victim of data breach
, ,

Top tips to keep you safe following a data breach

If you have been the victim of a data breach, it is vital that you know how to react.

Here’s what you should do as soon as you find out that your data has been breached

  • Follow any security instructions provided to you by the company which breached your data
  • Contact your bank or credit card provider and let them know what has happened
  • Keep an eye out for any bills or emails about goods or services you haven’t ordered
  • Check your bank statements regularly and alert your bank if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Do not click on any suspicious links. This could result in you giving a fraudster access to your personal or financial details
  • Always question uninvited emails, calls etc. in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords and use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by up-to-date internet security software
  • Contact the ICO to let them know about your concerns. The ICO might investigate the data breach and, while it does not award data breach compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim.

Make a data breach compensation claim

Organisations have an obligation to protect your sensitive data, but they are consistently failing in this duty resulting in data breaches which cause misery and upset to people across the UK.

We are helping people to get compensation for this inability to look after their information correctly. And we can do the same for you.

If you have been the victim of a data breach and you want to make a data breach compensation claim – for loss of money, emotional distress, or loss of privacy – you should contact Hayes Connor Solicitors.

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

 

pet data breach
, ,

Could your pet be the cause of a data breach?

At Hayes Connor, our data protection solicitors deal with many different types of data breaches. But a recent case was particularly unusual. In this instance, a missing family cat was the cause of the data breach.

What happened in this data protection breach?

We represented a family whose cat went missing causing them understandable upset. The cat had been microchipped, so they were hopeful that they would be reunited with their pet.

In April last year, the data stored by the company responsible for the electronic chip was breached. This breach happened when someone found the cat and took it to be scanned.

Usually, a vet will inform the owner that their pet has been found. However, contrary to the established procedures, in this case, two different vets accessed our client’s data and disclosed this to the person who found the cat. This included our client’s home address.

To make matters worse, our client only found out about the pet data breach when a neighbour asked if the cat had returned home after it disappeared from her friend’s home (the person who found the cat in the first place). So at no point was our client told that their beloved family pet had been found.

In this case, it would be tempting just to blame the vets involved, but after investigation, it became clear that the company responsible for holding the microchip information had not put systems in place to protect the personal data it was responsible for. This lack of adequate internal security systems did nothing to prevent the sharing of personal data by the vet practices.

As a result the family has a claim against the vets that breached their personal data, and the microchipping company.

Why did our client need data protection solicitors?

The family felt that their complaint wasn’t being adequately responded to or taken seriously.

Frustrated that their distress was not being acknowledged they decided to take legal action. They chose Hayes Connor as we specialise in data breach litigation and were also able to take on this pet data breach case on a no win-no fee basis.

What was the result of this pet data breach case?

The Information Commissioner’s Office (ICO) is the UK’s data protection regulator. We advised our client to report this matter to the ICO, which ruled that there had been a breach of Data Protection obligations.

As a result, our client was awarded £1,250 compensation and, just as important, the recognition they wanted for the distress this had caused. Our data protection solicitors also wrote to the microchipping company to advise them on their information rights practices, and have sent recommendations regarding improvements going forward.

Talking about their experience, our client said:

“Very pleased I went with Hayes Connor I would recommend them and use them again if I ever needed to. I didn’t originally set out to make a compensation claim but I’m glad I did. You took my claim seriously and just as importantly your involvement made those responsible take it seriously as well.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Helping to reduce the impact of data breach violations

The Data Protection Act exists to protect the privacy of individuals. However, many organisations have struggled to keep up with changes in the rules, and this could leave everyone vulnerable.

In response, at Hayes Connor, our data protection solicitors help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

If you or a member of your family has suffered financial damage, emotional distress or a loss of privacy caused by a breach of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Not Just Hackers

Cybercrime is big news. It’s almost impossible to pick up a newspaper or turn on the television without hearing about how some big company has been hacked with thousands of customers put at risk. But, while these cases are important, every day smaller data breaches are causing misery and upset to people across the UK.

Our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

 

data breach claim
, , ,

Making a data breach claim. What has changed?

A recent case against Google for illegal data harvesting has transformed how data breach claims are managed in the UK. But what has actually changed? And what does this mean for you?

The background

Between 2011 and 2012, Google used cookies on Apple’s Safari web browser to illegally collect data about its users. In response, a group action was launched to help people challenge the big technology company over this data privacy violation. But, in October 2018, the case was thrown out.

Essentially, it was deemed too difficult to calculate how many people had been affected, and in what way. This is because, to make a data breach claim, each person had to show that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. In group action cases such as this, where multiple people had been affected, this was especially complicated.

