Posts

victim of data breach
, ,

Top tips to keep you safe following a data breach

If you have been the victim of a data breach, it is vital that you know how to react.

Here’s what you should do as soon as you find out that your data has been breached

  • Follow any security instructions provided to you by the company which breached your data
  • Contact your bank or credit card provider and let them know what has happened
  • Keep an eye out for any bills or emails about goods or services you haven’t ordered
  • Check your bank statements regularly and alert your bank if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Do not click on any suspicious links. This could result in you giving a fraudster access to your personal or financial details
  • Always question uninvited emails, calls etc. in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords and use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by up-to-date internet security software
  • Contact the ICO to let them know about your concerns. The ICO might investigate the data breach and, while it does not award data breach compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim.

Make a data breach compensation claim

Organisations have an obligation to protect your sensitive data, but they are consistently failing in this duty resulting in data breaches which cause misery and upset to people across the UK.

We are helping people to get compensation for this inability to look after their information correctly. And we can do the same for you.

If you have been the victim of a data breach and you want to make a data breach compensation claim – for loss of money, emotional distress, or loss of privacy – you should contact Hayes Connor Solicitors.

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

 

british airways data breach
, ,

Why should you claim compensation for the British Airways data breach

In 2018, almost 400,000 British Airways customers had their bank card details stolen in what is being called one of the most severe cyber-attacks in UK history. In response, the airline is now facing legal action from thousands of people in the UK. As expert data breach solicitors, here at Hayes Connor, we launched a British Airways Data Breach Group Action to help victims of this breach claim compensation. But since then, two more data breaches were uncovered at the airline.

What happened in the 2018 BA data breach?

Cybercriminals carried out a “sophisticated, malicious criminal attack” on the British Airways website. This attack has put the personal and financial details of customers making bookings at risk. In total, about 380,000 transactions were affected.

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). If this information gets into the wrong hands, it can be used to undertake identity and financial fraud.

British Airways admitted that the cybercriminals spent more than two weeks accessing data online before the hack was spotted and reported. This increases the risk substantially.

A second BA data breach

To make matters worse, when investigating this case, a second data breach was uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers

What happened in the 2019 BA data breach?

In the latest British Airways data breach, researchers at security firm Wandera uncovered unencrypted links within BA’s e-ticketing process. Furthermore, they have warned that this vulnerability means that attackers could easily intercept these links. This means that they could access and change the flight booking details and personal information of passengers.

The vulnerability with British Airway’s e-ticketing system may have also exposed sensitive passenger information.

Should you accept compensation from British Airways?

After the first data breach was uncovered, British Airways said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Why launch a group action?

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim in principle to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

Find out more about group actions.

What should you do now?

For anyone worried that their data has been exposed by British Airways, you should:

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. British Airways should be able to advise you on this
  2. Contact your bank. If any financial information has been stolen, contact your bank or credit card provider immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  3. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  4. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present the ICO is undertaking an investigation into the British Airways Data Breaches. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Data breaches often have severe consequences for those affected. And crucially, it doesn’t matter if you haven’t lost out financially or have suffered emotionally as a result of the hack. If an organisation has failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

Furthermore, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

in our British Airways data breach group action compensation claims, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

 FIND OUT MORE

 

 

data breach compensation
,

Making a data breach compensation claim- what happens next?

Registered a data breach compensation claim? Find out what happens next and how long the process will take*

At Hayes Connor Solicitors we understand that making a data breach compensation claim can be stressful. As such, we’ve created a handy step-by-step guide to help explain the process.

But what happens after you tell us you want to make a claim? And what information do we need from you?

Within one week of starting your data breach compensation claim

Once you have told us that you want to make a data breach or cybercrime compensation claim, we will send you our initial documentation pack. This sets out what we will do for you, how we will do it, and what we need to proceed with your claim.

Within this pack, you will also find our data breach questionnaire. This lets you tell us as much about your case as possible. We ask you to complete this to best of your ability.

