data compensation
, , ,

Emma’s Diary breaks trust of young mums

Earlier this month, parenting website Emma’s Diary was fined £140,000 for selling data collected from its app to the Labour Party.

Using a database created by Experian, Labour used this personal information to target new mothers with direct marketing. The data gathered included parent names, addresses and the dates of birth of the mother and children.

In an extraordinary breach of trust, many parents are now reeling that their personal information was treated this way. So, here at Hayes Connor Solicitors we are helping them to claim Emma’s Diary compensation for any distress suffered.

Commenting on this case, our managing director, Kingsley Hayes said:

“Quite often we deal with data breach cases where a cybercriminal has hacked a company to access sensitive user information. But in this case, Emma’s Diary willingly and knowingly handed it over for profit. What is even more shocking is that this sensitive information included data about children. It’s no wonder that young mums and dads are now distraught at this breach of trust.”

He added:

“Leaving aside the fact that this data was used to manipulate our democratic process, this case shows a worrying disregard for data privacy. Mums across the UK used Emma’s Diary to get much-needed medical advice and free baby-themed goods. The last thing they expected was that their trust would be abused in this way.”

Claiming Emma’s Diary compensation

You can make a compensation claim against Emma’s Diary if you have struggled emotionally following the data breach, even if you have not experienced any financial loss.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure.

Some people would have us believe that claiming for distress is an overreaction. That your psychological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information sold in this manner.

Being the victim of a data breach can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So why shouldn’t you seek compensation for a failure to look after your information correctly? Especially when it included data about young children.

How much compensation could you get?

Data breaches often have severe consequences for those affected, and in this case, you could be entitled to up to £1,500 (or more depending on your circumstances). And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Join our group action and claim Emma’s Diary compensation now

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information was manipulated and used in way they did not agree to. In response, we are now launching a group action against Emma’s Diary.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.



Massive Timehop data breach affects 21 million users!

Popular app Timehop, which highlights old social media posts, has been the victim of a colossal data hack. The breach has exposed the private details of more than 21 million users. Most of the data included usernames and email addresses. However, one in five affected users (that’s 4.7 million people) may have also had their phone number compromised.

A spokesperson for Timehop has admitted that its users’ data was able to be stolen because it didn’t use two-factor authentication (2FA) on its cloud computing login.

The attack was discovered on July 4th and stopped in just over two hours. However while Timehop uncovered the breach while it was happening, and was able to halt it, the firm admits that “data was taken”.

A statement on Timehop’s website says that: “Some data was breached. These include names, email addresses, and some phone numbers. This affects some 21 million of our users. No private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected.”

An investigation into the incident is also looking at “the possibility of any earlier ones that may have occurred”.

Timehop has also suggested that: “If you used a phone number for login, then Timehop would have had your phone number. It is recommended that you take additional security precautions with your cellular provider to ensure that your number cannot be ported.”

The firm has also admitted that “access tokens” provided to Timehop by social media providers were also stolen. These tokens “could allow a malicious actor to view without permission some of your social media posts”. Furthermore, while there is no evidence that this has happened, it was possible that unauthorised users could have accessed those posts.

Timehop is said to be aggressively and proactively notifying its users, partners, and customers about the breach, and all European users should have been contacted.

What should you do now?

While it is not yet clear if cybercriminals will use the stolen data, Timehop clearly failed to put necessary security measures in place to keep its users safe. And, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. So it’s vital to hold them to account.

To start a compensation claim following the Timehop data breach, register with Hayes Connor Solicitors. We will keep you updated as this case progresses and let you know if and when you can claim.

It doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

It is also essential to keep a ‘diary’ or note of events since the hack. This should include things like:

  • Whether your card been used without permission
  • If there are any transactions that your bank has picked up that you haven’t made
  • If you are getting more spam or junk email with your name on it
  • Are you getting more spam calls or messages
  • If you are anxious or worried at the thought of people being able to access your data.




Victim Support following cyber fraud

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims of crime across the UK.

At Hayes Connor Solicitors, we are working with Victim Support to help those affected by cybercrime and data breaches. Ultimately, we want to ensure that victims have access to the support they need when they need it, as well as raising awareness of the threat to keep people safe online.

Find out more about our partnership with Victim Support.

Last year, Victim Support published a policy statement on fraud. While this document relates to all kinds of scams, it has some crucial information for victims of cyber fraud.

Here is a quick summary of some of the critical points, as well as more information about how we can help you claim compensation.

