Posts

employment data breach
, ,

How Hayes Connor helps our clients after an employment data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is the employment data breach.

Here are just some of the employment data breath cases we have helped our clients with recently.

Breach of data leading to employment dispute     

Our client was referred to a qualified third-party for a standard workplace assessment. This assessment was designed to make sure she had everything she needed to reach her full potential in her job. However, the party conducting the evaluation added sensitive personal information about her to their report and gave this to her employer.

This information was not relevant to the assessment. Worse, it led to a dispute between our client and her employer over the disclosures she made while applying for her job.

In response, our client made a data breach claim against the workplace assessment provider. As well as claiming for the initial breach of her sensitive information, she also claimed damages for the loss and injury she suffered by the infringement when this knowledge was used against her.

Employment data breach leads to increase in unwanted spam

Our client was the subject of a data breach when his employer was hacked, and his personal and sensitive financial information was put at risk.

As a direct result of that hack, our client was subsequently bombarded with unwanted spam calls and text messages, some of which became quite personal. This proved to be very distressing and resulted in him and his family suffering from distress and worry. Our client was diagnosed with an anxiety-related psychological condition that would require treatment to help him fully recover.

As the spam could be traced back to the original data hack, he was able to claim for the breach of his data and the injury caused.

Help is needed after an employment data breach  

Today, such unlawful disclosures are all too familiar, and in such cases, this can result in complex anxiety and stress.

But in such situations, you can claim damages for any psychological injuries caused by the breach of your personal data. If you find yourself suffering, make sure you seek appropriate medical attention as soon as any symptoms arise so that the impact can be adequately assessed.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following an employment data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making an employment data breach compensation claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it. And we will make sure that your employment rights are protected during and after any claim against an employer.

Our professional, friendly team will advise you on whether you have a valid claim against an employer (or third-party). If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.

 

local authority breach
, ,

How Hayes Connor helps our clients after a local authority data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is local authority data breaches.

The public sector is privy to a wide range of our sensitive information, and this data is regularly shared between organisations and departments as part of modern governance and the delivery of public services. But, with data breaches on the rise, government bodies must do more to improve cybersecurity.

Here are just some of the local authority data breath cases we have helped our clients with recently.

Copy of a court order sent to the wrong postal address

In this data breach, a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.

Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened and after talking to the neighbour it soon became clear that it had also been read.

What’s more, when the letter was passed to the right house, it wasn’t handed to the right person. Because it was opened, it was then read by another member of the family who became distressed at the contents. This went on to cause difficulties in the family.

As a direct response of a seemingly small admin error when posting the letter, this data breach has caused considerable distress, upset and embarrassment to our client and his family. Not only did our client have to explain a sensitive situation to his family in more detail than might otherwise have been necessary, but his neighbours are also aware of a very private and sensitive situation. One which has been talked about within the small local community where he lives.

As such the consequences of the error and the impact on his mental health were far-reaching.

Woman’s driving licence shared without her permission by a local council

The secretary of a committee informed our client that the local council had emailed them a copy of her driving license.

Concerned that her data had been breached, our client searched online for a data breach solicitor and then emailed Hayes Connor to find out if we thought the case was worth taking on. We agreed that her data had been breached and took her case on a no-win, no-fee basis. We sent her a detailed questionnaire which she filled out and returned along with some supporting documents so we could prepare her case.

Next, we instructed our appointed barrister to provide expert advice on her prospects of success and the amount of compensation she was entitled to for the data breach.

Then we sent a letter before action (LBA) to the council. The LBA let the local authority know that we would be starting proceedings against it and we were very serious about getting her the compensation she deserved for the distress caused by the violation.

The council responded, attempting to justify why it felt her claim was not valid. However, we replied setting out why it was, and we requested that they supply a number of documents as evidence. We also sent a ‘Part 36’ offer to the authority. This is designed to encourage parties to settle disputes without going to trial. This offer was accepted.

