Posts

Stockport woman warns of sophisticated cyber-attacks following £35k loss

A Stockport woman is warning people to be vigilant when transferring large sums of money after falling victim to sophisticated payment fraud just nine days before Christmas in 2018 leaving her £35,000 out of pocket.

52-year-old Sally Flood had been looking forward to completing on an investment property for her children in time for Christmas with money inherited from her dad. A call from her bank however, left the family devastated as she realised that she had been victim to sophisticated fraud.

A careers adviser at a secondary school in Stockport, Sally Flood said: “I was looking forward to completing on a property I planned to purchase as an investment for my children with money left to me by my dad. It was close to Christmas and I was keen to complete quickly. When I received an email from my solicitor asking for a transfer of funds, I transferred the first instalment then I contacted one of the ladies at the office via email to check that the funds had been received. I received an email back confirming receipt of the first payment.

“I then proceeded to transfer the remainder completely unaware that it was a scam. My heart sank when the bank called to query the transactions as a discrepancy in the solicitor’s details had been picked up. I phoned my solicitor straight away only to have them confirm that they had discovered a day earlier that their system had been hacked. It was an extremely difficult Christmas for the family and we still feel like our lives are on hold now.”

Sally’s solicitor Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor, said: “Fraudsters are increasingly sophisticated and the emails sent to my client were very authentic containing details of the property being purchased and the desired date of completion so Mrs Flood had no reason to question it or anticipate that it may have been fake.

“They had successfully hacked her solicitor’s email system and were able to read details of the planned purchase and were aware that my client was keen to complete before Christmas. They swooped on the opportunity to take advantage and succeeded in illegally obtaining the total amount of £96,000 intended for the property purchase.

“We investigated the crime and succeeded in retrieving £57,000 from Mrs Flood’s conveyancing solicitor as it was responsible for the lack of robust security measures on its system. Our client is still significantly out of pocket however.

“Unfortunately, as the incident took place before new consumer protection rights were introduced at the end of May 2019 via the new Voluntary Code of Conduct, it will be extremely difficult to retrieve the remaining stolen monies.”

Continuing, Sally Flood commented: “Our lives have been on hold since this happened. I still blame myself and feel very anxious and upset. It’s a lot of money to lose and it’s even more upsetting because it was money left to us by my dad and was supposed to be for our children’s future.

“The first email asking for the funds transfer looked very authentic. When I received a second email, in response to mine, confirming receipt of the first transfer from my solicitor, I naturally felt reassured and made a further payment.

“The fraudsters banked with Lloyds and while the bank was able to refund an unspent £4,000 from their account, I have been advised that they are unable to retrieve the remaining £35,000 which is still a lot of money for most ordinary families.”

Kingsley Hayes continued: “Although consumers now have greater protection rights under the Code of Conduct if their bank is signed up to it, extra caution is advised as fraudsters become increasingly sophisticated. According to Finance UK, £354 million was lost to payment fraud during 2018, 93% of victims were individuals who lost a total of £228 million.

“While the new Code of Conduct provides greater consumer protection, it doesn’t mean that victims are guaranteed to get all their money back as fraudsters deploy complex tactics including quickly removing stolen funds to overseas accounts making it very difficult to retrieve, if at all.”

 

 

The Guardian, 29th February 2020

We talked to The Guardian to highlight the dangers of push payment fraud after our client lost £95,000 to fraudsters. We successfully recovered nearly two thirds of her stolen monies after fraudsters hacked her solicitor.

Data protection at the forefront in the lead up to general election

Robust cybersecurity is front of stage again as news of two attempted cyber attacks on Labour were exposed.

The party has claimed that no personal data has been breached in what has been described as “large scale and sophisticated” attacks. Read more

,

Have you been affected by the GateHub cryptocurrency data breach?

Cryptocurrency wallet service GateHub has been involved in a huge data hack. In this case, it is reported that cybercriminals managed to steal 24 million XRP Tokens (commonly referred to as ‘Ripple’) from more than 200 individual GateHub user accounts. In total, the theft is thought to be valued at over $US 10 million.

Media reports suggest that there were between 80 and 90 victims, however, we suspect there could be many more – including UK residents. In some cases, the losses for a single victim run to six-figures.

What happened in the GateHub cryptocurrency data breach?

In June 2019, a statement published on the GateHub blog admitted that some customers had had their ledger wallets hacked and funds stolen. GateHub offers a digital wallet to store cryptocurrencies. It claims that its customers’ money is “always safe and 100% backed” and that, as a company, it is “deeply committed to protecting your personal data”.

The GateHub statement said:

Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity and conducted an extensive internal investigation.

Although we have not identified any action or omission by GateHub that may have facilitated or allowed this apparent theft to occur, we apologize deeply to all of our customers for this issue and pledge to get to the bottom of it.