However, this case was taken to appeal, and, in a “ground-breaking” ruling, the Court effectively reformed the data breach claims process.

Change one – you can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

Change two – you can make a data breach claim even if the only thing exposed was your email address

People can now seek compensation even if the only personal information breached was their email address. Everyone has the right to the protection of their personal data. Especially when such data now has an economic value (e.g. it can be sold).

Change three – there are now different ways to join a group action claim, depending on how you have been affected

Until now, if someone had their data breached, they would have to prove how this privacy violation affected them. In group action cases (where lots of people are affected by the same breach), this could be a complicated process. Because not everyone will have experienced the same loss and consequences. So, making an award in these cases can be tricky.

But, the Court of Appeal has made the group action claims process easier.

People involved in a significant data breach (that has resulted in differing levels of financial loss or emotional harm), can still make a group action case. You can find out more about how to make a group action claim here. So, in these cases, nothing has changed.

But now, people who have had their data breached in a mass privacy violation, but who have not experienced any harm, can also claim. To do this, they will need to join a representative action.

The type of action required for each case will depend on the exact breach. If you are unsure about which option is available to you, our helpful data breach experts are happy to answer any queries you might have.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm (e.g. having their email address stolen and data privacy violated).

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions.

In addition, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

A representative action is a quicker way to claim for compensation

A representative action can be launched based on the total number of those affected, not just the individuals who have proactively decided to pursue compensation. This will make claim process much quicker. However, to receive a share of the settlement, affected parties will still need to register to join the action. There is likely to be a strict time limit to do this.

What about individual data breach cases?

The ability to claim compensation for individual personal data breaches still exists (for example, where a bank has posted your financial statement to the wrong address). But now, you can claim compensation even if you haven’t suffered because of the breach.

In such instances, people can claim directly with the organisation responsible. However, we would always recommend using a specialist data breach solicitor.

At Hayes Connor, we take a holistic and long-term view when it comes to claiming compensation on your behalf. And, our understanding of the effects of a breach mean we always ensure the best possible outcome for you. It is not unusual that – on reviewing your case – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law.

How will you know if you can make a data breach compensation claim?

Since the introduction of the General Data Protection Regulation (GDPR), any organisation that processes your personal data MUST let you know if it has been breached. And, once you have been told about any violation, you can make a claim.

How do you make a data breach claim?

If you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

START A DATA BREACH COMPENSATION CLAIM

 

 

 

data protection law
, ,

An overview of data protection law – and other key legislation – in the UK

Many organisations across the UK have struggled to keep up with changes in data protection law and the use of technology. And this is leaving people vulnerable. But what essential data protection laws keep us all safe online?

The Data Protection Act

The Data Protection Act exists to protect the privacy of individuals. It is the UK’s interpretation of the EU’s General Data Protection Regulation (GDPR).

A data protection breach happens when personal data is wrongly accessed, altered, disclosed, destroyed, or lost. Personal data makes it possible to identify a person. Either on its own or when used with other information.

Breaches of data protection law can be accidental or deliberate. Quite often, we use “breach” and “hack” interchangeably. But there are some differences.

  • A data breach refers to any situation where data has been put at risk. A data breach can occur because of cybercriminals, or by human error, negligence and poor security processes
  • A data hack happens when people with malicious intent break into a company’s systems. Usually to steal information.

Hackers do not cause the majority of data protection law infringements. But, in each of these instances, data can be exposed and put at risk. As such, identity theft often occurs after a data breach as well as a data hack.

The Data Protection Act is the primary legislation used to bring data protection breach and cybercrime compensation claims. But, in some cases, other legislation could also help to make a data breach case.

The Computer Misuse Act

The Computer Misuse Act helps to stop people from using computers for illegal purposes. The Act covers:

  • Unauthorised access (hacking)
  • Accessing material with the intention to commit illegal activity (e.g. fraud, blackmail, etc.)
  • Making changes to data stored on a computer without permission (e.g. installing malware or viruses).

People often don’t know that they are breaking the Computer Misuse Act. For example, if you access another person’s social media accounts without their permission, you’re breaking the law.

The Copyright, Designs and Patents Act

The Copyright, Designs and Patents Act gives the creators of literary, dramatic, musical, and artistic work the right to control how their material is used. Organisations and individuals must understand how this legislation affects them. For example, using images found on Google and adding them to blogs.

The Privacy and Electronic Communications (EC Directive)

The Privacy and Electronic Communications Regulations (PECR) governs email marketing. The EU will be releasing a new ePrivacy (ePR) regulation. But until then, PECR applies.

