Posts

thebusinessdesk.com, 13th January 2020

Following news that the ICO is to fine Dixons Carphone Warehouse £500,000 following its significant data breach, Kingsley Hayes told thebusinessdesk about the firm’s plans to launch a group action against Dixons representing hundreds of affected individuals.

Hayes Connor to launch group action following ICO Dixons fine

Data protection specialist Hayes Connor Solicitors will be launching a group action against Dixons Carphone Warehouse after the ICO announced a £500,000 fine last week following the group’s significant data breach in 2018.

The retailer, which owns Currys PC World and Dixons Travel stores, admitted in 2018 that an undetected cyber-attack took place over a nine-month period between July 2017 and April 2018 exposing the card details of 5.6 million customers, and the personal details of 14 million individuals.

Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: “The ICO’s decision has been long awaited and is the maximum fine that can be imposed on breaches that occurred before GDPR came into force. We submitted a disclosure request to Dixons in 2018 but it refused to answer until after the ICO’s decision.

“We have now recommenced that process and expect that in the coming months a group action will be launched. The data breach has exposed millions of its customers to potential identity fraud which could include fake bank accounts being opened in their name, fake credit applications and access to existing bank accounts.

“The ICO’s investigation found Dixons responsible for multiple failings including having inadequate software patches to prevent the cyber-attack, the absence of a local firewall and a lack of network segregation and routine system tests.

“As a result of its inadequate cybersecurity, millions of Dixons’ customers will have suffered, or are at a risk of, significant financial losses. The psychological stress following such a breach cannot be underestimated with clients often reporting anxiety and depression following a breach of their personal data and this can have an impact on every aspect of a victim’s life.”

The ICO investigation into the Dixons Carphone Warehouse data breach found that the cyber-attack comprised malicious software installed on 5,390 tills in branches of Currys PC World and Dixons Travel stores.

Kingsley Hayes continued: “Dixons has been extremely lucky that this cybersecurity wake up call took place prior to GDPR with the breach taking place over a nine month period up to just one month prior to GDPR coming into force.

“With an annual turnover of £billions, the penalties had the incident continued after 25th May 2018 would have proved extremely damaging. With the high street already facing significant challenges, businesses in the retail sector should heed the warning and ensure that watertight cybersecurity is in place before consumer confidence is further eroded.”

Hayes Connor Solicitors was the first firm to serve a representative data breach claim in the High Court following the Court of Appeal’s ground-breaking ruling on 2nd October 2019. The ruling stated that law firms could bring representative action on behalf of just one individual to potentially win damages for the entire affected population. The action against Equifax has a total estimated value of £100 million.

Hayes Connor is the data protection advisor to the Communication Workers Union and is currently acting for thousands of claimants with data breach action against Ticketmaster, Equifax, Marriott International, TeamSport, Yahoo and the Police Federation of England and Wales.

 

bppmedia, 2nd January 2020

We featured in bppmedia with news that Hayes Connor has once again been shortlisted in two categories in the Eclipse Proclaim Modern Law Awards. We are delighted to be shortlisted for the Boutique Law Firm of the Year and Marketing and Communications Strategy awards for the second year running.

Today’s Legal Cyber Risk, 18th December 2019

We were pleased to feature in Today’s Legal Cyber Risk with news that Hayes Connor has been shortlisted in two categories at the Eclipse Proclaim Modern Law Awards for the second year running.

boutique law firm

Hayes Connor shortlisted for two Eclipse Proclaim Modern Law Awards for second year in a row

We are delighted to announce that Hayes Connor Solicitors has been shortlisted in two categories for the Eclipse Proclaim Modern Law Awards 2020. This is the second year running that our achievements have been recognised by the award panel.

The prestigious awards celebrate and identify sparkling talent and success in the modern legal services arena. They also showcase and set the benchmark for best practice in the ever diverse, challenging and exciting legal landscape.

In the 2020 awards, as in 2019, Hayes Connor is on the shortlist for Boutique Law Firm of the Year and Marketing and Communications Strategy. The Eclipse Proclaim Modern Law Awards 2020 will be held at the Victoria Warehouse in Manchester on 6th February 2020.

Boutique Law Firm of the Year

The boutique law firm of the year category honours firms that specialise in a niche area of law. In our case, data breach and cybercrime. Last year, we were highly commended for our work in this area at the final awards ceremony.

Marketing and Communication Strategy of the Year

The Marketing and Communication Strategy of the Year class looks at firms which have shown exceptional originality and innovative thinking in this area.

A very busy year ay Hayes Connor

Commenting on the honour, our MD Kingsley Hayes said:

“The Hayes Connor team is committed to exceeding client expectations, so we are delighted to be recognised once again by the Modern Law Awards’ panel of industry experts.”

This award shortlisting recognises a very busy year ay Hayes Connor. Over the past 12 months, our firm has rapidly grown from six to 15 employees as we actively pursue a number of global organisations who have failed in their data protection obligations.

Appointed as data protection supplier to the Communication Workers Union, we are also currently acting for thousands of claimants with data breach action against the likes of Ticketmaster, Equifax, Marriott International, TeamSport, Dixons Carphone, Yahoo, OnePlus and the Police Federation of England and Wales.

