Posts

data breach solicitors
,

Morrisons loses data breach challenge

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

 

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

Today, the Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

Why is this case so important?

In 2015 – in the first group litigation of its kind in the UK – over 5,000 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

In December 2017, despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was liable for its omissions such as not ensuring the proper security measures to protect the data.

The judge in the original case also ruled that Morrisons was “vicariously liable” for the employee’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

The decision to hold Morrisons vicariously liable is important, as it gives victims more opportunities to seek compensation (companies are more likely to be insured against such liability than employees).

The case also paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

 

Morrisons has now said that it will now appeal to the Supreme Court. If that appeal fails, those affected will be able to claim compensation for “upset and distress”.

The latest decision is good news for people who want to hold businesses to account for a failure to protect personal and sensitive data.

The judgement has been referred to as a “wake-up call for businesses” and Morrisons could now face a hefty compensation bill.

 

data breach compensation
,

Hayes Connor Solicitors launches group action following Equifax data hack investigation

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation.

Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

What happened in this case?

The fine follows a 2017 cybersecurity incident which led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent. Following the data breach, it was revealed that Equifax’s failure to patch a server flaw resulted in hackers potentially stealing 143 million US citizens’ data, and the personal details of up to 15 million Brits. This sensitive information included email addresses, passwords, driving license numbers and phone numbers.

Furthermore, while Equifax originally said that no UK passwords or financial information were stolen in the hack, it has since admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

The ICO investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

Information commissioner Elizabeth Denham said Equifax showed a “serious disregard” for its customers and their personal information.

Why should you join the Equifax group action?

The sheer scale of the Equifax data breach means that millions of people across the UK are now at an increased risk of theft and identity fraud. So we welcome the news that the ICO is holding Equifax to account.

However, while fines are an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

What can you claim compensation for?

Many Equifax customers have had their financial information stolen, and that can be devastating if it gets used by cybercriminals to carry out fraud or theft. But, in addition to this, much of the data stolen from Equifax is considered to be personally identifiable information. This means that the data can be used to identify a specific individual, and be manipulated to undertake identity fraud.

We should all be very worried about what could happen if our personal data gets into the wrong hands. With enough information, cybercriminals can steal our identities, apply for credit in our name, set up fraudulent bank accounts and access our existing accounts. So, it is understandable that victims would want to seek compensation for Equifax’s failure to look after their information correctly, and the best way to do this is through a group action case.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

What is a group action?

A group action allows people with the same type of claim to bring it together on a collective basis. Doing this strengthens their overall position and increases their chances of settlement or success at Court. What’s more, with a group action, claimants often share the legal fees. So, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

How to join the Equifax group action

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by our firm. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is also providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if someone is awarded £1,500, they will get all of the compensation. There are no solicitor’s fees win or lose.

If you have been affected and want to join the group action, you can register your details here.

carphone warehouse compensation
, ,

Join a group action Carphone Warehouse data breach claim

Dixons Carphone is facing legal action from potentially millions of people after it was revealed that hackers have accessed the information of close to 10 million customers. The hackers also got access to the records of 5.9 million payments cards (nearly all of which were protected by chip and pin).

While the company claims that no customers have been the victim of fraud as a result of the hack, you can still claim for any distress you have suffered as a result of the Dixons Carphone data breach.

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

As expert data breach solicitors, here at Hayes Connor, we are carefully watching developments unfold in this case, and are preparing to launch a group action Carphone Warehouse data breach claim once the relevant investigations are complete.

What happened in the Carphone Warehouse data breach?

The Dixons Carphone data breach took place in 2017 and resulted in customer records being accessed from Currys PC World and Dixons Travel stores. Both payment card details and non-financial records were compromised.

The Dixons Carphone’s investigation has not uncovered any evidence of additional fraud, but it has revealed that significantly more data was taken than first thought.

Crucially, the details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes.

Dixons Carphone has been criticised for downplaying the severity of the hack. Because today, criminals don’t need payment card or bank account details to cause havoc. Indeed, the sheer scale of damage and distress that can be created by criminals gaining access to personally identifiable information (PII) cannot be underestimated. So, while there is no evidence of financial losses suffered by customers of Currys PC World and Dixons, this doesn’t mean that the impact on victims is any less significant.

