The Morrisons data breach. Why is it so important?

The Morrisons data breach. Why is it so important?

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. The judgment, which has huge implications, has received a lot of press attention. But why is it so important? And what can you do if you are the victim of a data breach?

What happened?

In 2014, Andrew Skelton, a disgruntled employee at Morrisons, published the payroll data of almost 100,000 Morrisons staff online. As well as salaries, the data included bank account details, national insurance numbers and dates of birth. He also sent the details to various newspapers, but they did not publish the data and Morrisons was informed of the breach.

Morrisons took immediate action to remove the data and alert the police, so it was only available online for less than 24 hours. Nevertheless, Mr Skelton was sentenced to eight years in prison for the criminal act. But Mr Skelton wasn’t the only one to face the consequences of his actions. In 2015 – in the first group litigation of its kind in the UK – 5,518 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

What is a group action claim?

With a group action claim, you and the other Claimants collectively bring your cases to court against a Defendant. Where circumstances are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and you will receive what you are owed.

What was the outcome?

In December 2017, despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was primarily liable for its own acts and omissions (such as not ensuring the proper security measures to protect the data). The judge also ruled that Morrisons was “vicariously liable” for Skelton’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

Why is the case so important?

While this case is the first of its kind in the UK, it’s not expected to be the last; especially with the GDPR due to come into effect later this year. Further extending data protection rights, companies must do more to protect the information they hold.

The decision to hold Morrisons vicariously liable is also important, as it gives victims more opportunities to seek compensation (companies are more likely to be insured against such liability than employees). However, the Court has granted Morrisons permission to appeal the vicarious liability decision, which is good news for the business as the current decision might make the business an accessory in Mr Skelton’s criminal activity.

The decision has even wider reaching implications. Until now, a person who suffered damage might have had their compensation increased to take into account any associated distress, but in most cases payment would not have been awarded for suffering alone. However, this case has paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss. And that could be huge.

What can you do if you think your data has been breached?

If you think you are a victim of a data breach, contact Hayes Connor Solicitors ASAP. We’ll advise you on whether you have a valid claim, answer any questions you might have and go through your options with you.

We can contact the organisation in question, and use any information provided by the Information Commissioners Office (ICO), to check if you have had your data breached (if the company has not admitted as much already). Once we have established that your data has been breached – and the extent of this failing – we’ll start the claims procedure on your behalf; often on a no win-no fee basis. Where multiple people have been affected by a violation, we also make group action claims.

We understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached, so, our process is fully compliant with ICO guidance, and we never put your details at risk. We also remove the jargon from the process and make sure you always know what’s happening with your case.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

,

Morrisons employees data breach victory

The recent judgment in the Morrisons data breach case concerning the vicariously liability of employers for the actions of employees involved in  breaches of data is potentially highly significant for the insurance industry – both for the insurer and the insured.

 

The group litigation claim which was brought against the supermarket chain arose from a situation where a rogue employee placed on the internet the personal and sensitive data of other employees he had gained access to when playing a part in auditing the payroll of the business. The rogue employee was subsequently  convicted and received a substantial term of imprisonment for his criminal acts.

 

The basis of the claim against Morrisons was founded upon three causes of action – breach of statutory duty under the Data Protection Act 1998; misuse of confidential information and breach of confidence. It was asserted by the employees of the company that Morrisons was liable for the actions of their employee either directly and/or on a vicarious basis.

 

The High Court ruled that Morrisons were vicariously liable for the actions of their rogue employee on the basis of the “social justice” principle due in part to the connection and control that the employee had on behalf of his employer of the leaked sensitive data.

 

Whilst all cases in this field must be viewed on a fact specific basis, the potential impact of this ruling on employers is considerable as it extends their risk of exposure to liability for the actions of their employees when they have committed illegal acts without their knowledge.

Group action litigation involving thousands of claims brought against a company is not cheap to defend through the civil courts and also if not defended successfully, will lead to substantial payments of damages.

 

See what others have to say about it

The Telegraph

Sky News

 

If your employer has put your data at risk or you want more information about how to claim then contact us via our secure form.

,

Equifax data hack letter – What to do next

If you are one of a number of people who has received a letter from Equifax tell you that your data has been breached in the Equifax data hack you may be worried and unsure what to do next.

Firstly. Its important for you to know that the FCA is now investigating this matter.

The good news for consumers is that the FCA has considerably more powers that the ICO and so this ensures that the matter is being treated seriously.

Secondly, unfortunately you are not alone its estimated that up to 400,000 people in the UK may have been affected.

Thirdly – We are looking into starting a group action claim to better protect the individuals affected.

If you want to be part of this claim or you would like more information then register with us via our secure form.