The type of questions we ask include:

  • When the data breach took place
  • When you found out about the data breach
  • What information was stolen/put at risk
  • If you have reported the data breach (e.g. to the ICO, the police etc.)
  • If you have you received any documentation admitting the breach (and if so, when)
  • Whether the organisation that put your data at risk has given you a reference number
  • If you have suffered any distress as a result of the data breach. And if so have you spoken to your GP about this
  • Whether you have any pre-existing vulnerability to distress or psychological trauma
  • Whether you have suffered any financial loss as a result of the breach. And if so, what these losses involve
  • Whether anyone else has been affected by the breach. And if so, who and how.

We need this information to ensure we make the strongest possible claim on your behalf. For example, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss. Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. But to make sure we can claim for this distress, we need to know exactly how the data breach has affected you.

Likewise, we need to know about any financial losses so that we can make sure you are fully compensated in any award.

Crucially, you can also make a claim for loss of privacy – even if you haven’t suffered as a result.

Immediately after you return the requested documentation to us

Once you have signed and returned the necessary information to us, we will make a start on your case. It is not unusual that – on reviewing your impact form – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why filling out our form to the best of your ability and appointing expert data breach compensation solicitors is so important.

Within two weeks

The next step in our data breach claim process is to contact the offending party and let them know that we will be making a case against them. This is called a Letter Before Action (LBA). The LBA lets the defendant know that we plan to start proceedings against them, and that we are very serious about getting you the compensation you deserve.

In this LBA we also set out how long they have to respond. This is usually no more than 21 days. The response we receive following the LBA will dictate our next steps. In our experience, most organisations take a LBA very seriously. But we make it clear that if we do not get a response by the deadline set out in the letter, we will start court proceedings on your behalf.

Within three months

If we can come to an agreement, you can expect to receive your compensation within 28 days of agreement.

If the other party does not agree to our terms, and we fail to reach an agreement, we will write to them to tell them that we intend to take the matter to court.

In many cases, where the ICO has already fined the company, these claims are taken seriously. Likewise, the costs of contesting a claim often far exceed the costs of settlement, so there is usually a willingness to pay a reduced amount rather than face more substantial costs and bad publicity.

Within six months

If your case does go to court, you will need evidence to back up your claim, and we will work on establishing this for you. The court process can take anywhere between three and nine months.

Where the company/individual has already admitted to a crime, or to breaching private data, or has already been found culpable, the chances of success are solid.

Within 12 months of starting your data breach compensation claim

If we win your case, we will transfer your compensation to you. In most cases, the minimum level of damages to be sought would be between £750 and £1,000. However, for serious data breach claims the award could be several thousand pounds. There is also likely to be a rise in group action cases where companies have put employee and/or customer data at risk.

CONTACT US AND START YOUR DATA BREACH CLAIM TODAY

At Hayes Connor, our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.


*Times are for guidance only. The time your claim takes will depend on the type of case and other factors such as how many people have are involved.

BA group action
, , ,

Hayes Connor sees surge of interest in British Airways data breach

Since British Airways (BA) customers had their personal data stolen in a series of breaches, we have been contacted by hundreds of people who were put at risk by the airline. And, in good news for consumer-rights, in October 2019, the Court gave its permission for official legal action to be launched against the airline. Since this decision, lots of new clients have contacted us to join our BA group action case.

What happened in the BA group action case?

In 2018, hackers accessed the BA website and mobile app to steal information including card details, addresses, email addresses and travel arrangements. According to an investigation by the Information Commissioner’s Office (ICO), some passengers were taken to a fake website where hackers harvested their details. As a result of this breach, many customers were forced to change their bank accounts or credit cards.

Why is this BA’s fault?

Following an investigation, the ICO found that the hacks were only possible due to inadequate security arrangements at the airline. In response, it is planning to impose a fine of more than £183 million on BA. But, none of this money will go to the victims.

Leading the way when it comes to data breach law

To secure justice for data breach victims, it’s vital that organisations are held to account for their security failures. And, at Hayes Connor, we believe we are the best firm to help BA customers to achieve this. This is because we are a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as BA. We also have experience in similar huge cases against the likes of Ticketmaster and Equifax.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Our No-Win, No-Fee BA group action makes sure you are protected against all possible costs

At Hayes Connor, we offer a No-Win, No-Fee guarantee. This makes sure our clients are protected and insured against all possible outcomes.

Find out more about what No-Win, No-Fee means.

Why join our BA group action?