We already sent out an email to all users that might be affected as a result of suspicious API calls with instructions on how to protect their funds.

If you have received an email from us, please read it carefully and act accordingly. IMMEDIATELY transfer all of your existing balance from XRP Ledger wallets to a hosted wallet. You can find instructions on how to do so here.

If you have not received an email from us, then we have no reason to believe your account was compromised.

While the investigation is still underway and we can not post any official conclusions just yet here are a couple of findings so far.

API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing.

We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys.

That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.

All access tokens were disabled on June 1st after which the suspicious API calls were stopped.

At the moment we estimate that approximately 100 XRP Ledger wallets were compromised. So far it looks like all the victims had their XRP Ledger wallets hosted on GateHub, but we cannot yet rule out that some wallets were not.

To conclude the investigation as soon as possible, we are working closely with a professional IT forensics team to determine whether our system was compromised or not.

Appropriate Law Enforcement Agencies were also notified about these thefts, and we will work diligently with them to help track the perpetrator who did this.

We will post an official statement after the internal investigation has been completed.

Last but not least, we would like to thank the community for offering continuous help.

Can you get your money back for the GateHub hack?

If it can be shown that inadequate security at GateHub made this hack possible, people affected by the cryptocurrency data breach may be able to claim compensation.

Despite common belief, cryptocurrency crimes do not represent an investigative dead-end. We work with leading technical specialists to investigate cryptocurrency cases and secure justice for victims. These specialists help us to:

  • Understand and evidence how such crimes occurred (including the extent to which any party was negligent)
  • Assess damages
  • Identify offenders
  • Recover assets.

GateHub has already sent out an email to all users that might be affected by the hack. If you are one of the victims, you can find out more about making a cryptocurrency compensation claim here.

Read our GateHub cryptocurrency wallet data breach FAQs to find out more. 

How to protect yourself from cryptocurrency fraud.

Anyone entering the cryptocurrency market must take steps to avoid becoming a victim of theft. This includes:

  • Keeping private keys safe and secret. Whoever knows your private key can access and spend/move your cryptocurrency
  • Keeping your wealth private. This will make you less likely to become the victim of a hack, extortion or ransom attack
  • Practising good online security practices (e.g. password management, protection from viruses and malware, not clicking on dodgy links, etc.)
  • Understanding that Exchanges are not secure and, as such, have become a particular target of crypto thieves
  • Not storing too much in desktop or mobile wallets as these are susceptible to hackers
  • Using a paper wallet (offline wallet). Because they are offline, they are less vulnerable to attacks. There are paper wallet generators to help you to do this
  • Using a hardware wallet. These are more secure than desktop or mobile wallets (hot wallets) and are only accessible with your private key
  • Splitting your wealth into different wallets to reduce the damage should your wallet become vulnerable
  • Being wary of any offers to buy your crypto assets at way over the market price. There are examples of such transactions taking place face-to-face with sellers being coerced into making the transfer without payment. If it sounds too good to be true, it probably is.

How can Hayes Connor Solicitors help?

If you have been a victim of the GateHub cryptocurrency data breach we are here to help – whether or not you are a UK resident.

Our professional, friendly team will be pleased to answer any questions you might have about making a claim against GateHub. We will also go through your options and let you know about our NO WIN, NO FEE agreements.

We understand that making a compensation claim can be stressful; especially where you have already been the victim of a crime. That’s why we make sure you always know what’s happening and remove the jargon from the process.

Our process is fully compliant with data protection requirements, and we never put your details at risk.

START YOUR CLAIM

 

 

 

Data breaches are a “time bomb”
, ,

Data breaches are a “time bomb”

Earlier this week, a leading security expert warned that data breaches are a now a “time bomb”. This is because too many companies are putting confidential customer information at risk.

The comments were made to the BBC by Bryan Sartin. Bryan is head of global security service at telecommunications company Verizon. They were made following the publication of a report which analysed thousands of successful cyber-attacks.

The annual Verizon Data Breach Investigations Report (DBIR) collated information from more than 41,686 security incidents, of which 2,013 were confirmed data breaches that hit large and small organisations all over the world.

Sartin, said he was “surprised” more breaches had not become public and suggested that there are “probably some big situations queuing up right now”.

Key findings

Significant findings of the 2019 report include:

  • 52% of breaches were caused by hacking
  • 33% of breaches were caused by social engineering attacks. This is where people are manipulated into breaking normal security procedures in order for criminals to gain access to systems
  • Cyber thieves are increasingly and proactively targeting C-level executives
  • 71% of breaches were financially motivated
  • 25% of all violations were associated with espionage
  • 29% of breaches involved stolen credentials.
  • 56% of breaches took months, or even longer to discover.