An introduction to fraud

There are different types of fraud including identity fraud, bank and credit account fraud, and dating fraud. A person who is guilty of fraud could face a maximum prison sentence of 10 years and/or a fine.

Victims of fraud experience a wide range of emotional and psychological responses. Some of the most common reactions include anger, distress, stress, feelings of shame, sadness, fear, embarrassment, and upset. There is also evidence to show that victims of fraud can suffer from mental health problems such as depression and anxiety. In some instances, falling victim to fraud can even lead to people feeling suicidal or even attempting suicide.

So being the victim of fraud can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can also affect their friends, their family and their job.

However, all too often victims of online fraud are expected to “get over it”. And this approach clearly isn’t helpful.

What can you do if you are the victim of cyber fraud?

When it comes to cybercrime, the majority of those affected by fraud have suffered financial loss. And, depending on a range of factors the results can range from annoyance to bankruptcy, homelessness, and postponing or giving up retirement.

If you want to report that you have been the victim of online fraud or identity theft, contact Action Fraud. You can do this online or via telephone.

Action Fraud is the national fraud reporting service, and is the starting point for any police investigation into your loss. For any other form of cybercrime such as online stalking, harassment, or fears about sexual grooming, you should contact the police directly. If someone is convicted of a cybercrime against you, the court may order them to pay you compensation.

However, very often it is not possible to recoup your losses as the criminal is never caught. But if you have become the victim of cyber fraud because of the negligence of others (e.g. a business not taking proper care of your personal or financial information), you may be able to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to achieve the redress they deserve for over 50 years, so we know what it takes to make a successful cybercrime claim.

Victims of fraud should also seek help from Victim Support.

Protecting people from cyber fraud

Despite the risk, people are more likely to take steps to improve their home security than reduce their risk of falling victim to cyber-crime. But, with data breaches and hacks becoming increasingly common, more must be done to help individuals protect themselves.

Victim Support is doing what it can to help reduce fraud and in its policy paper discusses the need to:

  • Increase public awareness and understanding of fraud protection measures
  • Reduce susceptibility to fraud amongst vulnerable people
  • Enhance the police response to victims of fraud
  • Improve the service provided by banks to customers in cases of APP scams and relaxing SAR (serious activity report) rules on disclosure
  • Improve the reporting rate of fraud offences.

Victim Support’s position

To provide vulnerable banking customers with greater protection from fraud, Victim Support believes that:

“An optional mechanism should be introduced, whereby large transactions from their accounts are delayed and a nominated person is notified. This would offer them time to review and cancel suspected fraud payments. In addition, to determine whether additional measures, such as tailored warning messages and caps on the amount payable to new payees, should be offered by financial institutions nationally to customers, Victim Support would welcome further research into, and evaluation of, their effectiveness.”

Victim Support also supports “the development and introduction of a Public Available Specification that sets out best practice in the provision of financial services, including to vulnerable customers, which institutions are encouraged to adopt.”

The police and cyber crime

If you want the court to consider awarding you compensation, you need to tell the police. You also need to give them details about any damage or distress you have suffered. The police will pass this information to the Crown Prosecution Service, and it will make the request for compensation in court. However, in criminal proceedings, it can be difficult to persuade the prosecutor to seek a compensation order (following a conviction).

Unfortunately, according to Victim Support’s policy statement, the police are not consistently providing victims of fraud with an appropriate response to cyber-fraud. Officers can be unsympathetic in their initial reaction to fraud victims, and have a poor understanding of the impact of the crime. More must be done to demonstrate that the police take digital offences seriously.

Where the authorities are not interested, or where you do not want to make a criminal case, we can assist with a private prosecution. With this approach, your case goes before a judge in a civil trial. Often these cases are settled out of court. Proceedings can be started quickly, without the uncertainty associated with whether the prosecutor will investigate the case.

Cyber fraud claim solicitors

If you have been the victim of online fraud, our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid compensation claim.

If you have a straightforward claim, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

In addition to fraud and financial crimes, we can help you to claim compensation for a range of cybercrime violations including:

  • Data protection breaches and other data leaks
  • Hacking
  • Identity Theft
  • Phishing
  • Copyright Infringements
  • Cyber extortion
  • Online harassment.

At Hayes Connor Solicitors, we understand that making a compensation claim can be stressful; especially where you have already been the victim of a crime. That’s why we make sure you always know what’s happening with your case and remove the jargon from the process.

Our process is fully compliant with data protection guidance, and we never put your details at risk.


data hack

Have you been to Butlin’s? Your data might have been hacked.