At Hayes Connor Solicitors, we have already started a group action claim against British Airways to help victims of this data breach to secure compensation. This means we have everything in place ready for you to join. And, we are using the evidence uncovered by the ICO to make the strongest possible case.

Unlike other UK law firms, we have experience in group action data breach cases. Where cases are very similar, such group actions can be a powerful tool and can have a bigger impact than a single claim.

Don’t miss out on the compensation you deserve!

The deadline to join the BA Group Action has been set by the Court. And, our group action is still open to you to join. You can make a claim even if the theft of your data has not caused you any harm or distress.

However, we would recommend that you join ASAP to give you plenty of time. We are already gathering evidence to give our clients the best possible chance of success. There may also be the chance to secure a settlement before this case gets to Court.

Without joining a group action, hundreds of thousands of people could miss out on the compensation they deserve.

To join our British Airways data breach group action compensation claim, register with us today.

 REGISTER NOW

data breach advice
,

Four simple steps to protect your data following a data breach

Negligent business processes, human error and cybercrime are causing a growing number of data protection act breaches. And, if you have been the victim of a breach or cyber-attack, it is vital that you know how to react.

What to do when you find out your data has been breached

STEP ONE: Protect your finances

A data protection act breach can result in financial theft. And, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. To protect your money you should:

  • Contact your bank (or credit card provider) immediately if you are worried that your financial data has been exposed
  • Look out for any bills or emails showing goods or services you haven’t ordered
  • Check your account for any unfamiliar transactions and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Understand that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Know that a legitimate bank or other business would never ask you to move money to another account for fraud reasons.

STEP TWO: Watch out for further attacks

All too often, cyber-criminals get access to your name and email address following a data protection act breach. And they might use this to try and extract additional information from you (such as your banking details). As such, you should:

  • Follow any security instructions provided to you by the company which breached your data
  • Never automatically click on a link in an unexpected email or text. This could result in you giving a fraudster access to your personal or financial details
  • Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t assume an email or phone call is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Be careful who you trust – criminals may try and trick you by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and to reveal your security details
  • Know that criminals can make any telephone number appear on your phone handset, so even if you recognise a name or number, or if it seems authentic, it might not be genuine
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Listen to your instincts. If something feels wrong, then it is right to question it
  • Have the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
  • Never hesitate to contact your bank or financial service provider on a number you know
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud.

STEP THREE: Put some data protection best practices in place

If you are concerned that your data might be at risk, there are some steps you can take to stop the threat from escalating. For example, you should:

  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords
  • Use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by internet security software and that this is kept up-to-date.

STEP FOUR: Make a data breach compensation claim

Every day, data protection act breaches are causing misery and upset to people across the UK. Organisations have a duty to protect your sensitive data. And letting other people access this is a complete failure of this responsibility. So, why shouldn’t you seek compensation for this inability to look after your information correctly if it has caused you distress?

If you want to make a data breach compensation claim you should:

  • Contact the ICO to let them know about your concerns. The ICO might investigate the data breach and, while it does not award compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  • Make sure that if you are offered any form of compensation or free services from the organisation that put your data at risk, you check the small print. Be careful that in accepting an offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  • Write down your version of events ASAP, including any impact resulting from the data breach as this could provide valuable evidence in court
  • Contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Crucially, if an organisation has failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

 

pet data breach
, ,

Could your pet be the cause of a data breach?

At Hayes Connor, our data protection solicitors deal with many different types of data breaches. But a recent case was particularly unusual. In this instance, a missing family cat was the cause of the data breach.

What happened in this data protection breach?

We represented a family whose cat went missing causing them understandable upset. The cat had been microchipped, so they were hopeful that they would be reunited with their pet.

In April last year, the data stored by the company responsible for the electronic chip was breached. This breach happened when someone found the cat and took it to be scanned.

Usually, a vet will inform the owner that their pet has been found. However, contrary to the established procedures, in this case, two different vets accessed our client’s data and disclosed this to the person who found the cat. This included our client’s home address.

To make matters worse, our client only found out about the pet data breach when a neighbour asked if the cat had returned home after it disappeared from her friend’s home (the person who found the cat in the first place). So at no point was our client told that their beloved family pet had been found.

