of criminals or because of an accident) they must tell you ASAP
  • They must also inform the UK’s data protection regulator (the Information Commissioner’s Office)
  • You are entitled to know what happened. So, if you feel like you are being fobbed off, you can ask for more information.

If you are concerned about a data breach that you have been involved in, you should also report it to the Information Commissioner’s Office as they might launch an investigation and fine the offending organisation.

Protecting yourself after a data breach

If a company contacts you to let you know that your data has been put at risk, you must take some basic security steps. So, following the Vernons data breach you should:

  • Change your account password on the site that has been attacked
  • Change your passwords on other accounts that use the same password
  • Make sure that your passwords don’t use any of the info that has been stolen (e.g. your street address or telephone number)
  • Use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Be aware of common phishing techniques and keep an eye out for fraudsters who attempt to gather additional personal information
  • Not click on any suspicious links – even if it looks like they have been sent by someone you know
  • Question uninvited emails, calls, texts, etc. Instead, contact the company directly using a known email or phone number
  • Not share any sensitive information about yourself or your accounts, like your PIN or full banking password. Your bank would never ask for this information, so if you receive a letter, text or e-mail asking you to send banking information or money, do not reply
  • Never be talked into withdrawing or transferring money for safekeeping
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise.

Claiming compensation for the Vernons data breach

Cybercrime is difficult to avoid. Often because an organisation has not put the necessary prevention methods in place to keep your data safe.

To make matters worse, many companies are falling short of what we would expect when a failure in data privacy occurs. In our experience, companies are still responding with a pre-packaged “we won’t do it again” approach. This fails to recognise the full impact of the breach, which can be significant.

You can claim compensation for the following if you are the victim of cybercrime.

  • Financial losses. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress, anguish and anxiety. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. If a company does not protect your data in the way it is legally obliged to do, and you have suffered a loss of privacy, you can make a claim. For example, if your email address was stolen or otherwise put at risk.

Claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously, and make the necessary improvements, is by hurting their bottom line.

Why choose Hayes Connor Solicitors?

If you have become the victim of cybercrime because of such negligence, you may be able to claim compensation. At Hayes Connor Solicitors, we’ve been helping people to achieve the redress they deserve for over 50 years. So we know what it takes to make a successful cybercrime claim.

What’s more, as the UK’s leading data protection law firm, our experience in data breach claims is unmatched in the UK. We are a true specialist in this relatively new but increasingly important field of law. This is all we do.

A lack of care and understanding about data breach law can leave victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Importantly, despite being the most experienced data protection solicitors around, we provide no-win, no-fee funding arrangements so you don’t have to worry about costs. And we explain everything in plain English to make sure you understand the process and what we need from you before we begin.

If you are not sure about making a claim, we also provide a free consultation. On this call, we answer any questions you might have and go through your options with you. We will do all this without charging you a penny and with no pressure to take things further.



, ,

Why should you use a data breach specialist to claim Yahoo data breach compensation

Due to systemic errors in its cybersecurity systems, between 2012 and 2016, Yahoo suffered a series of system hacks by organised crime groups. In October 2019, a US class action settlement allowed Yahoo users to file a claim for compensation. But the settlement only applies to residents of the United States or Israel. At Hayes Connor, we believe that UK customers deserve compensation too. And, in response, we are launching a representative action against Yahoo.

As the UK’s leading data breach law firm, we are helping people in the UK to hold Yahoo to account for its failure to protect their personal data (as it is legally obliged to do). We are doing this because we believe that your data protection rights are important.

Here’s why it is important to use a specialist data privacy lawyer to claim Yahoo data breach compensation.

We are cybercrime and data breach experts

Hayes Connor is an established and trusted firm. Our solicitors have been helping people to claim compensation for over 50 years. Over the past two years, we have become a true specialist in the relatively new but increasingly important field of data breach law. And today, this is all we do.

Because we have been winning data protection cases longer than most other solicitors, we are more experienced when it comes to understanding the complexities involved. Crucially, we also have a history of winning data breach compensation cases on behalf of our clients.

We are real people with real expertise in data breach law

More and more legal services are being delivered online. But that doesn’t mean you shouldn’t know who you are working with. You can check out our expert team here.