Butlin’s has revealed that up to 34,000 guests might have had their personal information stolen by hackers. The holiday camp has apologised for the breach and has set up a “dedicated team” to contact those guests who might be affected and advise them on what to do next.

What data was stolen in the Butlin’s data breach?

The data accessed by hackers includes names, home addresses, email addresses, telephone numbers and holiday arrival dates. And, while it doesn’t look like any financial information has been compromised, the data that has been stolen could be used by criminals to commit fraud.

The phishing attack happened within the last 72 hours. Phishing describes the illegal practice of sending emails claiming to be from reputable companies and individuals to encourage people to reveal personal information such as passwords and credit card details. Human error (through phishing attacks and other failures) is the greatest single point of weakness in the security of most organisations

Under the latest data protection regulations, any company made aware of a data breach has to self-report the incident as soon as possible. So, while Butlin’s isn’t yet sure if all 34,000 holidaymakers have been affected by the breach, it was obligated to report the incident to the Information Commissioner’s Office (ICO).

According to a spokeswoman for the ICO: “Butlin’s has made us aware of an incident and we will be making enquiries.”

There are currently three Butlin’s holiday camps. These are based at Skegness Bognor Regis and Minehead. If you have had a holiday at any of these camps and your data was stolen, you might be able to claim compensation.

Making a cybercrime compensation claim

With more and more organisations using computers to store and process personal information, concerns about online crime and the misuse of data are on the rise. However, you do have rights if your data is stolen or breached.

The ICO has the power to impose hefty fines on organisations who fail to meet their data protection requirements. And, while the ICO does not award compensation, you have the right to ask the ICO to assess an organisation if you think it is guilty of a breach. You can then use this information to support a data protection compensation claim.

Also, if you hear that a company is being investigated by the ICO for a breach of its legal obligations – as in this case – you should seek legal advice to see if you are entitled to make a compensation claim.

At Hayes Connor Solicitors we can investigate your claim. And we will work with the ICO to gather as much evidence as possible to help you succeed.

You can make a compensation claim even if you haven’t lost out financially

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your claim, quickly and easily.

We make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims, if you have been contacted by Butlin’s about this incident it’s important to act now.


Starting data breach compensation proceedings against Ticketmaster

Following the Ticketmaster data breach, our action has more than 500 clients, and we are now in the final stages of preparing these claims.

To keep you up-to-date with our progress, here is a quick summary of the steps we are taking, and what you must do if you want to make a data breach case against Ticketmaster.

Finalising a letter before action in the Ticketmaster data breach case

Later this week, Hayes Connor Solicitors is meeting with specialist barristers Ian Whitehurst and Louis Browne QC of Exchange Chambers to finalise the letter before action (LBA).

Ian has significant experience in the niche areas of cybercrime and data protection, while Louis has vast experience of both advising and acting in very high-value claims.

The LBA will be drafted on behalf of all clients signed to the Ticketmaster action by the 10th of August 2018 and will include:

  • The name and address of each individual making a claim
  • A summary of what’s happened in their particular circumstances
  • What we want Ticketmaster to do about it
  • How much each client is claiming for (and how we have calculated that amount)
  • A deadline for reply
  • Notice that we will start court proceedings on behalf of our clients if we don’t get a reply.

If you haven’t yet told us that you want to make a case against Ticketmaster, it’s essential that you do this ASAP.


Issuing a letter before action following the Ticketmaster data breach

We intend to submit the LBA on 15th August 2018. The LBA not only lets Ticketmaster know that we will be starting proceedings against them, but also that we are very serious about getting you the compensation you deserve.

Ticketmaster will then have 21 days to respond to this letter.

If you have already told us that you want to make a data breach claim against Ticketmaster, and have completed and returned our initial pack and impact form, this response will dictate the next steps we take to recover your losses.

If you have already registered with us, but haven’t yet completed these documents, it’s vital that you do so ASAP.

Should you have mislaid your documents or require a further copy, please let us know and we will send another set out to you straight away.

If you want to join our action against Ticketmaster it is not too late!

If you want to make a data breach claim against Ticketmaster, it is vital that you register with us ASAP so that we can assess the impact the breach has had on you. Once you have done this, we will be in touch to let you know the next steps, including what will be claiming for and how much compensation you could receive.

We are dealing with Ticketmaster data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny. There are no hidden charges or other administration fees.

Find out more about how we can do this.

To date, our action against Ticketmaster has more than 500 clients, and it is clear that the data breach is extensive. As such, we expect them to take our claim very seriously.


