Posts

cybercrime claims
,

UK banking customers at risk as scammers steal half-a-billion pounds

According to the latest figures, over £500m was stolen from British banking customers in the first half of 2018.

What’s more, a whopping £145m of that was due to authorised push payment (APP) scams. A push payment scam happens when a cybercriminal tricks someone into sending them money online.

Purchase scams, where people are tricked into paying for products or services that do not exist, were the most common form of APP fraud reported in the first half of 2018.

There were also 3,866 cases of impersonation scams reported. This is where cybercriminals pretended to be from a trusted body (e.g. a bank or the police) to trick account holders into transferring money.

During the same period in 2017, push payment scams saw £101m stolen from UK banking customers. This year’s £44m increase is thought to be partly down to more banks reporting data.

Another £358m has been lost to unauthorised fraud. This includes transactions made without account holders’ knowledge.

How to protect yourself from push-payment fraud

UK Finance, the body behind the latest report offers the following advice:

  • Never disclose security details, such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret.

However, according to a spokesperson from consumer group Which? the banks’ efforts to tackle fraud has been “woefully insufficient”. He said: “They have not done enough to protect their customers, who continue to lose life-changing sums of money to ever-more sophisticated crooks”.

Can victims of bank fraud get their money back?

While unauthorised fraud victims are usually refunded by their banks, until now, most victims of push-payment scams do not get their money back.

However, the industry has recently introduced new safeguards to help victims of push payment scams to secure compensation as well as a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

This means that victims of push payment fraud can be confident that any claim for reimbursement will be given fairer and quicker consideration.

In fact, your bank can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness.

Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation. Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

Get legal help making a cybercrime claim

If you want to claim compensation following a push payment (or any other form of cyber-scam or bank fraud), Hayes Connor can help.

Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making a cybercrime claim, it’s essential to act now.

START YOUR CYBERCRIME CLAIM TODAY

What can you do if your bank refuses to reimburse you following a Push Payment Scam?
,

What can you do if your bank refuses to reimburse you following a Push Payment Scam?

A push payment scam happens when a cybercriminal tricks someone into sending them money online. And it’s more common than you might think. In fact, in 2017, UK bank customers lost more than £236m due to push-payment scams.

In most cases, the push payment scam is successful because the victim believes the fraudster to be genuine. For example, scammers often call people up claiming to be the police or the bank. They might state that someone is at risk of a security threat, and that they are calling to help stop it. In other cases, an email with an address that looks genuine could request payment (e.g. from a solicitor or tradesperson).

The money lost due to push payment scams can be devastating. For example, a mother and daughter In Kent were tricked out of their life savings after unknowingly transferring £113,665 to a criminal, rather than their solicitor.

Another woman was conned into losing her mother’s care-home fees after a criminal claiming to be from her bank’s fraud team flagged up unusual transactions on her bank account. The fraudsters ran through some security questions and extracted the information they needed to access her account and rename her current account “frozen”. When the woman went to check online, it did appear that her account had been locked. She was then asked to move her balance to a new “protected” account. However, when she called her bank to check the transfer had gone through, they knew nothing about it.

Historically, banks and other organisations have avoided paying push payment scam compensation to victims. And, because payments have been authorised by the customer, there has been little chance of redress.

So, can you get compensation for a push payment scam?

If you have been the victim of a push payment scam and need help getting your money back, there is some good news.

The industry has recently introduced stronger protections to help victims of push payment scams to secure compensation. It has also set out a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

What this means is that you can be confident that any claim for reimbursement will be given fairer and quicker consideration. And that your bank (or another financial provider) can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness. Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation.

Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

If you want to claim compensation following a push payment scam, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward push payment scam case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making push payment fraud compensation claims, it’s essential to act now.

START YOUR CLAIM TODAY

data compensation
,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW

,

Data protection complaints increase by almost 50% in three months

According to the Information Commissioner’s Office (ICO), the number of reported data protection complaints has almost doubled since April this year. The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.

The stats show that:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

In total, there were 957 reported data security incidents in Q4 2018. Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

Worryingly, reported cybersecurity incidents also increased by 31% over the same period. Overall, general business, education and local government were the sectors with the most reported data breaches (the figures exclude the health sector).

Commenting on the changes since the introduction of the GDPR, a spokeswoman for the ICO said: “It’s early days and we will collate, analyse and publish official statistics in due course. But generally, as anticipated, we have seen a rise in personal data breach reports from organisations.

“Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

A rise in data breach awareness

The stats indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months.

For example, at Hayes Connor Solicitors we are involved in the following cases:

 

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

 

If you have been affected by any of these data protection cases, or if you want to make a data breach compensation claim against another organisation, let us know.