We make sure you receive the maximum compensation possible for the Yahoo data breach

All too often, claims management companies are more concerned about making fast cash than helping victims. So, while they might help you get some money back for a data breach, they are less concerned about ensuring you are fully compensated for the long-term and often psychological effects of a breach. When you appoint us, we make sure you get the maximum compensation from Yahoo possible. Typically, we would look to claim for:

  • The privacy violation itself
  • Any financial losses (both direct and indirect)
  • Stress, worry, and anxiety

Because we understand that the full impact of a data breach is often not felt until months after the initial violation, we also take a long-term view when it comes to claiming compensation on your behalf.

When it comes to making a compensation claim, a lack of care and understanding about data breach law can leave victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

We have the experience necessary to hold Yahoo to account

We have the legal expertise needed to take on big players such as Yahoo. In fact:

  • Our experience in data breach group actions is unmatched in the UK. For example, in February 2019, we sent out a ‘Letter of Claim’ to Ticketmaster – making us the only legal firm to launch a multi-party action against the ticketing giant. In April 2019, our multi-million-pound damages claim against Ticketmaster was issued in the High Court. The estimated total value of our claim on behalf of more than 650 clients is £5 million
  • In 2019, Hayes Connor Solicitors was highly commended at the Eclipse Proclaim Modern Law Awards in the boutique law firm of the year category
  • We work with expert barristers to ensure you get the very best level of legal support available.

We make it easy to claim Yahoo data breach compensation

In 2019, Hayes Connor was highly commended for its innovative marketing at The Symphony Legal Annual Conference. In particular, we were recognised for our client-focused approach and praised for our use of technology to simplify the enquiries process and increase the speed of response. We were also applauded for our commitment to raising awareness of consumer data protection rights.

We offer strength in numbers

Lots of people were affected by the Yahoo data hack, so you won’t be the only person making a claim. As such, it is worth joining a representative action.

Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm. Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have had their email addresses stolen and data privacy violated.

In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

One solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions – including the Yahoo data breach.

We are not “ambulance chasers”

We get angry when we hear about people being pressured into making a Yahoo (or any other) data breach compensation claim. The decision should always be 100% yours, and you should always feel in control of the situation.

We keep you updated

Making a data breach claim is stressful enough without having to chase your solicitor constantly. We provide regular emails to all our Yahoo data breach clients to ensure they always know what is happening with their case.

We provide a free consultation and no-win-no-fee agreements

At Hayes Connor, we always provide a free consultation to make sure we can help you. If you want to make a Yahoo data breach compensation claim with us, we can advise you on whether you have a valid claim, answer any questions you might have and go through your options with you. We will do all this without charging you a penny.

We are also providing no-win, no-fee funding arrangements for anyone that wants to join our Yahoo representative action. And there are no hidden costs or admin expenses. Find out more about what no-win no-fee means.

If your claim is successful, you usually have to contribute towards your solicitor’s costs. This ‘success fee’ is taken from the compensation awarded to you, and in some cases, it can be much higher than you expected.

The amount of the success fee depends on when your case is settled, but with Hayes Connor Solicitors, you will never have to pay more than 25% of your compensation. We have to charge this to cover our costs. There are no hidden charges or other administration fees.

We always make sure you are fully informed about any potential costs before we proceed.

Our clients think we are great!

It is easy for us to tell you that we are great at what we do. But you don’t have to take our word for it. Have a look at our website to find out what other people think about working with us.

You can read our client testimonials here!

Choosing a data breach lawyer? Choose Hayes Connor

If you had a Yahoo email account between 2012 and 2016, you could be entitled to data breach compensation.

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

The data breaches at Yahoo happened because of a failure to implement reasonable and robust processes. So Yahoo has failed to uphold your privacy rights.  Furthermore, claiming compensation isn’t just in your best interests; it is often the only way organisations are persuaded to take their responsibilities seriously and make the necessary improvements.


gareth widdop

Hayes Connor Solicitors sponsors Warrington Wolves’ marquee signing Gareth Widdop

We are delighted to announce that Hayes Connor Solicitors has agreed to sponsor accomplished Great Britain international half back Gareth Widdop as he joins Super League team Warrington Wolves RLFC on a three-year contract.

The 30-year-old, who joins from Melbourne team St George Illawarra Dragons, is known as a strong goal kicker and is described by the club’s chief executive as its biggest signing in its 144-year history.

Dan Thompson, director at Hayes Connor Solicitors said:

“As a long term fan of the Warrington Wolves, it’s very exciting to have such a high calibre player signed to the team and we are delighted to be sponsoring Gareth as he progresses his impressive career at the club.

