Can you make a data breach claim against the British and Foreign Bible Society?
This month, the British and Foreign Bible Society was fined £100,000 for failing to protect the personal data of 417,000 of its supporters. Following an investigation by the Information Commissioner's Office (ICO), it was revealed that the Society exposed these supporters to possible financial or identity fraud.
While the Society was a victim of a cyber-attack, this does not negate the fact that it failed to take appropriate steps to protect the personal data it was entrusted with.
With data breaches often causing significant distress for those affected, victims of the British and Foreign Bible Society data breach may now want to claim compensation.
What happened in this case?
Between November and December 2016, criminals exploited the weakness of the Society's computer network - which used an easy-to-guess password - to access the personal data of its supporters.
Using ransomware to encrypt almost one million files, the data compromised included names and contact details, as well as payment card and bank account details for some. Fortunately for the Society, the data had recently been backed up, so it could not be held to ransom. But, many of the files were transferred, copied and extracted by the attacker.
What was the result of the investigation?
During its investigation, the ICO found that supporter details were kept on an insufficiently secured internal network which offered inappropriate remote access rights.
Commenting on the case, Steve Eckersley head of enforcement at the ICO said:
"The Bible Society failed to protect a significant amount of personal data and exposed its supporters to possible financial or identity fraud.
"Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated.
"Cyber-attacks will happen, that's just a fact, and we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders."
The British and Foreign Bible Society was fined £100,000 for breaching data protection legislation.
What can you do?
Today, many people choose to donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data. Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often such organisations are insured against such data breaches, so you don't have to worry about the impact of the good work you support.
In this case, the ICO found that the Society's failure was likely to cause substantial damage or distress to those supporters who had their data stolen.
While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO - as in this case - you can use that information to support a data protection compensation claim.
The Society has notified victims who have had their payment details stolen, but it is not clear if those who had other personal data put at risk were informed. However, modern cybercriminals are increasingly sophisticated and such information can be used to carry out identity theft and fraud, so it is vital you are told.
What's more, it doesn't matter if criminals haven't used your data. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.
If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. If you are not sure if your information was compromised, we can find this out for you. We can also help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.
With strict-time limits in place for making most compensation claims, it's essential to act now.
IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM COMPLETE OURCONTACT FORM.