Data protection compensation

Facebook data breach investigation latest. What’s happening and how can you make a compensation claim?

The Information Commissioner’s Office (ICO) is set to fine Facebook £500,000 for data breaches. That is the maximum financial penalty possible and reflects the severity of the data protection scandal. The ICO also intends to bring criminal action against SCL Elections, the now-defunct parent company of Cambridge Analytica.

If you are a Facebook user and are concerned that your data has been accessed and exploited, get in touch. We’ll let you know if and when you can claim.


What happened in this case?

  • Social media giant Facebook and controversial data firm Cambridge Analytica are at the centre of a dispute over the harvesting and use of personal data
  • Questions were raised over whether this data was used to influence the outcome of the US 2016 presidential election and the Brexit referendum
  • In March 2017, the ICO began looking into whether personal data had been misused

What is happening now in the Facebook data breach investigation?

Yesterday, the Information Commissioner Elizabeth Denham, published a detailed update of her office’s investigation into the use of data analytics in political campaigns.

The report reveals that the ICO plans to fine Facebook £500,000 for breaches of the Data Protection Act.

The ICO has also said that it is taking steps to bring a criminal prosecution against SCL Elections Limited. While Cambridge Analytica has shut down, the ICO has already said that its directors can still be held liable and possibly criminally prosecuted.

Crucially, the ICO believes that in addition to breaching its own rules, Facebook also failed to ensure Cambridge Analytica had deleted its users’ personal data when requested. What’s more, while the ICO noted that Facebook had been the biggest recipient of digital advertising by political parties and campaigns to date, it said that the company had not done enough to explain to users they were being targeted as a consequence, or given people enough control over how their sensitive personal data was used. As a result, it seems that Facebook is guilty of two breaches of the Data Protection Act.

So, does this mean Facebook will be held to account?

No. The social media giant still has time to make any representations to the ICO before a final decision is made. However, by publishing a Notice of Intent, it is clear that the ICO is taking this matter very seriously. In fact, based on the evidence so far it looks likely that the ICO will issue Facebook with the maximum fine allowed under British law.

However, Facebook could still get away lightly, because if it had been fined under the new GDPR (General Data Protection Regulation), it could have been hit with a penalty of £479m. Indeed, the £500,000 fine is tiny when stacked up against the firm’s value of £445bn.

The impact on political parties

In its report, the ICO raised concerns about political parties buying personal information from data brokers.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections, was significant and has called for a code of practice to fix the system.

The ICO has also written to all the main political parties in the UK pressing them to have their data protection practices audited.

Who else is involved?

 Aggregate IQ

The ICO has said that Aggregate IQ (AIQ), a Canadian company which worked with the Vote Leave campaign in the run-up to the EU Referendum must stop processing UK citizens’ data. AIQ had access to UK voters’ personal data provided by Vote Leave and this information may have been transferred and accessed outside the UK. If so, this would be a breach of the Data Protection Act.

Emma’s Diary

The ICO also named Emma’s Diary; a company that gives medical advice and free baby-themed goods to parents who download an app. It appears that the company may have handed over data which was then used by the Labour Party to campaign to people. As a result, the ICO is about to take regulatory action against Lifecycle Marketing, the owner of the service.

With potentially one million people affected, if you have downloaded and used Emma’s Diary and are concerned that you have been targeted in this way, contact us today to find out more about making a compensation claim.


Eldon Insurance Services

It has been alleged that the Leave campaign used the personal information of people on the Eldon Insurance and GoSkippy database on the run-up to the Brexit referendum. If true, this is a shocking misuse of private information and anybody affected is likely to have a claim for compensation.

Find out more here.

Vote Leave

The ICO is looking into to what extent Vote Leave transferred the personal data of citizens outside the UK. It is likely that this was in a breach of the Data Protection Act.

Remain campaign

The ICO is investigating the collection and sharing of personal data by the official Remain campaign (Britain Stronger in Europe) and a linked data broker. In particular, it is examining inadequate third party consents and the fair processing statements used to collect personal data.

The University of Cambridge

The Psychometrics Centre at the University of Cambridge carries out research into social media profiles. As part of its investigation, the ICO is considering whether Cambridge University has “sufficient systems and processes in place to ensure that data collected by academics for research is appropriately safeguarded in its use and not re-used for commercial work.”

The ICO said that it expects the next stage of its investigation to be complete by the end of October.

How to make a compensation claim

What’s emerged so far is looking increasingly like just the tip of the iceberg. We could be talking about one of the largest ever group actions of its kind in the UK courts. As such, Hayes Connor Solicitors has launched a group action against Facebook and has appointed Barrister Ian Whitehurst to help in this case.

Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that together our team will get the results our clients deserve.

We believe that a group action is the best way forward for data breach claims of this nature. It allows people with the same type of claim in principle to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

Furthermore, with a group action claimants often share the legal fees. And, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis.

What should you do now?

Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.


cybercrime solicitors

Can you get your money back after a “push” fraud?

Last week, an article revealed the sad case of a widow who was conned into losing her mother’s care-home fees. In a highly-sophisticated cybercrime attack, the woman was defrauded of £20,000 in a so-called “push” scam.

What is push fraud?

Push fraud – also called authorised push payment (APP) scams – happen when criminals deceive individuals into sending them money. Because the victim believes the fraudster to be trustworthy and genuine, they authorise the handover of cash. The money is then quickly transferred by the fraudster to different accounts, often abroad, which makes getting it back almost impossible.

Common types of push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

While in many cases, the criminals involved might call hundreds of people in the hope of tricking someone, often these cybercrime scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them.