In this case, it would be tempting just to blame the vets involved, but after investigation, it became clear that the company responsible for holding the microchip information had not put systems in place to protect the personal data it was responsible for. This lack of adequate internal security systems did nothing to prevent the sharing of personal data by the vet practices.

As a result the family has a claim against the vets that breached their personal data, and the microchipping company.

Why did our client need data protection solicitors?

The family felt that their complaint wasn’t being adequately responded to or taken seriously.

Frustrated that their distress was not being acknowledged they decided to take legal action. They chose Hayes Connor as we specialise in data breach litigation and were also able to take on this pet data breach case on a no win-no fee basis.

What was the result of this pet data breach case?

The Information Commissioner’s Office (ICO) is the UK’s data protection regulator. We advised our client to report this matter to the ICO, which ruled that there had been a breach of Data Protection obligations.

As a result, our client was awarded £1,250 compensation and, just as important, the recognition they wanted for the distress this had caused. Our data protection solicitors also wrote to the microchipping company to advise them on their information rights practices, and have sent recommendations regarding improvements going forward.

Talking about their experience, our client said:

“Very pleased I went with Hayes Connor I would recommend them and use them again if I ever needed to. I didn’t originally set out to make a compensation claim but I’m glad I did. You took my claim seriously and just as importantly your involvement made those responsible take it seriously as well.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Helping to reduce the impact of data breach violations

The Data Protection Act exists to protect the privacy of individuals. However, many organisations have struggled to keep up with changes in the rules, and this could leave everyone vulnerable.

In response, at Hayes Connor, our data protection solicitors help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

If you or a member of your family has suffered financial damage, emotional distress or a loss of privacy caused by a breach of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Not Just Hackers

Cybercrime is big news. It’s almost impossible to pick up a newspaper or turn on the television without hearing about how some big company has been hacked with thousands of customers put at risk. But, while these cases are important, every day smaller data breaches are causing misery and upset to people across the UK.

Our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

 

equifax data breach
, , ,

Hayes Connor launches new Equifax data breach claims website

Hayes Connor Solicitors has served a representative data breach claim against Equifax in the High Court. The action could see Equifax ordered to pay up to £100 million in compensation. And, to make it easy for people affected by the breach to join this action, we have launched a bespoke Equifax data breach claims website.

 Launching equifaxdatabreach.co.uk

Because of a series of data protection failures, Equifax let the personal data of its customers fall into the hands of hackers. In response, the UK’s data protection regulator (the ICO) fined Equifax £500,000. But none of this money will go to victims of the data breach.

In the US, Equifax will pay $1.4 billion to compensate affected consumers. We believe that UK customers deserve compensation too. That is why we have set up www.equifaxdatabreach.co.uk.

Making it easy to claim compensation and hold Equifax to account

According to press reports, and the findings of the ICO, 15 million people have been affected in the UK. Equifax has written to 693,665 UK customers confirming that they have had their data breached.

If you are a victim of the Equifax data breach, our new site explains more about:

  • What happened in the Equifax data breach
  • What you can do about it
  • Our representative action
  • Whether you can claim compensation from Equifax.

We also have a range of handy FAQs to answer any questions you might have about this shocking privacy violation.

Our no-win, no-fee Equifax data breach representative action

We are running a representative (group action) case against Equifax. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

We are doing this in partnership with Louis Browne QC and Ian Whitehurst of Exchange Chambers Liverpool. This is the same expert data protection team currently engaged in Ticketmaster and British Airways litigation.

Our claim allows anyone in the UK who has suffered financial damage, emotional distress, or a loss of privacy (e.g. having an email address stolen) to claim compensation for the breach. What’s more, in the Equifax case, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you win, you’ll get all of the compensation.

Crucially, by registering today, we will keep you updated as this case progresses.

Find out more at equifaxdatabreach.co.uk

 

money transfer scam
, ,

Are you likely to be targeted by money transfer scammers?

Cybercriminals are getting smarter. And they are making a lot of money along the way. One of the most lucrative forms of cyber fraud is the money transfer scam (otherwise known as push payment fraud).

In 2017 there were 43,875 cases involving money push payment fraud, with total overall losses of £236 million to customers. And, to make matters worse, only £60.8 million of the money stolen was ever was repaid[1].