Commenting on her experience, our client said: “Highly professional and very informative, every step of the way. Also been very helpful! After this experience I can’t think of anything at all that could improve your service. Everything was explained to myself in a straightforward way, and I certainly would recommend Hayes Connor, without a doubt! Absolutely fantastic!”

Help is needed after a local authority data breach

As central and local government becomes digital, it is vital that there are adequate and robust protections in place to secure the data and information held within it. And that public sector staff have the knowledge and ability to handle such data securely. But all too often this isn’t happening.  And, as you can see, the result of not looking after personal information properly could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a local authority data breach compensation claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

Our professional, friendly team will advise you on whether you have a valid claim against a local council, department or other government body. If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

 

Contact us today for a free initial assessment.

 

faqs about hcs
, , ,

FAQs about HCS

Here at Hayes Connor Solicitors, our core aim is to help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences.

To give you an idea about how we do this, here are some of the most common questions we get asked about our firm and the work we do.

Cybercrime is quite new. How can Hayes Connor Solicitors be compensation experts?

Over the past year, our firm has established itself as the only niche provider of legal services in this area. A relatively new and evolving area of law, this is all we do, and we have become a true specialist in data breach law. As such, we lead our field when it comes to understanding the complexities involved.

But before that, we worked on different types of compensation claims. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you. Both in terms of damages achieved and service delivered.

What type of cybercrime and data breach cases do Hayes Connor Solicitors do?

At Hayes Connor, our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways. There are two main ways we get compensation for our clients:

Group actions

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. However, in many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

Find out more about our NO WIN, NO FEE group actions.

Individual cases

In most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be devastating.

Take a look at our case studies to see how we are helping people across the UK to win the compensation they deserve – often on a NO WIN, NO FEE basis.

Will Hayes Connor Solicitors keep my data safe?

Absolutely. We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you.

Once we have your details, we treat these with the utmost care, compassion, and privacy.  We never pass on these details to third parties for marketing purposes – or indeed for any other reason without express permission. This commitment to ensuring our customers’ peace of mind is absolute.

As well as making sure all personal details are protected/confidential, we also deal with all enquiries sensitively and professionally, and we never ask unnecessary or intrusive questions.

Is it difficult to make a data breach or cybercrime compensation claim?

At Hayes Connor Solicitors, we understand that making a compensation claim can be stressful. As such, we’ve created a handy step-by-step guide to help explain the process.

Read our step-by-step guide to making a data breach claim.

Also, we understand that you want a fast, efficient, no-nonsense service – and that’s precisely how we deliver legal services to our clients. As such, we use the latest technology and a highly-trained team to provide excellence of service.

How much do Hayes Connor Solicitors charge to make a data breach or cybercrime compensation claim?

Access to professional legal advice is a fundamental right. That’s why it’s important that everyone can afford to make a data breach or cybercrime compensation claim should they need to.

Removing the financial risk, at Hayes Connor Solicitors, we provide our services on a no-win, no-fee basis to help our clients get the compensation they deserve. But what does this actually mean and are there really no costs if you appoint us?

Read our ‘Explaining No Win, No Fee’ guide.

Can’t I just make a claim without a solicitor?

You can make a data breach or cybercrime claim on your own. What’s more, if you go ahead and no settlement is reached, you can even represent yourself in court. In fact, the number of people doing this in recent years has increased.

The legal term for representing yourself this way is called ‘litigating in person’ (LiP). However, while there has been a rise in the number of people doing this, this is often because they don’t think they have any choice due to a lack of alternative funding options.

At Hayes Connor, we believe that the best way to make organisations pay for their failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

Firstly we have the legal expertise needed to take on big players such as Ticketmaster, Dixons Carphone and Equifax. And, where enough people come forward, we might even launch a group action against a company.

We believe that a group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team will get the results you deserve.

On the other hand, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession, and this could ultimately see you lose out financially as a result.

Crucially, we deal with all breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

How much will Hayes Connor Solicitors charge me if I win?