Find out more about our firm. 

Hayes Connor shortlisted for two Eclipse Proclaim Modern Law Awards for second year running

Data breach and cybercrime specialist Hayes Connor Solicitors has been shortlisted by the Eclipse Proclaim Modern Law Awards 2020 for the Boutique Law Firm of the Year (11+ Employees) and Marketing and Communications Strategy categories for the second year running.

The firm, currently representing thousands of clients with multi-party data breach actions including against Ticketmaster, British Airways and Equifax, won the Highly Commended award for Boutique Law Firm of the Year (1-10 Employees) in January 2019.

Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: “The team is committed to exceeding client expectations, we are delighted to be recognised once again by the Modern Law Awards’ panel of industry experts. Hayes Connor has rapidly grown in the past 12 months from 6 to 15 employees as we actively pursue a number of global organisations who have failed in their data protection obligations.”

Hayes Connor was the first firm to serve a representative data breach claim in the High Court following the Court of Appeal’s ground-breaking ruling on 2nd October. The action against Equifax has a total estimated value of £100 million.

The firm is appointed as data protection supplier to the Communication Workers Union and is currently acting for thousands of claimants with data breach action against Ticketmaster, Equifax, Marriott International, TeamSport, Dixons Carphone, Yahoo, OnePlus and the Police Federation of England and Wales.

The Eclipse Proclaim Modern Law Awards 2020 will be held at the Victoria Warehouse in Manchester on 6th February 2020.

 

 

Digital Guardian, 15th December 2019

We talked to the Digital Guardian about the importance of behavioural analysis, and the impact this has on data protection, with more than three quarters of data breaches taking place as a result of preventable human error. Analysing behaviour to identify how these risks can be mitigated is key says Kingsley Hayes.

Sunday Times, 15th December 2019

Kingsley Hayes spoke to the Sunday Times about the Hayes Connor data breach action against Ticketmaster. Individuals who were affected by the breach who have yet to claim compensation – whether or not they have suffered any actual loss to date – may still join the action.

victim of data breach
, ,

Top tips to keep you safe following a data breach

If you have been the victim of a data breach, it is vital that you know how to react.

Here’s what you should do as soon as you find out that your data has been breached

  • Follow any security instructions provided to you by the company which breached your data
  • Contact your bank or credit card provider and let them know what has happened
  • Keep an eye out for any bills or emails about goods or services you haven’t ordered
  • Check your bank statements regularly and alert your bank if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Do not click on any suspicious links. This could result in you giving a fraudster access to your personal or financial details
  • Always question uninvited emails, calls etc. in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords and use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by up-to-date internet security software
  • Contact the ICO to let them know about your concerns. The ICO might investigate the data breach and, while it does not award data breach compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim.

Make a data breach compensation claim

Organisations have an obligation to protect your sensitive data, but they are consistently failing in this duty resulting in data breaches which cause misery and upset to people across the UK.

We are helping people to get compensation for this inability to look after their information correctly. And we can do the same for you.

If you have been the victim of a data breach and you want to make a data breach compensation claim – for loss of money, emotional distress, or loss of privacy – you should contact Hayes Connor Solicitors.

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

 

british airways data breach
, ,

Why should you claim compensation for the British Airways data breach

In 2018, almost 400,000 British Airways customers had their bank card details stolen in what is being called one of the most severe cyber-attacks in UK history. In response, the airline is now facing legal action from thousands of people in the UK. As expert data breach solicitors, here at Hayes Connor, we launched a British Airways Data Breach Group Action to help victims of this breach claim compensation. But since then, two more data breaches were uncovered at the airline.

What happened in the 2018 BA data breach?

Cybercriminals carried out a “sophisticated, malicious criminal attack” on the British Airways website. This attack has put the personal and financial details of customers making bookings at risk. In total, about 380,000 transactions were affected.

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). If this information gets into the wrong hands, it can be used to undertake identity and financial fraud.

British Airways admitted that the cybercriminals spent more than two weeks accessing data online before the hack was spotted and reported. This increases the risk substantially.

A second BA data breach

To make matters worse, when investigating this case, a second data breach was uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers

What happened in the 2019 BA data breach?

In the latest British Airways data breach, researchers at security firm Wandera uncovered unencrypted links within BA’s e-ticketing process. Furthermore, they have warned that this vulnerability means that attackers could easily intercept these links. This means that they could access and change the flight booking details and personal information of passengers.

The vulnerability with British Airway’s e-ticketing system may have also exposed sensitive passenger information.

Should you accept compensation from British Airways?

After the first data breach was uncovered, British Airways said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Why launch a group action?

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim in principle to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

Find out more about group actions.

What should you do now?

For anyone worried that their data has been exposed by British Airways, you should:

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. British Airways should be able to advise you on this
  2. Contact your bank. If any financial information has been stolen, contact your bank or credit card provider immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  3. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  4. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present the ICO is undertaking an investigation into the British Airways Data Breaches. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Data breaches often have severe consequences for those affected. And crucially, it doesn’t matter if you haven’t lost out financially or have suffered emotionally as a result of the hack. If an organisation has failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

Furthermore, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

in our British Airways data breach group action compensation claims, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

 FIND OUT MORE