PECR gives people specific privacy rights concerning electronic communications. For example, there are rules on:

  • Marketing calls, emails, texts and faxes
  • Cookies (and similar technologies)
  • Keeping communications services secure
  • Customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings

The ICO has several ways of taking action to change the behaviour of anyone who breaches PECR. This includes criminal prosecution, fines and audits.

Protection from Harassment Act

The Protection from Harassment Act protects the victims of harassment. This includes stalking, racial harassment, and anti-social behaviour by neighbours. It was drafted to tackle any form of persistent conduct which causes another person alarm or distress.

Today, tech abuse often falls under this act. Common forms of abuse include using social media to harass and stalk, monitoring calls and messages, exploiting phone tracking software, and installing cameras around the home.

Malicious Communications Act

The Malicious Communications Act makes it illegal to “send or deliver letters or other articles for the purpose of causing distress or anxiety”. It also applies to electronic communications. Communications sent via social media could also breach this act.

Human Rights Act

Respect for fundamental human rights underpins data protection laws. As such, the Humans Right Court frequently deals with data protection-related matters.

In the UK, The Human Rights Act sets out the fundamental rights and freedoms that everyone is entitled to. Part of this act is your right to respect for your private life, your family life, your home and your correspondence (e.g. letters, telephone calls and emails). What this means is that you have the right to live your life privately without government interference.

Making a data breach or cybercrime claim

If you want to make a data breach or cybercrime compensation claim, contact Hayes Connor Solicitors ASAP. We’ll review your case against all applicable legislation and advise you on whether you have a valid claim. We’ll also answer any questions you might have and go through your options with you. Our process is fully compliant with ICO guidance. And we never put your details at risk.

Contact Hayes Connor Solicitors today for a free, no-obligation, initial assessment of your case.

bank data breach
, , ,

What can you do if you are the victim of a bank data breach?

Financial data breaches and cyber attacks are on the rise. Not only did retail banking see 2400% more data breach reports last year than the year before, but breaches in a whole range of companies are putting our financial data at risk. For example, following the Ticketmaster data breach, over 60% of all our clients went on to suffer multiple fraudulent transactions on their payment cards.

What is causing financial data breaches and cyber attacks?

In 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank suffered sustained attacks. These attacks cost them hundreds of thousands of pounds. Furthermore, over £500m was stolen from British banking customers in the first half of 2018.

Cryptocurrency is also being targeted by criminals. In fact, each year, the equivalent of millions of pounds is being stolen from cryptocurrency holdings. As such, cryptocurrency fraud is a very serious crime.

There are a few reasons why data breaches and hacks are happening. These include:

Cyber attacks

 A cyber-attack can take many forms including financial data hacks, financial phishing attacks, bank and credit card takeover fraud and push payment scams.

To make matters worse, cybercriminals are becoming increasingly sophisticated. For example, AI-assisted imposters are set to become an increased threat. With machine-learning and the Internet of Things (IoT) helping to make existing cyber-attack efforts faster, more formidable, and more effective.

Inadequate security processes

In many cases, financial data breaches happen because of a failure to implement reasonable and robust processes.

This can include things like not implementing or updating secure firewalls, password controls, operating systems, anti-virus and anti-malware software or reliable encryption. Also, companies that fail to establish regular and robust backup processes or don’t take steps to identify, record and secure personal data are putting this information at risk.

 Human error

It is human error rather than cybercrime that is the biggest cause of financial data breaches. In fact, in the UK, 88% of data breaches caused by human error, not cyberattacks.

Typical examples of such errors include:

  • Sending sensitive data to the wrong recipient (via email, post or fax)
  • The loss of paperwork
  • Forgetting to redact data
  • Storing data in an insecure location
  • Losing devices such as laptops, phones and tablets
  • Staff deliberately ignoring data protection policies
  • Managers not training staff on data protection
  • Leaving sensitive information online without any password restrictions.

How can you protect yourself following a financial data breach or cyber attack?

To protect yourself following a financial data breach you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a financial data breach or cyber fraud give us a call to discuss your case in more depth.

Making a financial data breach claim

If you want to claim compensation for a financial data breach case, our professional, friendly team will advise you on whether you have a valid claim. Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

 

GDPR
, ,

Over a year since GDPR financial organisations still aren’t keeping our data secure

It’s been over a year since GDPR came into effect. But despite this, too many companies still aren’t doing enough to protect our personal and financial information.