While each case is different, if successful, you could be entitled to around £5,000 in compensation, so it’s essential to act now.



data breach

Serious data breach uncovered at Reddit

Social news aggregation, web content rating and discussion website Reddit, has revealed that it was the victim of a data hack. In this case, a cybercriminal broke into some of Reddit’s systems and accessed user data.

Many people use Reddit to post highly personal anonymous stories. In fact, the platform prides itself on providing a safe space for people to say whatever they want, without their messages being linked to their real identities.

But if usernames can be connected to emails following this breach, the identities of ‘Redditors’ could be revealed. And the consequences for these people could be devastating.

At Hayes Connor, our data breach solicitors set out what you should do if you are a user who is concerned about the impact the data breach at reddit could have on you.

What information was stolen?

The data accessed included complete information from a 2007 database backup which contained old protected (salted and hashed) passwords, email addresses, public posts and private messages.

Reddit has confirmed that it will be contacting all users affected by the breach of this database. The company has also urged users who used the platform anywhere near 2007 to reset their passwords and enable 2-factor authentication. So, if you are a long-standing Reddit user (or were a user back then), it’s worth checking your spam folder just in case. Those who signed up for the online service after 2007 should be in the clear.

In addition to the old database, more recent data, including email addresses and ‘subreddits’ people have subscribed to have also been accessed by cybercriminals.

However, there is no indication that Reddit will be contacting those individuals who have had their current email addresses stolen. So you’ll have to figure that out for yourself.

Reddit is asking users who have had their email address affected, to “think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address” and remove it. Put simply, affected users should delete any posts they don’t want to be traced back to.

What happens now?

The attack happened between 14th – June 18th June, and was discovered a day later.

Reddit has said that it is conducting a “painstaking investigation to figure out just what was accessed”, and to improve its systems and processes to prevent this from happening again.

Reddit has also said that it has reported the issue to law enforcement and is cooperating with investigations.

Why are people worried?

While much of the data accessed is at least 11 years old, that doesn’t mean that people aren’t right to be distressed at the thought of their private communications – including messages – falling into the wrong hands. Especially when this data can be linked to a specific email address (and therefore a person).

The security incident has been described as a “serious attack,” and just because Reddit was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

Your distress matters!

Some people would have you believe that claiming for distress is an overreaction, but our data breach solicitors and the law don’t look at things this way.

The sheer scale of the information we share on social media is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this gets into the wrong hands.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And you can do this if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

At Hayes Connor Solicitors, our data breach solicitors have been helping people to claim compensation for over 50 years, so we know what it takes to make a successful data breach claim. Our initial evaluation is always free of charge, and there’s never any obligation to take things further.

If we do think you have a reasonable chance of winning your case, we’ll let you know straight away. What’s more, once appointed, we provide a NO WIN, NO FEE service; so you have nothing to lose.


data breach claim

Dixons Carphone data breach affects 16 million customers

In summer 2018, Dixons Carphone admitted that almost 16 million of its customers had their details exposed in a massive data breach.


Hackers got access to 10 million personal data records (up from an initial estimate of 1.2m people). This Dixons Carphone Warehouse data protection breach compromised dates of birth, addresses and phone numbers.

Dixons Carphone also discovered a separate attempt which compromised the records of 5.9 million payments cards.

These attacks were identified when the company reviewed its systems and data.


Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.


The National Crime Agency began investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

The retailer said that it would contact all customers to apologise and advise on the steps they could take to protect themselves. However, this is not the first time that the company has failed to protect its customers.

Earlier last year, the Carphone Warehouse (which merged with Dixons) was fined a £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees were put at risk. This included the historical payment card details for some 18,000 customers.

With a history of failures, the regulator will now be looking very carefully at this latest revelation.


While Dixons Carphone was the victim of a cyber-attack, it was responsible for protecting your personal information.

With an ICO investigation now underway into the Dixons Carphone data breach, if it was to blame for this appalling data protection failure it will no doubt have to pay a hefty fine. But the ICO does not award data breach compensation.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

What can you do following the Dixons Carphone data breach?

Data breaches can have severe consequences for those affected. So, customers of Dixons Carphone should now be looking to claim compensation; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you were affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

Why join our multi-party action?

Multi party actions give our clients more power against big businesses. This is because a group of people who have suffered the same or similar injuries due to the negligence of the same defendant (in this case Dixons Carphone) join together to claim for compensation. In short, it gives us strength in numbers.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation. Making a claim is simple and doing so sends a message to organisations everywhere that they must do more to protect their customers from identity and financial theft, and emotional distress.