To cover our costs, if we win your claim, we will charge a success fee. This is capped at 25% of any compensation you receive. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

In some larger group actions, we expect to be paid by the offending party and might even be able to work at no charge to you. This means, when you win, unlike with a claims management company, you could receive 100% of the compensation awarded to you.

Will you explain everything in plain English?

Absolutely, we are committed to keeping you informed, every step of the way. In fact, we have created loads of content to ensure you always know what’s happening.

We do this because we want our clients to have as much information as possible before making a claim so that they feel fully informed at all times. Through this approach, we ensure that the process of making a data breach claim is understood, straightforward and stress-free.

Read our latest News & Resources.

Will you pressure me into making a data breach or cybercrime compensation claim?

No way. We hate spam and pushy lawyers!

At Hayes Connor Solicitors, we only ever deal with organic enquiries. We never buy data, cold call, or send spam texts or emails. Even our PPC campaigns are monitored to reduce the spam effect, and we never pressure anyone into making a claim. We feel this is essential when it comes to protecting our clients, and upholding the standards of the legal profession.

Will you help me to recover from a data breach or cybercrime?

Yes of course. This is why we believe that it’s vital that people seek compensation to help them get their lives back on track as soon as possible. But we don’t believe that our obligation to our clients stops there. So, we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

We also work with Victim Support to help those affected by cybercrime and data breaches. The partnership sees us provide the charity with regular expertise and advice on its legal content.

Monzo Data Breach
,

Is Monzo Bank losing its shine after a series of data breaches?

Monzo was heaped with praise after the challenger bank warned Ticketmaster that customers might be at risk. Long before the high-profile data breach was uncovered at the ticket sales company. Ticketmaster failed to take these warnings seriously. Despite Monzo’s caution that some customers were experiencing fraudulent transactions on their accounts after buying tickets from the online merchant.  But, the satisfaction of being the latest data security darling didn’t last long. Mainly because, shortly after Monzo called Ticketmaster out for its failures, the bank suffered a severe data breach of its own.

In this case, the personal details of 20,000 of its customers were lifted from a third-party survey. And, making matters worse for Monzo, earlier this month it was revealed that nearly half a million customers had to reset their PINs after information was left in an insecure file.

So, has the shine really gone from Monzo bank?

Data protection heavyweight and managing director at Hayes Connor Solicitors, Kingsley Hayes certainly thinks so. Commenting on the ongoing Monzo saga, he said:

“All that glitters isn’t gold, and this certainly seems to be the case with Monzo bank”.

What happened in the Monzo data breaches?

Monzo data breach number one

In July 2018, Monzo reported that it had fallen victim to cyber crooks after attackers found a weakness in Typeform’s (a third -party survey supplier) security. In total, around 20,000 customers had their email addresses stolen. A smaller number also had additional information, such as postcodes and names of previous banks exposed.

Speaking about this case, Kingsley said:

“Despite the breach, Monzo escaped largely unscathed from reputational damage. Mainly because Monzo gave its customers as much information as possible as quickly as possible. This is vital when it comes to helping customers protect themselves from further damage following a privacy violation. However, as details about another breach now come to light, it’s unlikely that customers will be as forgiving a second time around”.

Monzo data breach number two

According to a new Monzo blog post, because of a failure in internal security processes, 480,000 customers PINs were theoretically accessible to employees at Monzo for months. And, as a result, half a million customers have now been advised to change their PINs.

Also, while Monzo claims that the PINs were encrypted, when talking to Wired, cyber security Marios Kyriacou said:“at this point, we do not know what ‘encrypted’ means. Given that PINs are made up of four digits, it wouldn’t be difficult to decrypt these and find out what the real PINs were.”

Adding his expertise to this matter, Kingsley commented:

“As this is the second data breach experienced by the bank, victims of the privacy violation are now rightly angry. Keeping everyone informed is all well and good, but Monzo would do better if it didn’t put its customers at risk of financial fraud, identity theft, and emotional distress in the first place.