To make matters worse, this is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. So, with a history of failures, the relevant authorities will now be looking very carefully at this latest data breach.

What are we doing about a Carphone Warehouse data breach claim?

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is now at the mercy of cybercriminals. In response, we are now considering launching a group action against Dixons Carphone.

As such, we have appointed Barrister Ian Whitehurst to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

Why launch a group action Carphone Warehouse data breach claim?

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

What’s more, with a group action claimants often share the legal fees. Even better, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis.

Find out more about group actions.

What should you do if you have been affected by the Dixons Carphone data breach?

If you are worried that Dixons Carphone has exposed your data, there are a few simple steps you can follow.

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. Dixons Carphone should be able to advise you on this
  2. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  3. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  4. Contact your bank. If any financial information has been stolen, contact your bank immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present the ICO is undertaking an investigation into the Dixons Carphone Data Breach. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

To find out more, read our handy step-by-step guide to making a data breach claim

How can you join the Carphone Warehouse data breach claim group action?

If you have had an email from Dixon’s Carphone you could be entitled to several thousand pounds in compensation so it’s important to act now. And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

carphone warehouse compensation
,

Ten million customers could claim compensation for distress in Dixons Carphone data breach

Following the Dixons data breach discovered in June this year, Dixons Carphone has begun contacting customers to warn them that their information has been accessed by hackers. And, while the company initially estimated that 5.9 million people could be at risk, that figure is now closer to 10 million. But with Dixons Carphone claiming that no customers have been the victim of fraud as a result of the hack, can you claim compensation for distress?

What has happened?

The breach, which took place in 2017, saw data leaked from servers containing customer records from Currys PC World and Dixons Travel stores. Both payment card details and non-financial records were compromised.

While Dixons Carphone’s investigation has not uncovered any evidence of additional fraud, it has revealed that significantly more data was taken than first thought.

In an email to customers affected by the data breach, Dixons Carphone admitted that the scale of the non-payment leak reached around 10 million customers. Details stolen during the attack include names, addresses, phone numbers, dates of birth, and email addresses – all of which can be used by cybercriminals to commit further crimes.

Alex Baldock, chief executive of Dixons Carphone, has apologised for the breach and admitted that the company had ‘fallen short’ of its duty to protect customers. And, a spokesperson for Dixons Carphone said that: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result.”

However, by downplaying the severity of the hack, it is clear that Dixons Carphone does not understand the importance of keeping its customers’ personal data safe, and the sheer scale of damage and distress that can be caused by criminals gaining access to personally identifiable information (PII).

In fact, while there is no evidence of financial losses suffered by customers of Currys PC World and Dixons, this doesn’t mean that the impact on victims is any less significant.

Distress matters in data breach cases

Being the victim of a crime can have a considerable effect on you. Both mentally and physically. Everyone reacts differently, but for some people, the consequences can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So, just because your financial details were not exposed or used, doesn’t mean the breach should be treated any less seriously.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Compensation for distress in data breach cases

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

A personal data breach is a 21st-century version of being burgled. So why shouldn’t you seek compensation for this failure to look after your information correctly?

What next in the Dixons Carphone data breach case?

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

Dixons Carphone has said that is “continuing to keep the relevant authorities updated.”

This is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a £400,000 following another cyber-attack.

The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees was put at risk.

With a history of failures, the regulator will now be looking very carefully at this latest revelation.

Can you claim compensation for distress in the Dixons Carphone data breach?

Absolutely. Data breaches can have severe consequences for those affected, so, customers of Dixons Carphone should now be looking to claim compensation.

In this case, because of when the breach took place, any financial penalties paid by Dixons Carphone for failing to protect customer data adequately will be calculated under old data protection legislation. This means that the company will escape the threat of much more substantial fines now possible under the General Data Protection Regulations (GDPR).

But with a history of data negligence at the company, and a clear downplaying of the importance of this latest breach, something must be done to hold them to account.

If you have had an email from Dixon’s Carphone you could be entitled to several thousand pounds in compensation so it’s important to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

data breach ticketmaster
,

Ticketmaster data breach: putting GDPR to the test

Following the Ticketmaster data breach – where cybercriminals got away with customers’ personal and financial information- the latest data protection regulations are now being put to the test.