Money transfer scams

Money transfer scams happen when cybercriminals trick individuals into sending them money. Because the victim believes the fraudster to be genuine, they authorise the payment. The money is then quickly transferred to different accounts, often abroad, which makes getting it back almost impossible. And, despite there being rules in place to protect customers, banks are usually reluctant to compensate for any losses. So, people can be left out of pocket without knowing where to turn.

Who is targeted by money transfer scammers?

You might think that fraudsters are more likely to go after people they believe will fall for the scam, but this isn’t the case. Money transfer scams can be extremely difficult to spot, so anyone could be at risk.

The Financial Ombudsman has highlighted the increasing sophistication of criminal methods. It argues that people are often manipulated into thinking their money’s at risk. And that this can result in rasher decisions than someone would typically make.

There are two main reasons why cybercriminals might make you the target of a money transfer scam:

  1. Because they already have your data

Often money transfer scams happen because your data has already been violated. For example, because of a data breach (or other cybercrime such as an email hack).

 A data breach could have occurred at any organisation that holds your personal information. Criminals often use data breaches to access data and sell it on the dark web.

According to a report by The Independent[2], the personal data of UK citizens is selling for as little as £10 on the dark web. The data offered provides more than enough information for fraudsters to convince you that they are genuine and defraud you.

  1. Because of poor security at your bank

Some criminals will target the customers of banks that they know have poor security processes. This can make it easier to trick customers into handing over money. This includes where banks fail to:

  • Keep their internal telephone/text/email systems secure
  • Keep their internal security protocols safe and secure
  • Undertake proper checks on large transactions from clients who don’t normally transfer large sums
  • Undertake proper checks on transactions to accounts where there is no history of transactions
  • Stop transfers and freeze accounts when they are informed that fraud might be happening
  • Liaise with the fraudsters’ banks to chase down the money and/or find out who the money has gone to.

What can you do to protect yourself from money transfer scams?

Here are some quick tips to keep you safe from money transfer scammers:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic. Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Know that banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Be aware who you’re sharing your personal information with. Only give out details to a service you trust and that you’ve contacted directly or are expecting to be contacted by. Even then, do not hand over sensitive information such as your PIN or password
  • Don’t be rushed into handing over personal or financial information
  • If something doesn’t feel right listen to your instincts. Leave the conversation if it makes you at all uncomfortable
  • Always question who you’re talking to. If in any doubt call them back using trusted contact details (you can usually find these on your bank cards) to check the request is genuine
  • Don’t be afraid to say you’ll get back to someone using the phone number or email address as listed on their website. A legitimate organisation would never try to panic you out of taking security checks
  • Never automatically click on a link in an unexpected email or text
  • Make sure you look at the address bar when logging into a website. If there is a padlock icon your connection is secure, if a site doesn’t have this lock icon, do not share any sensitive information
  • If you’re worried that you may be at risk, report it to the Police or Action Fraud straight away.

Get digitally aware

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

We are also considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.

SIGN UP TO FIND OUT MORE ABOUT JOINING OUR GROUP ACTION CLAIM


[1] UK Finance

[2] https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-id-value-hackers-cyber-crime-a8683821.html

data breach claim
, , ,

Making a data breach claim. What has changed?

A recent case against Google for illegal data harvesting has transformed how data breach claims are managed in the UK. But what has actually changed? And what does this mean for you?

The background

Between 2011 and 2012, Google used cookies on Apple’s Safari web browser to illegally collect data about its users. In response, a group action was launched to help people challenge the big technology company over this data privacy violation. But, in October 2018, the case was thrown out.

Essentially, it was deemed too difficult to calculate how many people had been affected, and in what way. This is because, to make a data breach claim, each person had to show that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. In group action cases such as this, where multiple people had been affected, this was especially complicated.

However, this case was taken to appeal, and, in a “ground-breaking” ruling, the Court effectively reformed the data breach claims process.

Change one – you can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

Change two – you can make a data breach claim even if the only thing exposed was your email address

People can now seek compensation even if the only personal information breached was their email address. Everyone has the right to the protection of their personal data. Especially when such data now has an economic value (e.g. it can be sold).

Change three – there are now different ways to join a group action claim, depending on how you have been affected

Until now, if someone had their data breached, they would have to prove how this privacy violation affected them. In group action cases (where lots of people are affected by the same breach), this could be a complicated process. Because not everyone will have experienced the same loss and consequences. So, making an award in these cases can be tricky.