At Hayes Connor Solicitors, we’ve been helping people to get the justice they deserve for over 50 years, so we know what it takes to make a successful data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

START A DATA BREACH CLAIM

 

facebook data
,

Facebook data breach investigation latest.

The Information Commissioner’s Office (ICO) is set to fine Facebook £500,000 for data breaches. That is the maximum financial penalty possible and reflects the severity of the Facebook data breach scandal. The ICO also intends to bring criminal action against SCL Elections, the now-defunct parent company of Cambridge Analytica.

What happened in the Facebook data breach case?

  • Social media giant Facebook and controversial data firm Cambridge Analytica are at the centre of a dispute over the harvesting and use of personal data
  • Questions were raised over whether this data was used to influence the outcome of the US 2016 presidential election and the Brexit referendum
  • In March 2017, the ICO began looking into whether personal data had been misused

What is happening now in the Facebook data breach investigation?

Yesterday, the Information Commissioner Elizabeth Denham, published a detailed update of her office’s investigation into the use of data analytics in political campaigns.

The report reveals that the ICO plans to fine Facebook £500,000 for breaches of the Data Protection Act.

The ICO has also said that it is taking steps to bring a criminal prosecution against SCL Elections Limited. While Cambridge Analytica has shut down, the ICO has already said that its directors can still be held liable and possibly criminally prosecuted.

Crucially, the ICO believes that in addition to breaching its own rules, Facebook also failed to ensure Cambridge Analytica had deleted its users’ personal data when requested. What’s more, while the ICO noted that Facebook had been the biggest recipient of digital advertising by political parties and campaigns to date, it said that the company had not done enough to explain to users they were being targeted as a consequence, or given people enough control over how their sensitive personal data was used. As a result, it seems that Facebook is guilty of two breaches of the Data Protection Act.

So, does this mean Facebook will be held to account?

No. The social media giant still has time to make any representations to the ICO before a final decision is made. However, by publishing a Notice of Intent, it is clear that the ICO is taking this matter very seriously. In fact, based on the evidence so far it looks likely that the ICO will issue Facebook with the maximum fine allowed under British law.

However, Facebook could still get away lightly, because if it had been fined under the new GDPR (General Data Protection Regulation), it could have been hit with a penalty of £479m. Indeed, the £500,000 fine is tiny when stacked up against the firm’s value of £445bn.

The impact on political parties

In its report, the ICO raised concerns about political parties buying personal information from data brokers.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections, was significant and has called for a code of practice to fix the system.

The ICO has also written to all the main political parties in the UK pressing them to have their data protection practices audited.

Who else is involved?

 Aggregate IQ

The ICO has said that Aggregate IQ (AIQ), a Canadian company which worked with the Vote Leave campaign in the run-up to the EU Referendum must stop processing UK citizens’ data. AIQ had access to UK voters’ personal data provided by Vote Leave and this information may have been transferred and accessed outside the UK. If so, this would be a breach of the Data Protection Act.

Emma’s Diary

The ICO also named Emma’s Diary; a company that gives medical advice and free baby-themed goods to parents who download an app. It appears that the company may have handed over data which was then used by the Labour Party to campaign to people. As a result, the ICO is about to take regulatory action against Lifecycle Marketing, the owner of the service.

Eldon Insurance Services

It has been alleged that the Leave campaign used the personal information of people on the Eldon Insurance and GoSkippy database on the run-up to the Brexit referendum.

Vote Leave

The ICO is looking into to what extent Vote Leave transferred the personal data of citizens outside the UK. It is likely that this was in a breach of the Data Protection Act.

Remain campaign

The ICO is investigating the collection and sharing of personal data by the official Remain campaign (Britain Stronger in Europe) and a linked data broker. In particular, it is examining inadequate third party consents and the fair processing statements used to collect personal data.

The University of Cambridge

The Psychometrics Centre at the University of Cambridge carries out research into social media profiles. As part of its investigation, the ICO is considering whether Cambridge University has “sufficient systems and processes in place to ensure that data collected by academics for research is appropriately safeguarded in its use and not re-used for commercial work.”

The ICO said that it expects the next stage of its investigation to be complete by the end of October.

 

cybercrime solicitors
,

Can you get your money back after a “push” fraud?

Last week, an article revealed the sad case of a widow who was conned into losing her mother’s care-home fees. In a highly-sophisticated cybercrime attack, the woman was defrauded of £20,000 in a so-called “push” scam.

What is push fraud?

Push fraud – also called authorised push payment (APP) scams – happen when criminals deceive individuals into sending them money. Because the victim believes the fraudster to be trustworthy and genuine, they authorise the handover of cash. The money is then quickly transferred by the fraudster to different accounts, often abroad, which makes getting it back almost impossible.

Common types of push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

While in many cases, the criminals involved might call hundreds of people in the hope of tricking someone, often these cybercrime scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them.