 “It’s going to be a strong season, he compliments an already robust team and a club that has demonstrated great ambitions. We hope he recovers well from his injury and look forward to watching him in action as the club goes from strength to strength.”

Ash Moore, commercial account manager at the Warrington Wolves commented:

“Gareth is a great addition for us, and we are very pleased to welcome Hayes Connor as his sponsor. We believe that we will have a strong season and all our sponsors play a key role in both the success of the players and the entire organisation”

The first fixture takes place away against the Wigan Warriors on Thursday 30th January.

, ,

Former social worker fined for illegally sharing highly sensitive information on children

A former social worker has been prosecuted for illegally sharing the personal information of children. The social work data breach affected 14 youngsters in care; some of who were at risk of child sexual exploitation.

What happened in this case?

Leo Kirk, was suspended from his job as a social worker after it was discovered that he had persuaded a grieving woman to lend him money for a mortgage repayment. The woman had post-traumatic stress disorder, anxiety and depression. As part of his job, he had helped her to claim backdated benefits before he was transferred to another post.

He was then reprimanded by the Health and Care Professions Tribunal Service for a clear breach of professional boundaries. He was accused of a ‘lack of integrity” and ”abusing his position of power”

To make matters worse, without disclosing his suspension, Mr Kirk carried on working for a private care company that helps young people. Mr Kirk then sent private documents that included sensitive information about several youngsters to a rival organisation.

What was the outcome of this social work data breach?

The UK’s data watchdog began an investigation into the social worker data breach after Mr Kirk’s employer found out about the breach.

According to the Information Commissioner’s Office (ICO):

”We received a report about unlawful misuse of personal data by a manager who had without reason passed on documents about up to 14 young people aged 16 to 18 to a competitor. He was employed by Holywell children’s services but gave details of 14 children to Hillgate Health group, which was providing placements for children who are in care.

”Mr Kirk was suspended from his job on May 10, after breaching data protection rules and an investigation revealed he had unlawfully disclosed referrals for residential and foster care placements for vulnerable young people aged between 16 and 18.

“The information identified sensitive personal data including accommodation and foster referrals and personal data about children in care.

”This sensitive personal data including details concerning sexual behaviour, sexual grooming and the risk of child sexual exploitation plus any history of abuse. It also contained details their health, police cautions and court referrals.

Mr Kirk admitted two charges of obtaining and recklessly disclosing personal data under the Data Protection Act 1998. In response, he was fined £483 and ordered to pay a further £412 in costs by Stockport Magistrates’ Court.

Mr Kirk is no longer involved in social work.

Lessons learned

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a valid reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

home data

Do you know how your data is being used in your home?

An individual’s data is valuable. Both to them and the organisations that use it to provide and improve their services. But does anyone know exactly how much of their data is collected, by who, and for what purpose?

According to researchers at the University of Oxford, the number of Android apps harvesting user data and feeding it back to parent company Google is “out of control”.

Over the last few years, there has been an explosion of data profiling by companies, public bodies and even governments. In a series of blogs, our data protection experts look at just some of the ways the average person might find their data being harvested every single day.

To start, we discuss smart devices, and how your data privacy could be at risk in your home.

Smart devices privacy at home

You might expect to be free from data collection in your home. But in our connected online world, this is far from the truth.

Your exposure to data harvesting depends on the number and type of smart devices that you own. But a home that is fully equipped with intelligent devices has the potential to know everything about you. For example:

  • Smart garage door sensors can track when you leave for work
  • Smart locks know when your front door bolt is engaged
  • A smart fridge knows what you like to eat – and how much
  • Heating and lighting controls provide data on when you are at home
  • Smart media devices know what you watch, what games you play, and what music you listen to
  • Smart vacuums collect information about the layout of your home
  • Smart doorbells can identify your visitors (e.g. via vehicle licence plates).

And the list goes on.

Of course, this data can help us to improve our lives (e.g. energy savings). But what if there was a data breach and that information fell into the hands of cybercriminals, advertisers, or those with a political agenda?

Smart devices are sharing your personal data with third parties

We should all know how much of our data is being collected and how it is being used. Especially as the likes of Amazon and Google are both increasing the amount of data they gather about their customers.

Furthermore, while we might think that any data collected isn’t shared with anyone other than the companies that provide us with the smart products, this isn’t necessarily true.