What can we learn from this report?

UK companies that lose data face fines of up to 4% of their global revenues under current data protection law. Organisations are at greater risk of penalties if they delay reporting data breaches. And/or if they are found to have failed to protect personal data or clean up after a breach. So, it’s important that they take the threat of cyber-attacks very seriously.

Speaking about the latest findings, Hayes Connor managing director and data protection heavyweight Kingsley Hayes added his insight on this matter.

He said:

“Unfortunately, reports of a data breach time bomb are not exaggerated. In fact, we’ve been warning organisations about the level of risk they are exposed to since before GDPR.

“Having received thousands of enquiries from customers who have suffered as a direct result of a data breach caused by a cyber attack in the last twelve months alone, it has become clear to us that this is just the tip of the iceberg. And, disturbingly, the response provided by many of these organisations falls short of what we would expect. Businesses must do more to meet their data privacy responsibilities and provide adequate redress where they fail to do so, or risk increased compensation claims.

“But it’s also vital to highlight, that the vast majority of data breaches are not caused by cybercriminals, but by simple human errors and a failure to ensure robust security processes. And every day, these smaller data breaches are causing misery and upset to people across the UK.

“So, when it comes to data breaches, it’s just as important that businesses look at the threat from within, as well as putting measures in place to protect themselves from the bad guys.”

cybercrime claims
,

UK banking customers at risk as scammers steal half-a-billion pounds

Financial cybercrime and data breaches are on the rise. In fact, retail banking saw 2400% more data breach reports last year than the year before, with a whopping £500m stolen from British banking customers in the first six months alone. So, if you have been a victim of a financial scam or fraud, can you make a cybercrime claim?

Push payment scams

Millions are being lost due to authorised push payment (APP) scams. A push payment scam happens when a cybercriminal tricks someone into sending them money online.

Typical push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Impersonation scams where cybercriminals pretended to be from a trusted body (e.g. a bank or the police) to trick account holders into transferring money
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

Ultimately, the aim is to trick you into thinking you are making a payment to someone you can trust (e.g. bank staff or lawyers).

Historically, banks have avoided paying push payment fraud compensation to victims. However, there are protections to help victims of push payment scams to secure compensation. In fact, your bank can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness. Where a bank refuses compensation, you can take your case to the Financial Ombudsman service.

What’s more, cyber-criminals often get access to your data because the necessary security processes are not in place. If you have become the victim of push payment fraud because of the negligence of your bank (or any other organisation), you may be able to make a cybercrime claim for compensation.

Bank/credit card takeover fraud

Takeover fraud happens when a criminal uses another person’s account information (e.g. a credit card number) to buy products and services. Takeover fraud is also used by scammers to extract funds from a person’s bank account. Because the financial institution believes the fraudster to be genuine, they authorise the handover of cash.

If you want to make a cybercrime claim for compensation following a takeover scam Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

How to protect yourself from financial fraud

UK Finance offers the following advice:

  • Never disclose security details, such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret.

There are also some security measures you should take after a financial data breach to stop yourself from falling victim to further crime. These include:

  • Contacting your bank/credit card provider immediately
  • Freezing your card right away (via your banking app if available)
  • Changing your passwords and other security details
  • Implementing a credit freeze until the matter is resolved
  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise (and reporting these to your financial provider immediately)
  • Letting the credit reference agencies know of any activity that was not down to you
  • Registering with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

Can victims of bank fraud get their money back?

According to a spokesperson from consumer group Which? the banks’ efforts to tackle fraud has been “woefully insufficient”. He said: “They have not done enough to protect their customers, who continue to lose life-changing sums of money to ever-more sophisticated crooks”.

While unauthorised fraud victims are usually refunded by their banks, until now, most victims of push-payment scams do not get their money back.

However, the industry has recently introduced new safeguards to help victims of push payment scams to secure compensation as well as a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

This means that victims of push payment fraud can be confident that any claim for reimbursement will be given fairer and quicker consideration.

In fact, your bank can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness.

Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation. Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

Get legal help making a cybercrime claim

If you want to claim compensation following a push payment (or any other form of cyber-scam or bank fraud), Hayes Connor can help.

Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making a cybercrime claim, it’s essential to act now.

START YOUR CYBERCRIME CLAIM TODAY

 

What can you do if your bank refuses to reimburse you following a Push Payment Scam?
, ,

What can you do if your bank refuses to reimburse you following a Push Payment Scam?

A push payment scam happens when a cybercriminal tricks someone into sending them money online. And it’s more common than you might think. In fact, in 2017, UK bank customers lost more than £236m due to push-payment scams.