Unless you have been living under a rock, you will have heard about GDPR. In fact, you’re probably fed up hearing about it. But GDPR is likely to have a significant impact on the way companies handle your valuable data; with enormous fines for those that don’t look after it properly.

And, according to data protection lawyers, the Ticketmaster data breach could be a real test to see if the legislation will hold companies to account.

What happened in the Ticketmaster data breach?

Ticketmaster was affected by a substantial data protection breach after cybercriminals hacked the company’s website. Different customers had different data stolen including:

  • Financial information stolen and used. There are reports that customers of Ticketmaster have been the victims of theft, with their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among others). Anyone who has had their financial details stolen and used fraudulently could now be looking at compensation in the region of £5,000
  • Financial information stolen. Many of those affected by the Ticketmaster data breach will have had their financial details stolen but not used (at least not yet). Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss. If you had your financial details stolen during the Ticketmaster data hack, you could be looking at compensation in the region of £3,000
  • Email address stolen. If your email account has been hacked the consequences could be devastating. Again, it doesn’t matter if there is no evidence of your data being used. If the distress of having your data in the hands of cybercriminals has caused you suffering, you can make a claim. Anyone who has had their email address stolen could be looking at compensation in the region of £1,500
  • Other personal information stolen. Along with the financial info and email addresses stolen, the Ticketmaster hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. Anyone who has had their personal data stolen could be looking at compensation in the region of £500 – £1,000.

 

Find out more about the different types of data breaches in this case.

Ticketmaster data breach and GDPR

The Ticketmaster data breach affects up to 40,000 people who bought tickets between September 2017 and 23 June 2018. With the GDPR coming into force on May 25th 2018, this means that the breach spans two different data protection acts:

  • The Data Protection Act (DPA) 1998
  • The Data Protection Act (DPA) 2018 (the UK’s version of the GDPR).

These acts have drastically different level of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

It is not yet clear which legislation is relevant, but the breach could be judged under both. Alternatively, the entire data protection failure could be treated as a breach under GDPR as it kept happening after the new laws came into force. If GDPR is used, the Ticketmaster data breach case will be considered a test case that is likely to set the tone for action to be taken by the ICO in future breaches.

What does this mean for you?

In truth, while data protection lawyers are eagerly waiting to see what legislation applies, for people who had had their data breached it doesn’t make much difference. Mainly because, while the ICO can impose a fine on a company, this isn’t given to victims of the data breach.

The only way for you to hold Ticketmaster to account is to make a data breach compensation claim.

At Hayes Connor Solicitors, we have already been contacted by lots of Ticketmaster customers who are worried that their data was not looked after as carefully as it should have been.

In response, we are supporting no-win, no-fee compensation claims for everyone who has had their data accessed in the Ticketmaster data breach. Depending on the numbers involved we may even start a group action against Ticketmaster.

Find out more about making a claim against Ticketmaster.

To start your compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

 

REGISTER NOW

hayes connor solicitors
,

Can you make a data breach claim against Yahoo?

Yahoo has been fined £250,000 after 515,000 UK accounts were compromised. This comes following a sophisticated and persistent attack in 2014. The data protection hack led to user’s names, email addresses, telephone numbers, passwords and security information being stolen by cybercriminals.

Following the fine by the Information Commissioner’s Office (ICO), those affected should now consider a data breach claim against Yahoo.

What happened in this case?

In 2014, a Russian state-sponsored cyber-attack resulted in personal data being stolen from over 500m Yahoo user accounts worldwide. Despite evidence that the firm knew about the hack soon after it happened, the data breach wasn’t reported until September 2016.

What was the result of the investigation?

The investigation focused on UK accounts that were co-branded Sky and Yahoo, and which the London-based branch of Yahoo had responsibility for.

Following its inquiry, the ICO found that Yahoo had “failed to prevent” the hack. The ICO also condemned “inadequacies” that had been in place at Yahoo for some time without being “discovered or addressed”.

The investigation also found that:

  • The firm failed to ensure that its data processor complied with the appropriate data protection requirements
  • The firm failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed

According to an ICO spokesperson:

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

As a result, the watchdog imposed a £250,000 fine. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit.

What can you do?

The ICO has said that cyber-attacks are a fact of life, and that companies have to make it as difficult as possible for them to get in. That it is “no good locking the door if you leave the key under the mat.”