But, the Court of Appeal has made the group action claims process easier.

People involved in a significant data breach (that has resulted in differing levels of financial loss or emotional harm), can still make a group action case. You can find out more about how to make a group action claim here. So, in these cases, nothing has changed.

But now, people who have had their data breached in a mass privacy violation, but who have not experienced any harm, can also claim. To do this, they will need to join a representative action.

The type of action required for each case will depend on the exact breach. If you are unsure about which option is available to you, our helpful data breach experts are happy to answer any queries you might have.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm (e.g. having their email address stolen and data privacy violated).

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions.

In addition, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

A representative action is a quicker way to claim for compensation

A representative action can be launched based on the total number of those affected, not just the individuals who have proactively decided to pursue compensation. This will make claim process much quicker. However, to receive a share of the settlement, affected parties will still need to register to join the action. There is likely to be a strict time limit to do this.

What about individual data breach cases?

The ability to claim compensation for individual personal data breaches still exists (for example, where a bank has posted your financial statement to the wrong address). But now, you can claim compensation even if you haven’t suffered because of the breach.

In such instances, people can claim directly with the organisation responsible. However, we would always recommend using a specialist data breach solicitor.

At Hayes Connor, we take a holistic and long-term view when it comes to claiming compensation on your behalf. And, our understanding of the effects of a breach mean we always ensure the best possible outcome for you. It is not unusual that – on reviewing your case – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law.

How will you know if you can make a data breach compensation claim?

Since the introduction of the General Data Protection Regulation (GDPR), any organisation that processes your personal data MUST let you know if it has been breached. And, once you have been told about any violation, you can make a claim.

How do you make a data breach claim?

If you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

START A DATA BREACH COMPENSATION CLAIM

 

 

 

bank data breach
, , ,

What can you do if you are the victim of a bank data breach?

Financial data breaches and cyber attacks are on the rise. Not only did retail banking see 2400% more data breach reports last year than the year before, but breaches in a whole range of companies are putting our financial data at risk. For example, following the Ticketmaster data breach, over 60% of all our clients went on to suffer multiple fraudulent transactions on their payment cards.

What is causing financial data breaches and cyber attacks?

In 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank suffered sustained attacks. These attacks cost them hundreds of thousands of pounds. Furthermore, over £500m was stolen from British banking customers in the first half of 2018.

Cryptocurrency is also being targeted by criminals. In fact, each year, the equivalent of millions of pounds is being stolen from cryptocurrency holdings. As such, cryptocurrency fraud is a very serious crime.

There are a few reasons why data breaches and hacks are happening. These include:

Cyber attacks

 A cyber-attack can take many forms including financial data hacks, financial phishing attacks, bank and credit card takeover fraud and push payment scams.

To make matters worse, cybercriminals are becoming increasingly sophisticated. For example, AI-assisted imposters are set to become an increased threat. With machine-learning and the Internet of Things (IoT) helping to make existing cyber-attack efforts faster, more formidable, and more effective.

Inadequate security processes

In many cases, financial data breaches happen because of a failure to implement reasonable and robust processes.

This can include things like not implementing or updating secure firewalls, password controls, operating systems, anti-virus and anti-malware software or reliable encryption. Also, companies that fail to establish regular and robust backup processes or don’t take steps to identify, record and secure personal data are putting this information at risk.

 Human error

It is human error rather than cybercrime that is the biggest cause of financial data breaches. In fact, in the UK, 88% of data breaches caused by human error, not cyberattacks.

Typical examples of such errors include:

  • Sending sensitive data to the wrong recipient (via email, post or fax)
  • The loss of paperwork
  • Forgetting to redact data
  • Storing data in an insecure location
  • Losing devices such as laptops, phones and tablets
  • Staff deliberately ignoring data protection policies
  • Managers not training staff on data protection
  • Leaving sensitive information online without any password restrictions.

How can you protect yourself following a financial data breach or cyber attack?

To protect yourself following a financial data breach you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a financial data breach or cyber fraud give us a call to discuss your case in more depth.

Making a financial data breach claim

If you want to claim compensation for a financial data breach case, our professional, friendly team will advise you on whether you have a valid claim. Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.