You can also call us if you have any questions about the process.

Once you have registered with us:

  • It’s important to keep a ‘diary’ or note of events since the hack – for example has your card been used without permission?
  • Are there transactions that you bank have picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email – With your name on? -I so create a folder and keep it – this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We will keep you updated about any new breaches via our facebook page and newsletter and also notify you when we know more about the equifax hack.

 

,

Equifax hack – More information

In December the FCA (Financial conduct authority) confirmed that they are investigating Equifax over the massive data breach.

Over 100,000 UK customers may have been affected by this breach.

We are still hearing from clients who are only now receiving letters from Equifax.

We would urge you to check your post and email and if you do get a letter contact us for further advice about what to do.

You are entitled to some level of compensation for this breach by Equifax.

If you want more information or to make a claim contact us today via our secure form

Once registered with us or if you have received a letter:

  • It’s important to keep a ‘diary’ or note of events since the hack – for example has your card been used without permission?
  • Are there transactions that you bank have picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email – With your name on? -I so create a folder and keep it – this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We will keep you updated about any new breaches via our facebook page and group and also notify you when we know more about the equifax hack.

To register your claim today visit our secure data breach form

Happy Christmas

,

ICO GDPR guidelines

,

My data has been breached. What do I do?

At Hayes Connor we deal with a number of cases where clients data has been breached. In order to start a data breach claim we need to go through a number of details with you.

Each case is different as with any area of law but if you think that your data has been breached the first thing that we will ask is if you have reported this to the ICO?

The ICO is the body who will do an initial investigation on your behalf and then they may take action against the company who has commited the breach.

If you have been informed that you are informed that your data has been breached then you can make a claim for compensation – the Information Commissioner’s Office has issued information about what to do if you have been part of a breach.

ICO Guide for Data Breach and Cyber Crime – Click Here

You can also find information about what to do if your data has been breached as well being able to start your claim on our website

Click here 

,

Success Fees – FAQ’s

WHAT ARE THEY?

Success Fees are mechanism by which a Solicitor will enter into an agreement with you for you to pay up to 25% of the damages you recover to that Solicitor in Costs. The Fee is only payable if the claim is successful and damages recovered.

WHAT DO THEY MEAN

In the main they mean that you will be paying part of your solicitor’s charges for running the claim for you. This being the case the Solicitor should account to you for the work they have done to justify charging the success fee. If they do not you may be able to challenge that fee.

WHY DO SOLICITORS CHARGE THEM

In the main because they are only entitled to fixed amounts of fees from Insurances companies who you are claiming against. This is the case for all Road Accident and Employer/Occupier or Public Liability claims with a value under £25,000 in damages.

Often the work that a solicitor will do for you in these cases will amount to a greater figure than the fixed costs available to them.

WHAT SHOULD I EXPECT FROM MY SOLICITOR

At all times a clear explanation of the fees they are going to charge you and why they are charging. They should be clear on the amounts, the timing of the payments and any other options you may have to fund that claim such as legal expense insurance you have already paid for elsewhere.

WHAT DOES A SUCCESS FEE INCLUDE

This is where you need to read the small print. There are many differing approaches to the deduction of success fees and whether they include VAT, exclude VAT or have some element of administration charge or insurance product charge added. Always ask for a breakdown at the outset of how a fee is charged and an example.

CAN I COMPARE SUCCESS FEES AND SOLICITORS

Most Solicitors will not advertise their fee charges nor publish guidance on a website or other media for you to review. Always look at the No Win No Fee section of any material published and simply ask the question.

At Hayes Connor we work on a No Win No Fee basis and any success fee that is applicable will not exceed 25%.

, ,

Equifax Data Hack UPDATE

Everyday we are receiving more and more calls from customers who have been affected by the Equifax data hack.

We are expecting an even bigger number after the christmas period as it can’t be confirmed that customers details haven’t got into the hands of dishonest organisations or people.

Some important advice regarding the Equifax data hack:

Firstly contact the ICO and ensure that they have your details on file.

The more people affected the more likely an investigation into equifax or your individual case will be carried out.

  • If this is done and Equifax are fined we can help you get compensation.

Secondly contact us – we will be able to keep your details (securely) and keep you up to date on the ICO action and the outcome of any investigation.

We will also be able to advise you on what to do whilst waiting for the ICO’s findings.

Once registered with us:

  • It’s important to keep a ‘diary’ or note of events since the hack – for example has your card been used without permission?
  • Are there transactions that you bank have picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email – With your name on? -I so create a folder and keep it – this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We will keep you updated about any new breaches via our facebook page and newsletter and also notify you when we know more about the equifax hack.

To register your claim today visit our secure data breach form