In fact, according to RiskIQ, when it comes to financial services organisations, of public PII-capturing websites with a login page, 11.5% of these sites are still capturing this data without adequate security measures.

What is a PII capturing website?

A PII capturing website is one which collects information from its users that can identify them. Examples of PII include names, addresses, dates of birth, email addresses and login credentials.

Is GDPR making an impact?

These findings are very worrying, particularly due to the damage that can be caused if our banking and credit card information falls into the wrong hands. We should be able to have confidence in all organisations that look after our sensitive data, but especially the financial sector.

But the good news is that there are signs that organisations are starting to take their data protection obligations more seriously. And so they should as they risk huge fines and compensation claims should a data breach happen.

It’s just that, so far, most of the data breaches investigated by the Information Commissioner’s Office (ICO) happened before GDPR came into force. And, under the old law the maximum fine for a data protection failure was just £500,000 (and even that wasn’t handed out often).

However, the tide is turning. The ICO has recently announced that it plans to fine the Marriott hotel nearly £100m. And British Airways is being fined £183 million for its high-profile data breach.

At Hayes Connor Solicitors we are paying close attention to how the ICO is responding to new data breaches and are monitoring the impact of the GDPR now it is starting to make a difference.

What should organisations do now?

With most organisations continuing to expand their web presence, it’s essential that more is done. This includes taking steps such as:

  • Maintaining a complete inventory of all PII capturing websites and making improvements to these to make sure they are secure
  • Ensuring that any new sites are built with robust security measure
  • Making sure that companies aren’t collecting personal data they don’t need via their websites.

Making a data breach compensation claims can help

In our experience, the response of organisations following data breaches has been woefully lacking. Too many big companies seem to think they can get away with just saying sorry.

However, such an absence of care over the very real impact of a data breach should not be tolerated or accepted. And, one way that organisations can be forced to put adequate security measure in place is by people taking legal action where they have been let down. Or in other words – hitting them where it hurts. Because unless this happens, the security of the individual won’t be made a priority.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

, , ,

Data breach leads to neighbour harassment

The headlines lead us to believe that data breaches occur as a result of cyber-attacks. The reality is that the vast majority of cases take place as a result of human error. In these instances, the breach itself can lead to a damaging chain of events which could have been prevented.

Our solicitors see every day how clients are affected. Financial loss may not be a factor in all cases, but the damage and suffering following a breach can quickly escalate.

What happened in this case?

Our client lives in a privately managed block of flats and she made a complaint about another leaseholder to the management company.

The management company proceeded to forward her detailed email to all residents in the block, including the leaseholder being complained about.

This data breach, which appeared to have taken place due to an error of judgement rather than by mistake, started a frightening chain of events exposing our client to serious harassment and compromised the safety of her family.

Following the breach, our client, who has two young children, was subjected to having the gas pipe to her property deliberately cut with access to the mains deliberately obstructed.

She suspected that the volatile neighbour she had complained about was behind the vandalism, but he denied any wrongdoing.

Having lived at the property for some years, with generally good relations with the other neighbours, the data breach also led to these relationships becoming strained.

Alongside taking legal action against the management company, our client also reported the data breach to the ICO resulting in the business now being monitored to prevent further incidents.

We secured £3,000 compensation from the management company responsible for breaking data protection laws not least, due to the psychological suffering endured by our client and her young children.

The situation has become so intolerable that our client plans to sell her property and move her family in the near future.

Have you been in a similar situation? Contact us today.

Lessons learned

If you are an employee handling a customer complaint of any kind, consider how the complaint should be handled before sharing any information.

Consideration should be given to a possible solution to the complaint and thought put into the appropriate sharing of the complaint with individuals who may be part of the solution.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

solicitor data breach
, , ,

How Hayes Connor helps our clients after a solicitor data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. We are also committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone who has been let down by their solicitor.

Here is just one example of a solicitor data breath case we helped a client with recently.

Solicitor lost sensitive information

In this data breach, a former member of the Armed Forces appointed a solicitor to represent her at a Tribunal she was involved in. However, this solicitor lost her sensitive information, including her medical and service records on a train.

Following this shocking data breach, the woman suffered severe psychological effects including stress, anxiety and trauma. As a result, she has been prescribed medication. And her ongoing conditions have been exacerbated.

Turning to Hayes Connor for help, she revealed that her mental health had deteriorated to such an extent that it affected her ability to leave the house. Furthermore, it led to in her being demoted in work, resulting in a substantial pay cut.