In most cases, the push payment scam is successful because the victim believes the fraudster to be genuine. For example, scammers often call people up claiming to be the police or the bank. They might state that someone is at risk of a security threat, and that they are calling to help stop it. In other cases, an email with an address that looks genuine could request payment (e.g. from a solicitor or tradesperson).

The money lost due to push payment scams can be devastating. For example, a mother and daughter In Kent were tricked out of their life savings after unknowingly transferring £113,665 to a criminal, rather than their solicitor.

Another woman was conned into losing her mother’s care-home fees after a criminal claiming to be from her bank’s fraud team flagged up unusual transactions on her bank account. The fraudsters ran through some security questions and extracted the information they needed to access her account and rename her current account “frozen”. When the woman went to check online, it did appear that her account had been locked. She was then asked to move her balance to a new “protected” account. However, when she called her bank to check the transfer had gone through, they knew nothing about it.

Historically, banks and other organisations have avoided paying push payment scam compensation to victims. And, because payments have been authorised by the customer, there has been little chance of redress.

So, can you get compensation for a push payment scam?

If you have been the victim of a push payment scam and need help getting your money back, there is some good news.

The industry has recently introduced stronger protections to help victims of push payment scams to secure compensation. It has also set out a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

What this means is that you can be confident that any claim for reimbursement will be given fairer and quicker consideration. And that your bank (or another financial provider) can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness. Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation.

Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

If you want to claim compensation following a push payment scam, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward push payment scam case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making push payment fraud compensation claims, it’s essential to act now.

START YOUR CLAIM TODAY


We are also considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.

JOIN OUR GROUP ACTION CLAIM 

data compensation
, ,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW

,

Data protection complaints increase by almost 50% in three months

According to the Information Commissioner’s Office (ICO), the number of reported data protection complaints has almost doubled since April this year. The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.

The stats show that:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

In total, there were 957 reported data security incidents in Q4 2018. Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

Worryingly, reported cybersecurity incidents also increased by 31% over the same period. Overall, general business, education and local government were the sectors with the most reported data breaches (the figures exclude the health sector).

Commenting on the changes since the introduction of the GDPR, a spokeswoman for the ICO said: “It’s early days and we will collate, analyse and publish official statistics in due course. But generally, as anticipated, we have seen a rise in personal data breach reports from organisations.

“Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

A rise in data breach awareness

The stats indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months.

For example, at Hayes Connor Solicitors we are involved in the following cases:

 

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

 

If you have been affected by any of these data protection cases, or if you want to make a data breach compensation claim against another organisation, let us know.

At Hayes Connor Solicitors, we’ve been helping people to get the justice they deserve for over 50 years, so we know what it takes to make a successful data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

START A DATA BREACH CLAIM

 

,

Massive Timehop data breach affects 21 million users!

Popular app Timehop, which highlights old social media posts, has been the victim of a colossal data hack. The breach has exposed the private details of more than 21 million users. Most of the data included usernames and email addresses. However, one in five affected users (that’s 4.7 million people) may have also had their phone number compromised.

A spokesperson for Timehop has admitted that its users’ data was able to be stolen because it didn’t use two-factor authentication (2FA) on its cloud computing login.

The attack was discovered on July 4th and stopped in just over two hours. However while Timehop uncovered the breach while it was happening, and was able to halt it, the firm admits that “data was taken”.

A statement on Timehop’s website says that: “Some data was breached. These include names, email addresses, and some phone numbers. This affects some 21 million of our users. No private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected.”

An investigation into the incident is also looking at “the possibility of any earlier ones that may have occurred”.

Timehop has also suggested that: “If you used a phone number for login, then Timehop would have had your phone number. It is recommended that you take additional security precautions with your cellular provider to ensure that your number cannot be ported.”

The firm has also admitted that “access tokens” provided to Timehop by social media providers were also stolen. These tokens “could allow a malicious actor to view without permission some of your social media posts”. Furthermore, while there is no evidence that this has happened, it was possible that unauthorised users could have accessed those posts.

Timehop is said to be aggressively and proactively notifying its users, partners, and customers about the breach, and all European users should have been contacted.

What should you do now?

While it is not yet clear if cybercriminals will use the stolen data, Timehop clearly failed to put necessary security measures in place to keep its users safe. And, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. So it’s vital to hold them to account.

To start a compensation claim following the Timehop data breach, register with Hayes Connor Solicitors. We will keep you updated as this case progresses and let you know if and when you can claim.

It doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

It is also essential to keep a ‘diary’ or note of events since the hack. This should include things like:

  • Whether your card been used without permission
  • If there are any transactions that your bank has picked up that you haven’t made
  • If you are getting more spam or junk email with your name on it
  • Are you getting more spam calls or messages
  • If you are anxious or worried at the thought of people being able to access your data.

 

REGISTER NOW