But, while the ICO has the power to impose fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. However, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

According to the ICO, Yahoo has informed those affected. If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Following massive data breaches, companies often set aside funds to pay compensation, so you have nothing to lose.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

dixons data breach
,

Dixons Carphone admits huge data breach

Dixons Carphone has admitted a huge data breach following a prolonged hacking attempt. The data hack involves 5.9 million payment cards and 1.2 million personal data records. The breach occurred following a number of attacks – carried out over a period of 12 months.

The personal data records compromised by the hackers includes information such as names, addresses and email addresses. All of which can be used to carry out data theft and fraud.

Also, while most of the cards had chip and pin protection, some105,000 non-EU issued cards did not have this technology. While the company has said there is no evidence that any of the cards had been fraudulently used, a full police investigation is now underway. The regulators have also been informed and it is thought that the breach could leave the company open to a large fine.

Alex Baldock, chief executive at Dixons Carphone said:

“We are extremely disappointed and sorry for any upset this may cause.

“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

A history of data protection failures

Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a whopping £400,000 following another cyber-attack. The fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO). In that breach, the personal data of over three million customers and 1,000 employees were put at risk. Including the historical payment card details for some 18,000 customers.

Find out more about the Carphone Warehouse breach here.

While Dixons Carphone claims that the two incidents are unrelated, the Information Commissioner (ICO) will now be looking very carefully at this latest failing.

What can you do?

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse and the merged Dixons Carphone should now be looking to claim compensation.

The company has said that it will be contacting those affected to advise them of the breach. We would urge anyone contacted to let us know and start a data protection compensation claim; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you are affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

data breach compensation

Does an organisation have to be fined by the ICO before you can make a data breach compensation claim?

The Information Commissioner’s Office (ICO) is an independent authority. Part of its job is to make sure that organisations across the UK keep our data safe. Every year, the ICO imposes fines on all kinds of businesses, government bodies and other parties that fail to do this. The ICO can also ensure that these organisations take steps to protect our data in future better.

But, while the ICO has the power to impose hefty fines, it does not award compensation to victims. That being said, you do have the right to ask the ICO to assess if an organisation has breached data protection legislation. And, once an organisation has been found guilty by the ICO, you can use that information to support a data protection compensation claim.

However, what many people don’t understand is that they can proceed with a data breach compensation claim even if the ICO has not investigated a breach, or found an organisation guilty of negligence.

This is important because, following the introduction of the GDPR (the latest EU-wide data protection legislation), the ICO is going to be busier than ever.

Data protection under the GDPR

Under the new rules, organisations have a greater responsibility towards protecting our data than ever before. And, experts predict that this could lead to an increase in data breach complaints. So the burden on the ICO is going to make it difficult for its officers to investigate every complaint as quickly as you might hope.

In fact, even before the legislation came into play last month, the ICO tweeted: “Sorry, we are extremely busy in the run up to GDPR & are experiencing unprecedented demand across all our services”. And, over the last few weeks, the ICO has also apologised for the “considerable” wait time on its helpline due to “high demand for our services”.

Making matters worse, according to reports, the ICO has only collected half of the data breach fines it has issued since 2010. Often because it doesn’t have the power it needs to enforce payment. So often these organisations are going unpunished for their failures.

So, what can you do if an organisation has failed to protect your data, but you don’t have the weight of the ICO behind you?

Making a private data breach compensation claim

You can make a compensation claim against a company without going to the ICO. When you make a private complaint, your case goes before a judge in a civil trial to seek recovery of any losses and the payment of compensation. Often these cases are settled out of court. Proceedings can be started quickly, without the uncertainty associated with whether the ICO will investigate the incident.

What’s more, even if you have already contacted the ICO about a potential breach, Hayes Connor Solicitors can still investigate your claim. We will work with the ICO to gather as much evidence as possible to help you succeed. But, where we don’t feel things are moving fast enough, or where we don’t agree with the findings of the ICO, we can still help you to pursue a private claim.

While each case will be judged on its merits, as experienced data breach lawyers, we can advise you on what you can include in your compensation claim and your chances of success. In most cases, the minimum level of damages to be sought at settlement stage would be between £750 and £1,000.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

make a data breach claim
, ,

Can you make a data breach claim against the British and Foreign Bible Society?