A study[1] which examined the data sharing activities of 81 different smart devices commonly found in people’s homes discovered that 72 shared data with third parties completely unrelated to the original manufacturer. Staggeringly, the data shared included IP addresses, device specifications and configurations, usage habits, and location data. Making matters worse, 30 of the 81 devices shared this information without any encryption.

We should all be worried about what could happen if this information falls into the wrong hands.

Is someone listening?

When talking about privacy in the home, we should also think about smart devices such as Amazon’s Alexa.

Of course, there are “conspiracy theories” that by using devices that use microphones, someone might be listening. But, while the big tech companies might tell us that this is nonsense, sometimes people are paranoid for a reason.

Earlier this year, a report revealed that Amazon employs people to listen to voice recordings captured in Echo owners’ homes. Echo is an Alexa-powered smart speaker. The recordings are used to help improve Alexa’s understanding of human speech and help it to better respond to commands. Worryingly, according to the report, listeners sometimes pick up and share things Echo owners likely would rather stay private. For example, when people discuss private matters such as bank details and intimate conversations.

Responding to the report, an Amazon spokesperson said that the company takes the security and privacy of its customers’ personal information seriously. But Amazon’s privacy policy materials do not explicitly state that humans might be listening to users via Alexa. And, while Amazon does provide the option of disabling the use of their voice recordings for the development of new features, it has admitted that people who opt out might still have their recordings analysed manually. Furthermore, according to the report, Sometimes Alexa appears to begin recording without any prompt at all, and Alexa is often triggered by accident.

Education is key to minimising the impact of data breaches

Of course, our world is changing, and technology is here to stay. So, we wouldn’t recommend not using smart devices. Not least because they have the potential to deliver enormous benefits. But, when signing up to any new service, it is vital to check the small print and make sure you understand (as much as is possible), how your data is being used.

At Hayes Connor Solicitors, we believe that the better informed we all are, the better-protected everyone will be. As such, we invest heavily in data privacy education. For more information on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, please contact us to find out how we can help. Our initial advice is completely free, and there is no obligation to process.

[1] Northeastern University and Imperial College London

dixons carphone data breach
, ,

Dixons Carphone data breach timeline

Now that Dixons Carphone has been fined half a million pounds for failing to protect its customers’ personal data, where are we up to in this case. And what has happened so far?

, ,

Woman prosecuted for social services data breach

A woman has prosecuted for accessing social care records without authorisation. Michelle Shipsey, a former social services support officer at Dorset County Council, accessed the records of four people she knew without any business need to do so. She also gave the details to parents at their children’s school. Following the social services data breach, an internal investigation was launched by Dorset County Council. However, no further action was taken at this time as the woman then resigned from the council.

Appearing before Poole Magistrates’ Court, Ms Shipsey was sentenced to a 6-month conditional discharge, ordered to pay costs of £700 and a victim surcharge of £20.

The ICO sends a clear warning

Commenting on the privacy violation, Hazel Padmore, head of investigations at the Information Commissioner’s Office said:

“Individuals accessing social services support are often already in a vulnerable position and have the absolute right to expect their dealings are treated with the utmost respect and in accordance with data protection laws.

“Although new to the role, Shipsey had undertaken both data protection and cyber security training and therefore was acutely aware of the responsibilities she had towards maintaining client confidentiality.

“Our successful prosecution of this individual sends a clear message, that we will take action against individuals who take it upon themselves to abuse their position of trust”.

Lessons learned following social services data breach

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.


The latest High Court decision has made it easier for victims of the OnePlus data breach

In 2019, OnePlus emailed its customers to let them know that a data breach caused by an unauthorised third-party had put their personal information at risk. According to OnePlus, names, contact details, email addresses and shipping addresses were exposed in the data hack.

People expect big companies to put enough security processes in place to keep intruders out. So, victims of this data breach might be angry that OnePlus allowed this to happen. But, until recently, victims of the latest OnePlus data breach (there has been more than one!) wouldn’t have had any avenue for legal redress – unless they could prove they suffered financially or emotionally as a result of the breach.

However, because of a ground-breaking High Court decision, this has now changed.

Making a data breach claim. What has changed?

A recent case against Google has transformed how data breach claims are managed in the UK. You can find more details about what happened here.

Here is a summary of how this decision relates to the OnePlus data breach.

You can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If OnePlus hasn’t protected your privacy in the way that it is legally obliged to do, you can claim for this failure.