“Also, unlike the previous cyber-attack, this failure is 100% down to Monzo. No cybercriminals or third-parties were involved. So, customers are left wondering whether Monzo’s internal security procedures are up to scratch. It certainly doesn’t look like they are.”

Holding Monzo to account

Kingsley added:

“Monzo has a duty to protect your personal information. Regardless of whether we are talking about a cyber-attack or a failure in security processes. So, if you have suffered damage or distress as a result of a Monzo data breach, you have a right to claim compensation.

“With data breaches on the rise, something has to be done to make big companies accountable for data losses. So, claiming compensation isn’t just in your best interests; it could be the only way to ensure that businesses everywhere implement more secure processes.

“At Hayes Connor Solicitors, we are already holding Ticketmaster to account for its failings, and we are ready to do the same for Monzo. Our process is fully compliant with ICO guidance, and we never put your details at risk.

“What’s more, as well as helping you to claim compensation, we also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.”

If you’d like to find out more, contact us today for advice and help.

REGISTER NOW

 

, ,

What kind of data protection breaches can we help you with?

At Hayes Connor Solicitors, we help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences. Our experts deal with a significant volume of data breach cases each day. And, during our work, we see how data breaches can affect people in different ways.

There are two main ways we get compensation for our clients.

1. Individual data protection breaches

In most cases, data breaches aren’t caused by scammers trying to hack big businesses. They are caused by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be just as devastating.

What can happen when sensitive information gets sent to the wrong address?

For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

In this data breach, a local authority sent a copy of a court order containing confidential personal information about a father (our client) and his daughter to the wrong postal address.

Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened. And after talking to the neighbour, it became apparent that it had also been read.

What’s more, when the letter was passed to the right house, it wasn’t handed to the right person. Because it was opened, it was then read by another member of the family. They became distressed at the contents. This went on to cause difficulties in the family.

As a result of a seemingly small admin error when posting the letter, this data breach has caused considerable distress, upset and embarrassment to our client and his family. He had to explain a sensitive situation to his family in more detail than would otherwise have been necessary. And, his neighbours became aware of a very private and sensitive situation. One which has been talked about within the small local community where he lives. As such, the consequences of the error were far-reaching.

Breach of data leading to an employment dispute

In another case, our client was referred to a third-party for a standard workplace assessment. This assessment was designed to make sure she had everything she needed to reach her full potential in her job. However, the party conducting the evaluation added sensitive personal information about her to their report and gave this to her employer.

This information was not relevant to the assessment our client undertook. Worse, it led to a dispute between her and her employer over the disclosures she made while applying for her job.

In response, our client made a data breach claim against the workplace assessment provider. As well as claiming for the initial breach of her sensitive information, she also claimed damages for the loss and injury she suffered by the infringement when this knowledge was used against her.

2. Data protection breaches group actions

In many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

With a group action claim, this group of people (the claimants) collectively bring their cases to court against a defendant. These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

At the moment, we have launched (or are considering launching) group action claims against the following companies:

  • Amazon
  • British Airways
  • Dixons Carphone Warehouse
  • Equifax
  • Marriott International Group
  • TeamSport Indoor Karting
  • The Police Federation of England and Wales (PFEW).

Find out more about our NO WIN, NO FEE group actions.

Helping our clients get the compensation they deserve

These are just some examples of the types of data breach cases we deal with every day. And, as you can see, these are serious cases that often put people’s mental health and even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Find out more about making a data breach claim with Hayes Connor Solicitors.

Or, for more advice on how to keep your data safe, follow us on Twitter and Facebook.

 

ba data breach
, , ,

What evidence do you need to join the BA data breach?

The ICO has announced plans to fine British Airways (BA) a whopping £183.93 million for its 2018 data breach. As a result of the data hack, almost 400,000 British Airways customers had their personal details and bank cards stolen. Enough details were exposed to make the threat of cybercrime a real possibility. Many banks had to cancel and re-issue cards as a result of the breach.