In this latest case, the criminal claimed to be from the Royal Bank of Scotland fraud team flagging up unusual transactions. The fraudsters ran through some security questions to extract the information they needed to access her online banking and rename her current account “frozen”. So, when the woman went to check via the proper channels, it did appear that her account had been locked. In a following call, she was then asked to move her balance to a new “protected” account. But when she called RBS to check the transfer went through okay, they knew nothing about it.

The rising problem of push fraud

The problem of transfer fraud is increasing in the UK. Indeed, according to consumer group Which? in the first two weeks after launching an online cybercrime reporting tool, more than 650 people came forward claiming a loss of over £5.5 million.

Overall, the latest official figures show that over £100 million was unknowingly handed over to criminals through push scams between January and June last year. Over this period around 17,000 people were victims of these scams, and they lost an average of £3,000 each.

How to protect yourself against push fraud

To keep you safe, UK Finance offers the following advice:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Don’t be rushed into handing over sensitive information, take the time to contact the company directly using a trusted email or phone number to check the request is genuine
  • Listen to your instincts. If something doesn’t feel right don’t be pressured into making a decision there and then
  • Never automatically click on a link in an unexpected email or text.

Are the banks liable?

According to the banks, they make it very clear that customers should never make a payment at the request of someone over the phone or email. So, while millions have been lost by unwitting victims, because the transfers were authorised, until now banks have been unable (or unwilling) to return nearly 74% of the money.

Don’t be fobbed off by the banks!

If you have been the victim of a push fraud and need help getting your money back, there is some good news. Under new plans, the regulator is coming down on the side of consumers and people tricked into transferring money directly to a fraudster can expect stronger protections.

A new industry code will be in place from September, helping victims of such scams to secure compensation. What this means in practice is that victims of push scams can be confident that any claim for reimbursement will be given fairer consideration.

If you want to claim compensation following a push payment scam or another type of cybercrime, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

 We can help you to claim compensation from the fraudster, your bank, and any organisation that may have put your data at risk (where this data was then used to facilitate a push scam).

Start your claim

facebook data
,

My data has been breached. What do I do?

At Hayes Connor Solicitors, we have considerable experience helping individuals whose data has been breached.

Each case is different, but as a first step we ask if you have reported the data breach to the Information Commissioner’s Office (the ICO). The ICO is the body which undertakes investigations on behalf of individuals into suspected data breaches. If found guilty, it is likely that they will take action against the company which committed the breach. And, at this stage, we often mount individual or groups actions against such organisations.

Find out more about making a data breach claim in our handy guide.

But, at Hayes Connor, we don’t just focus on compensation. In today’s digital world, your personal data is a valuable commodity. So, we want to do all we can to keep you, and your sensitive information as safe as possible.

So, if you have been the victim of a breach or cyber-attack, it is essential that you know your rights and how to protect yourself.

What to do immediately after a data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you should:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • Contact your bank and/or credit card providers immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.
  • If you are offered any form of compensation or free services from the organisation that put your data at risk it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date.

What to do if you need support following a data breach

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims of crime across the UK.

Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

At Hayes Connor Solicitors, we are working with Victim Support to help those affected by cybercrime and data breaches. Ultimately, we want to ensure that victims have access to the support they need when they need it, as well as raising awareness of the threat to keep people safe online.

If you need support following a data breach or cybercrime, Victim Support is on hand just to support you.

Find out more about our partnership with Victim Support.

Making a data breach compensation claim

If you want to make a data breach compensation claim, contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Organisations have a duty to protect your sensitive data. And letting other people access this is a complete failure of this responsibility. So, why shouldn’t you seek compensation for this inability to look after your information correctly if it has caused you financial harm or distress?

equifax data breach even worse
, ,

Equifax Data Hack UPDATE

Everyday we are receiving more and more calls from customers who have been affected by the Equifax data hack.

We are expecting an even bigger number after the christmas period as it can’t be confirmed that customers details haven’t got into the hands of dishonest organisations or people.

Some important advice regarding the Equifax data hack:

Firstly contact the ICO and ensure that they have your details on file.

The more people affected the more likely an investigation into equifax or your individual case will be carried out.

  • If this is done and Equifax are fined we can help you get compensation.

Secondly contact us – we will be able to keep your details (securely) and keep you up to date on the ICO action and the outcome of any investigation.

We will also be able to advise you on what to do whilst waiting for the ICO’s findings.

Once registered with us:

  • It’s important to keep a ‘diary’ or note of events since the hack – for example has your card been used without permission?
  • Are there transactions that you bank have picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email – With your name on? -I so create a folder and keep it – this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We will keep you updated about any new breaches via our facebook page and newsletter and also notify you when we know more about the equifax hack.

To register your claim today visit our secure data breach form