You can make a data breach claim even if the only thing exposed was your email address

There is a misconception that some forms of personal data are not as valuable as financial data. But this isn’t necessarily the case. All too often, cyber-criminals use names and email addresses stolen in a data protection act breach to extract additional information from victims (such as your banking details).

Also, this “safer” data can also be used to carry out identity fraud, or even be used against you in a targeted political campaign. For example, The Electoral Commission, the ICO, The Department for Digital, Culture, Media & Sport Committee and The Institute of Practitioners in Advertising have all raised concerns about microtargeting specific voters profiled using unknown data.

The good news is that the Court of Appeal recognised that all personal data now an economic value (e.g. it can be sold). So, people involved in the OnePlus data breach can seek compensation even if the only personal information breached was their email address.

Everyone has the right to the protection of their personal data

While the changes are more wide-reaching than this, the bottom line is that everyone in the UK has the right to the protection of their personal data. So, if you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation. A data breach is a serious failure, and it is clear that OnePlus has neglected to protect its customers’ privacy rights.

If your data was involved in this breach, you should make a OnePlus compensation claim.

Claiming compensation for the OnePlus breach

At Hayes Connor Solicitors, we are considering launching a group action for everyone who has had their data privacy violated in the OnePlus data breach. To become part of this group action, we need you to register with us. We can take on your claim on a no-win, no-fee basis.

Crucially, at Hayes Connor, our data protection breach solicitors are true experts in this type of law. Unlike other firms, it is all we do, and we have been doing it for longer than most. In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the best possible result for you.

OnePlus has said that it has informed all impacted users by email. So, if you have received this email, you can make a data breach compensation claim against the company.

If you haven’t received a notification yet, OnePlus says you have not been affected. However, if you have ever been a OnePlus customer, it is worth checking your spam folder and any old email accounts in case the message has gone there.

Claiming compensation for the OnePlus data breach isn’t just in your best interests. It could also be the only way to ensure that organisations implement more secure processes.


travelex data breach
, ,

Why has Travelex not told the ICO about its Data Breach?

On 31st December 2019, Travelex fell victim to a huge cyberattack. Since then, the foreign exchange company has been negotiating with a ransomware group over a potentially huge privacy infringement. But what do we know about the Travelex data breach? And why hasn’t the company informed the UK’s data protection regulator?

What happened in the Travelex data breach?

The Sodinokibi ransomware group broke into Travelex’s computer systems and encrypted sensitive customer data. The gang has since held Travelex to ransom by threatening to sell the personal data of its customers unless paid 6 million US dollars (£4.6 million).

While the attack began on 31st December 2019, the hackers could have broken into the company’s computer systems as long as six months ago. The data involved in this breach is thought to involve social security numbers, dates of birth and payment card information.

How did the company respond to the Travelex data breach?

Travelex did not initially acknowledge the hack and instead declared that its website was down for “routine maintenance”. It is also our understanding that – to date – customers have not been sent any email communication about the cyber-attack.

Very worryingly from a legal perspective (at the time of writing), the company has not yet reported the data breach to the Information Commissioner’s Office (ICO). By law, the ICO should be informed of any data breach that compromises personal data within 72 hours of discovery. This includes data not being available as well as it being lost or stolen.

Travelex says there is no evidence customer data has been put at risk. But as hackers have had access to the data – possibly for months – this seems highly unlikely.

Travelex will have to explain why the breach wasn’t reported to the ICO and the regulator is likely to take a dim view of Travelex’s actions.

A data breach is a serious failure, and if Travelex has neglected to protect its customers’ privacy rights it must be held to account. Especially as this is not the first cybersecurity incident to hit Travelex and the company was warned months ago of its potential vulnerability to the Sodinokibi ransomware.

Are you affected by the breach?

The scale of the Travelex data breach is not yet known, but customers who have ordered money from the foreign exchange company could be at risk. If your data was involved in this hack, you might be able to make a Travelex compensation claim.

Should your personal data be found to be compromised, you can claim for:

  • Financial losses. A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress. Being the victim of a crime can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. You can claim for any loss of privacy suffered as a result of a data breach (e.g. having an email address stolen).

What should you do now?

At Hayes Connor Solicitors, we are watching this case with interest. If you want to make a data breach case against Travelex contact our data breach experts to tell us about your experience.

There is no obligation to proceed and we may be able to take on your claim on a no-win, no-fee basis.