In this latest case, the criminal claimed to be from the Royal Bank of Scotland fraud team flagging up unusual transactions. The fraudsters ran through some security questions to extract the information they needed to access her online banking and rename her current account “frozen”. So, when the woman went to check via the proper channels, it did appear that her account had been locked. In a following call, she was then asked to move her balance to a new “protected” account. But when she called RBS to check the transfer went through okay, they knew nothing about it.

The rising problem of push fraud

The problem of transfer fraud is increasing in the UK. Indeed, according to consumer group Which? in the first two weeks after launching an online cybercrime reporting tool, more than 650 people came forward claiming a loss of over £5.5 million.

Overall, the latest official figures show that over £100 million was unknowingly handed over to criminals through push scams between January and June last year. Over this period around 17,000 people were victims of these scams, and they lost an average of £3,000 each.

How to protect yourself against push fraud

To keep you safe, UK Finance offers the following advice:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Don’t be rushed into handing over sensitive information, take the time to contact the company directly using a trusted email or phone number to check the request is genuine
  • Listen to your instincts. If something doesn’t feel right don’t be pressured into making a decision there and then
  • Never automatically click on a link in an unexpected email or text.

Are the banks liable?

According to the banks, they make it very clear that customers should never make a payment at the request of someone over the phone or email. So, while millions have been lost by unwitting victims, because the transfers were authorised, until now banks have been unable (or unwilling) to return nearly 74% of the money.

Don’t be fobbed off by the banks!

If you have been the victim of a push fraud and need help getting your money back, there is some good news. Under new plans, the regulator is coming down on the side of consumers and people tricked into transferring money directly to a fraudster can expect stronger protections.

A new industry code will be in place from September, helping victims of such scams to secure compensation. What this means in practice is that victims of push scams can be confident that any claim for reimbursement will be given fairer consideration.

If you want to claim compensation following a push payment scam or another type of cybercrime, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

 We can help you to claim compensation from the fraudster, your bank, and any organisation that may have put your data at risk (where this data was then used to facilitate a push scam).

Start your claim

Data breach compensation claims

Can you still make a claim against Cambridge Analytica?

Cambridge Analytica – which is at the centre of the Facebook data breach scandal – has filed for bankruptcy and is to shut down. Accused of improperly using personal data harvested from millions of Facebook users, a statement on the firm’s website states that it is it “no longer viable to continue operating the business.” Cambridge Analytica’s parent company, SCL Group, is also closing, leading to allegations that the firms are attempting to use insolvency laws in the UK to evade scrutiny.

Will the investigations continue?

Commenting on the news, the chair of the UK parliamentary committee leading the investigation into the data breach scandal said that: “They [Cambridge Analytica’s and SCL Group] are party to very serious investigations and those investigations cannot be impeded by the closure of these companies.”

He added: We’ve got to make sure this isn’t an attempt to run and hide, that these companies are not closing down to try to avoid them being rigorously investigated over the allegations that are being made against them.”

There is also scepticism over the closures, with one ex-employee of Cambridge Analytica, stating that they were sure the company would emerge “in some other incarnation or guise”.

Can you still claim for compensation?

Absolutely. In fact, regardless of whether a company exists anymore, directors can still be held liable. The Information Commissioner’s Office (ICO) – which is conducting its own civil and criminal investigations – has said that it will pursue individuals and directors as appropriate and necessary should the companies no longer be operating.

The ICO has also said that it will continue with its inquiries and “monitor closely any successor companies using our powers to audit and inspect, to ensure the public is safeguarded.”

What now?

If you are concerned that your data has been exploited by Facebook and Cambridge Analytica contact us today. As specialists in data law, we are carefully observing this case and are pulling together a group action to seek compensation.

We believe that a group action offers the best chance of success for data breach claims of this nature as it allows people to work together on a collective basis and strengthen their overall position. With a group action, people share the legal fees, and, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis.

At Hayes Connor, we not only have the legal expertise needed to win these types of cases, but we have also appointed an expert barrister to help and we are confident that our team will get the results you deserve.

Register your interest in making a compensation claim.

facebook data

My data has been breached. What do I do?

My data has been breached… What do I do?

At Hayes Connor we deal with a number of cases where a clients data has been breached. In order to start a data breach claim we need to go through a number of details with you.

Each case is different as with any area of law but if you think that your data has been breached the first thing that we will ask is if you have reported this to the ICO?

The ICO is the body who will do an initial investigation on your behalf and then they may take action against the company who has commited the breach.

If you have been informed that you are informed that your data has been breached then you can make a claim for compensation – the Information Commissioner’s Office has issued information about what to do if you have been part of a breach.

ICO Guide for Data Breach and Cyber Crime – Click Here

You can also find information about what to do if your data has been breached as well being able to start your claim on our website

Click here 

equifax data breach even worse
, ,

Equifax Data Hack UPDATE

Everyday we are receiving more and more calls from customers who have been affected by the Equifax data hack.

We are expecting an even bigger number after the christmas period as it can’t be confirmed that customers details haven’t got into the hands of dishonest organisations or people.

Some important advice regarding the Equifax data hack:

Firstly contact the ICO and ensure that they have your details on file.

The more people affected the more likely an investigation into equifax or your individual case will be carried out.

  • If this is done and Equifax are fined we can help you get compensation.

Secondly contact us – we will be able to keep your details (securely) and keep you up to date on the ICO action and the outcome of any investigation.

We will also be able to advise you on what to do whilst waiting for the ICO’s findings.

Once registered with us:

  • It’s important to keep a ‘diary’ or note of events since the hack – for example has your card been used without permission?
  • Are there transactions that you bank have picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email – With your name on? -I so create a folder and keep it – this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We will keep you updated about any new breaches via our facebook page and newsletter and also notify you when we know more about the equifax hack.

To register your claim today visit our secure data breach form