Help is needed after a solicitor data breach

Solicitors must understand the importance of data protection. And make sure that strict policies and procedures are in place to ensure the safe processing of information. Both in and out of the office. However, all too often this isn’t happening. And, as you can see, the result of not looking after personal information properly could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there. We also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a solicitor data breach claim

Our professional, friendly team will advise you on whether you have a valid claim against solicitor. If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.

Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

bank data breach
, ,

How Hayes Connor Solicitors helps our clients after a bank data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is bank data breaches.

Bank fraud is a very serious crime. And victims can suffer both financial loss and distress. But, while we often worry about hackers and cybercriminals getting hold of our banking and credit card details, in many cases, human error can also have devastating consequences.

Here are just some of the bank data breath cases we have helped our clients with recently.

Ex gained access to our client’s financial information due to bank data breach

Our solicitors saw the impact of what can happen when a bank statement was sent to an ex-partner’s address by mistake. In this data breach, our client’s bank sent personal information disclosing his financial situation to his previous address. His ex-partner still lived at that address. This happened despite our client changing his address with his bank five years ago.

Our client’s ex-partner disclosed this information to her friends, family and acquaintances. Understandably, this caused our client significant distress and embarrassment. Furthermore, due to the disclosure of his financial position, our client’s ex-partner also refused him access to their children and prevented him from taking them on holiday. As a result of this data breach, our client suffered severe psychological effects, including stress and anxiety.

Bank sends credit card statements to the wrong person

In this data breach, a bank sent partial credit card statements to the wrong person. The information was sent to a completely different person to the account holder (our client), attached to the back of a bundle of documents she had requested.

Luckily, in this instance the woman who received our client’s statements was honest. And despite being a complete stranger, she contacted him to let him know what had happened. She also reported the incident to her local branch, although she was not satisfied with how the bank proposed to deal with the matter. If such a simple error can be made, what’s to say it couldn’t happen to other customers?

This data breach has caused considerable distress and worry to our client. He has now lost confidence in his bank and can’t be sure if his sensitive and personal data has been further breached.

Help is needed after a bank data breach

The financial sector handles some of our most sensitive data. And, as customers, we have the right to expect this will be looked after. However, all too often this isn’t the case.

These are just some examples of the types of financial data breaches we deal with every day. And, as you can see, serious cases could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a bank data breach claim

Our professional, friendly team will advise you on whether you have a valid claim against a financial organisation. If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.

Contact us today for a free initial assessment.

Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

We can also help you to recover from financial data hacks, financial phishing attacks, bank and credit card takeover fraud and push payment scams.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

BA data breach
, ,

BA one of many airlines to expose sensitive passenger information

A vulnerability with British Airway’s e-ticketing system has exposed sensitive passenger information. This flaw could allow a “malicious actor” to change the flight booking details and personal information of passengers. It also means that customer information could be exposed and fall victim to cybercriminals. The data at risk is thought to include:

  • Email addresses
  • Phone numbers
  • Membership numbers
  • First and last names
  • Booking references, itineraries, flight numbers, flight times, seat numbers and baggage allowances.

Worryingly, BA is not alone. Similar security bugs have also been found at several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cybersecurity company Cybereason, said: “For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over.“

Is British Airways taking this e-ticketing data breach seriously?

Shockingly, it doesn’t seem to be. In fact, while the flaw was discovered in July, the researchers who found it (and whole told BA about it), claim that the problem still exists. This is particularly galling as, just a few weeks ago, the ICO announced plans to fine British Airways a whopping £183.93 million for ANOTHER data breach.

Questions must be asked about what it will take to make BA meet its legal responsibilities and protect its passengers.

Who has been affected by the BA e-ticketing data breach?

It is estimated that 2.5 million connections were made to the affected British Airways domains over the past six months. So, the potential impact is thought to be “significant.”

Cybersecurity scandals have plagued British Airways

Airlines must take action to ensure that all steps where personal information is accessible are secure. And for BA, with a history of data protection failures, this must become an urgent priority.

  • In September 2018, approximately 380,000 card payments were compromised after BA’s website and mobile app suffered a security breach
  • When investigating this case, a second data breach was also uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. Also, a further 108,000 people had their personal details stolen.

Can you make a BA data breach claim?

At Hayes Connor Solicitors, we are helping hundreds of BA passengers to claim compensation following the 2018 BA data breach.

However, at the moment, it is unclear if the exposure of personal and sensitive data in this latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity, please let us know. We’ll keep you informed about this case and let you know if, and when, you can claim.

You can also contact us if you are worried that your data has been exposed by another airline.

The BA data breaches were able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.

REGISTER NOW 


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.