And, while cybercriminals caused the breach, the ICO is coming down strong on BA. This is because the privacy violation was only possible due to inadequate security arrangements at the airline.

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. As such, we have launched a group action to help victims of the BA data breach to get the compensation they deserve for their losses. And, we are currently collating valuable information about how this privacy violation has affected people to help us make the strongest claim possible.

What do you need to join our BA data breach?

To join our BA group action, we need evidence that your data was put at risk by the data breach. British Airways claims that it has emailed everyone involved in the violation, so if you still have that email, we can use that to start your claim.

However, in some cases, victims of the British Airways breach may not have received this email. For example, it might have gone into your spam folder. As such, we would advise you to check to make sure you haven’t received an email from the company (but do not click on any suspicious links).

Of course, if the email did go into your spam folder, it may have already been automatically deleted. If this is the case, you will need to provide alternative evidence.

If you haven’t got the email from BA, you can provide:

  • Evidence that you purchased tickets from BA on or between 22.58 on the 21st August 2018 and 21.45 on the 5th September 2018. Only people who bought tickets during this specific timeframe were impacted by the data breach
  • Evidence of any fraudulent transactions/attempts/alerts/cancelled cards that relate specifically to the card you used to purchase tickets from BA
  • Confirmation that, as far as you are aware, your card was not put at risk by another data breach.

What if you haven’t suffered any losses?

If you did use your card to purchase tickets during the above period, but haven’t yet been the victim of any fraudulent activity, this doesn’t mean that you are safe. Often data stolen by cybercriminals is used in batches over time. So, the losses incurred by a data breach are not always immediately apparent.

As such, if you used your card during the affected period, and are worried that you could be at risk, you can still let us know.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, our BA group action allows people affected by this breach to bring a claim on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

REGISTER NOW

Lancaster University data breach. What do we know?
, ,

Lancaster University data breach. What do we know?

Lancaster University has become the latest organisation to suffer at the hands of cybercriminals after a “sophisticated and malicious phishing attack”. The university, which offers a GCHQ-accredited degree in security, is now withdrawing non-business-critical access to a breached student database. However, questions must be asked over why this is only happening now – more than a week after the Lancaster University data hack took place.

What happened in the Lancaster University data breach?

The Lancaster University data breach has affected between 12,000 and 20,000 people. This includes undergraduate applicants for 2019 and 2010, as well as some current students. The personal information accessed includes names, addresses, phone numbers and email addresses. Worryingly, the university has also admitted that fraudulent invoices “had been sent to some undergraduate applicants”.

Find out more about phishing scams. And what you can do if you have received a fake invoice claiming to be from Lancaster University.

The student and applicant records database hit by the data breach (LUSI) was developed in-house. It has been operational for about five years.

A spokesperson for the university said: “In response to the recent cyber incident, we are taking steps to enhance the security of all University systems. We are therefore in the process of limiting users’ access to data and functionality in LUSI.”

Have you been affected by the Lancaster University data breach?

In a prepared statement, the university said:

“Lancaster University has been subject to a sophisticated and malicious cyber-attack which has resulted in breaches of student and applicant data. The matter has been reported to law enforcement agencies and we are now working closely with them.

We are aware of two breaches of data:

  1. Undergraduate student applicant data records for 2019 and 2020 entry have been accessed. This includes information such as their name, address, telephone number, and email address. We are aware that fraudulent invoices are being sent to some undergraduate applicants. We have alerted applicants to be aware of any suspicious approaches.
  2. A breach has also occurred of our student records system and at the present time we know of a very small number of students who have had their record and ID documents accessed. We are contacting those students to advise them what to do.

We acted as soon as we became aware that Lancaster was the source of the breach on Friday and established an incident team to handle the situation. It was immediately reported to the Information Commissioner’s Office. Since Friday we have focused on safeguarding our IT systems and identifying and advising students and applicants who have been affected. This work of our incident team is ongoing as is the investigation by law enforcement agencies.