This month, the British and Foreign Bible Society was fined £100,000 for failing to protect the personal data of 417,000 of its supporters. Following an investigation by the Information Commissioner’s Office (ICO), it was revealed that the Society exposed these supporters to possible financial or identity fraud.

While the Society was a victim of a cyber-attack, this does not negate the fact that it failed to take appropriate steps to protect the personal data it was entrusted with.

With data breaches often causing significant distress for those affected, victims of the British and Foreign Bible Society data breach may now want to claim compensation.

What happened in this case?

Between November and December 2016, criminals exploited the weakness of the Society’s computer network – which used an easy-to-guess password – to access the personal data of its supporters.

Using ransomware to encrypt almost one million files, the data compromised included names and contact details, as well as payment card and bank account details for some. Fortunately for the Society, the data had recently been backed up, so it could not be held to ransom. But, many of the files were transferred, copied and extracted by the attacker.

What was the result of the investigation?

During its investigation, the ICO found that supporter details were kept on an insufficiently secured internal network which offered inappropriate remote access rights.

Commenting on the case, Steve Eckersley head of enforcement at the ICO said:

“The Bible Society failed to protect a significant amount of personal data and exposed its supporters to possible financial or identity fraud.

 “Our investigation determined that it is likely that the religious belief of the 417,000 supporters could be inferred, and the distress this kind of breach can cause cannot be underestimated.

 “Cyber-attacks will happen, that’s just a fact, and we fully accept that they are a criminal act. But organisations need to have strong security measures in place to make it as difficult as possible for intruders.”

The British and Foreign Bible Society was fined £100,000 for breaching data protection legislation.

What can you do?

Today, many people choose to donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data. Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often such organisations are insured against such data breaches, so you don’t have to worry about the impact of the good work you support.

In this case, the ICO found that the Society’s failure was likely to cause substantial damage or distress to those supporters who had their data stolen.

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The Society has notified victims who have had their payment details stolen, but it is not clear if those who had other personal data put at risk were informed. However, modern cybercriminals are increasingly sophisticated and such information can be used to carry out identity theft and fraud, so it is vital you are told.

What’s more, it doesn’t matter if criminals haven’t used your data. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. If you are not sure if your information was compromised, we can find this out for you. We can also help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A DATA BREACH CLAIM COMPLETE OUR CONTACT FORM.

 

 

data breach solicitors
, ,

Can you make a data breach claim against the Carphone Warehouse?

Earlier this year, the Carphone Warehouse was fined a whopping £400,000 following a cyber-attack. The assault on the company’s computer systems compromised customer and employee data and uncovered severe failures in Carphone Warehouse’s data security systems.

The data protection breach put the personal data of over three million customers and 1,000 employees at risk. Including the historical payment card details for some 18,000 customers.

The £400,000 fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO).

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse should now be looking to claim compensation.

What happened in the Carphone Warehouse data breach case?

In 2015, a Carphone Warehouse computer system fell victim to a cyber-attack. The data breach affected the company’s online division which operated the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites.

The attack took place after the assailant made a scan of the system using a commonplace penetration tool. The tool looked for things such as outdated software and other vulnerabilities. Uncovering that such weaknesses did exist with a WordPress website, the scammer exploited this to access the system, and the customer and employee data.

While Carphone Warehouse did have processes in place to monitor cyber threats, staff were not alerted to the attack until 15 days after the system was first compromised. This timelapse further highlighted the lack of adequate security measures in place at the company. In fact, according to the ICO, the “number of distinct and significant inadequacies in the security arrangements for the System is striking”.

What was the result of the investigation?

In its judgement, the ICO found that the Carphone Warehouse data breach significantly affected the privacy of those involved. It also said that if the data was misused, it was likely to cause substantial damage or distress.

“The real victims are customers and employees whose information was open to abuse by the malicious actions of the intruder.

“The law says it is the company’s responsibility to protect customer and employee personal information.

“Outsiders should not be getting to such systems in the first place. Having an effective layered security system will help to mitigate any attack – systems can’t be exploited if intruders can’t get in.

“There will always be attempts to breach organisations’ systems and cyber-attacks are becoming more frequent as adversaries become more determined.

“But companies and public bodies need to take serious steps to protect systems, and most importantly, customers and employees”.

In failing to do this, the ICO found that the severity of the Carphone Warehouse data breach merited a £400,000 fine.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.