We are advising applicants, students and staff to contact us if they receive any suspicious communications via email: admissions-advice@lancaster.ac.uk or phone: 01524 510044.

Because this is a live investigation we will not be making any further comment at this stage.”

Has Lancaster University made a bad situation worse?

A suspect has been arrested following the data hack. However, this does not justify the university not taking measures to revoke access to the compromised system before now.

Cybercrime attacks have become increasingly difficult to avoid. But, all too often, they are only successful because an organisation has not put the necessary prevention methods in place to keep data safe. To make matters worse, many are falling short of what we would expect when a failure in data privacy occurs.

At Hayes Connor Solicitors, our experience shows that the quicker such incidents are responded to and security tightened following a cyberattack, the better. Leaving compromised systems exposed is just asking for trouble. Faster incident response and breach handling must become a priority if organisations are serious about their data protection responsibilities.

How can Hayes Connor Solicitors help?

If you have been a victim of the Lancaster University data breach, we can help you to claim compensation for any financial losses or distress. Claiming compensation isn’t just in your best interests. The only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

Our professional, friendly team will be pleased to answer any questions you might have about claiming. We will also go through your options and let you know about our NO WIN, NO FEE agreements.

We understand that making a compensation claim can be stressful; especially where you have already been the victim of a crime. That’s why we make sure you always know what’s happening and remove the jargon from the process.

Our process is fully compliant with data protection requirements. And we never put your details at risk.

START YOUR CLAIM

 

 

 

, ,

How Hayes Connor Solicitors helps our clients after a medical data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is medical data breaches. This is because, as our health and social care system becomes digital, there is a lack of robust protections in place to secure medical data.

Here are just some of the medical data breath cases we have helped our clients with recently.

Woman has her medical records unlawfully accessed by her ex in medical data breach

Our client was informed by a mutual friend that her ex-partner had illegally obtained her medical records. He could do this because he was employed by a local NHS Trust. The breach revealed our client’s home address and contact details to her ex. He was also able to establish every time she had received services provided by the NHS Trust.

Because of this data breach, our client suffered significant stress and anxiety. Not least because the information was shared with numerous other people.

NHS family member shared confidential medical information

In this data breach, the sister-in-law of our client (who was a NHS staff member), accessed the NHS system. She then shared personal details about our client with the rest of her family. This included information about our client’s baby.

As a result of this violation, our client’s relationship with her family broke down. She received threats from a family member resulting in police involvement. She also had the ongoing worry of further danger. In response, our client suffered stress, anxiety attacks and trauma. Ultimately she required medication to help manage the psychological effects of this terrible breach of trust.

To make matter worse, the violation meant that our client could no longer continue her university studies. So she suffered the loss of expenses, and the opportunity to progress her career.

Sensitive medical information was sent to the wrong address by mistake

HM Courts & Tribunals Service (HMCTS) sent a copy of a confidential medical report to our client’s former partner by mistake. The report said that he was depressed and suicidal.

Once our client’s ex read the report – a document that she should never have had access to – she used its contents in an application to reduce his contact with his children. This application was successful.

This data breach has had a devastating impact on our client. Having reduced contact with his children has caused him considerable distress and upset. It also aggravated his mental health problems. So, in this case, the consequences have been particularly severe.

Fraudster got his hands on sensitive medical information by impersonating a member of staff

A woman (our client), was a patient in hospital having just given birth. While she was there, a fraudster impersonated a doctor to obtain information about her personal medical situation.

A student nurse provided the highly sensitive information to the imposter. This included details about a disease which our client had recently been diagnosed with, and with which she was struggling to come to terms with.

As she still does not know who accessed her data, and what might be done with, this situation is incredibly disturbing. And, understandably, this uncertainty has caused considerable distress.

Hospital gives sensitive pregnancy discharge pack to wrong woman

Before they leave hospital, new mothers are given a set of postnatal notes, with information about their labour, delivery and care in hospital.

Following the birth of her son, a woman (our client) was contacted on Facebook by a woman who knew her name, address and other personal information. Due to the personal information disclosed, she thought her estranged mother and sister were contacting her. This caused her substantial upset.

It eventually became clear that she was being contacted by a stranger who had been given her pregnancy discharge pack and the personal details of her son by mistake. This happened even though the other woman had attended a completely different hospital in a different town from her.

Because of this data breach, our client suffered stress, anxiety and trauma. This resulted in her needing medication from her GP.  She has also suffered from ongoing flashbacks of family problems.

Help is needed after a medical data breach

These are just some examples of the types of medical data breaches we deal with every day. As you can see, these are serious cases that often put people’s mental health and even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there. We also provide a wide range of information to help our clients protect themselves once a breach has occurred. We also work with Victim Support to help those affected by cybercrime and data breaches.

Find out more about making a medical data breach claim with Hayes Connor Solicitors.

Hayes Connor appointed as data protection supplier to Communication Workers Union

Hayes Connor appointed as data protection supplier to Communication Workers Union

Data breach and cybersecurity specialist Hayes Connor Solicitors has been appointed to deliver data protection claims support to nearly 200,000 members of the Communication Workers Union (CWU). CWU is the largest union for the communications industry in the UK and includes members from the postal, telecoms, mobile, administration and financial sectors.

Lpvl data breach
, ,

Estate agency fined £80,000 for LPVL data breach

A London estate agency has been fined £80,000 by the Information Commissioner’s Office (ICO) after it left 18,610 customers’ personal data exposed for almost two years. LPVL only alerted the ICO to the breach when it was contacted by a hacker.

While this fine is significant, the breach took place before the new data protection regulations came into force. So, the punishment could have been much harsher. For example, in the last few weeks, we have seen the ICO warn both British Airways and Marriott Hotels that it is planning to issue fines of £183.39m and £99.2m respectively for data protection failures.

What happened in the LPVL data breach?

In this case, the data breach occurred when Life at Parliament View Ltd (LPVL) transferred the personal information from its server to a partner organisation. By failing to switch off an ‘Anonymous Authentication’ function, access restrictions were not implemented. As a result, anyone online could have accessed all the data between March 2015 and February 2017.

What information was put at risk in this data breach?

The details exposed by LPVL included bank statements, salary details, copies of passports, dates of birth and addresses of both tenants and landlords. If this data has fallen into the wrong hands the results could be devastating.

What has the ICO said about the LPVL data breach?

Investigating this breach, the ICO uncovered a catalogue of security errors. Crucially, it found that LPVL had failed to take appropriate technical and organisational measures to protect the data.

The ICO concluded that LPVL was guilty of a severe infringement of data protection laws.

Commenting on this case, Steve Eckersley, Director of Investigations at the ICO, said:

“Customers have the right to expect that the personal information they provide to companies will remain safe and secure. That simply wasn’t the case here.

“As we uncovered the facts, we found LPVL had failed to adequately train its staff, who misconfigured and used an insecure file transfer system and then failed to monitor it. These shortcomings have left its customers exposed to the potential risk of identity fraud.

“Companies must accept that they have a legal obligation to both protect and keep secure the personal data they are entrusted with. Where this does not happen, we will investigate and take action.”

What should you do if you are affected by the LPVL data breach?

If you have been the victim of the LPVL data breach, it is vital that you know how to react. Here’s what you should do as soon as you find out that your data has been breached.

  • Follow any security instructions provided to you by LPVL
  • Contact your bank or credit card provider and let them know what has happened
  • Keep an eye out for any bills or emails about goods or services you haven’t ordered
  • Check your bank statements regularly and alert your bank if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Do not click on any suspicious links. This could result in you giving a fraudster even more access to your personal or financial details
  • Always question uninvited emails, calls etc. in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords and use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by up-to-date internet security software

Make a LPVL data breach compensation claim

If you want to make a compensation claim following the LPVL data breach, you should contact Hayes Connor Solicitors. You can make a data breach claim for loss of money or emotional distress.

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.