Posts

data breach solicitors
,

Morrisons loses data breach challenge

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

 

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

Today, the Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

Why is this case so important?

In 2015 – in the first group litigation of its kind in the UK – over 5,000 people brought a claim against Morrisons under the Data Protection Act 1988, for misuse of private information and breach of confidence.

In December 2017, despite acknowledging that Morrisons had taken all the appropriate steps to prevent a breach, the High Court found that the company was liable for its omissions such as not ensuring the proper security measures to protect the data.

The judge in the original case also ruled that Morrisons was “vicariously liable” for the employee’s actions. In a workplace context, an employer can be vicarious liability for the actions of its employees, as long as it can be shown that they took place in the course of their employment.

The decision to hold Morrisons vicariously liable is important, as it gives victims more opportunities to seek compensation (companies are more likely to be insured against such liability than employees).

The case also paved the way for those affected by data breaches to claim damages for distress, even if they have not suffered any financial loss.

 

Morrisons has now said that it will now appeal to the Supreme Court. If that appeal fails, those affected will be able to claim compensation for “upset and distress”.

The latest decision is good news for people who want to hold businesses to account for a failure to protect personal and sensitive data.

The judgement has been referred to as a “wake-up call for businesses” and Morrisons could now face a hefty compensation bill.

 

nhs digital data breach
,

Can you make a NHS data breach claim?

Last month it was revealed that 150,000 patients had their confidential data used without their consent. This NHS data breach was the result of GP practices using software that failed to prevent information being used for research purposes despite patients objecting.

This shocking error is a breach of the Data Protection Act and those affected are within their rights to start a claim for compensation. Any patients affected will have received a letter from NHS Digital.

However, this isn’t the only time our health service has failed to protect the people it is supposed to. In fact, earlier this year we reported on another NHS data breach, after it was revealed that the Bayswater Medical Centre left sensitive patient records, registration forms and repeat prescription information in an empty and unsecured building for over a year.

In this case, the Information Commissioner’s Office (ICO) fined the healthcare provider £35,000 for its negligence. And, with medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre should also be looking to claim compensation.

NHS data breaches are on the rise

Across the UK, our healthcare is rapidly going online. And, this is a good thing when it comes to providing services that are fit for purpose in our digital age. However, as the online information revolution sees our medical organisations move away from paper record keeping, it is vital that there are adequate and robust protections in place.

However, over the last few years, healthcare and the NHS has proved a profitable target for hackers, leading to a rise in medical data breaches. So much so that one in 13 patients will have their records stolen after a healthcare provider data breach.

The healthcare industry is one of the most vulnerable to cyber-attacks as two high profile data breaches highlight.

  • In March 2017, an IT system widely used by GPs allowed access to patient records by anyone using the same platform. This meant that the sensitive and confidential records of 26 million patients could be viewed by thousands of receptionists, clerical staff and pharmacists, even if they had no medical reason to review them
  • In May 2017, the WannaCry ransomware attack severely disrupted NHS operations, leading to cancelled appointments, diverted patients and suspended A&E services.

You can see a list of other NHS data breaches on the ICO website.

How do you make a NHS data breach compensation claim?

At Hayes Connor, we can help you make claims against a wide range of healthcare organisations already fined by the ICO. We can also keep you updated on upcoming and current healthcare data breach claim investigations.

We can make medical data breach claims against:

  • GPs
  • Pharmacies
  • Hospitals/NHS Trusts
  • Dentists
  • Opticians
  • Individual healthcare staff
  • Private health companies.

To claim compensation in a medical data breach case, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm, as well as anguish and anxiety. In fact, if you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful NHS data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

data breach compensation
,

Hayes Connor Solicitors launches group action following Equifax data hack investigation

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation.

Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

What happened in this case?

The fine follows a 2017 cybersecurity incident which led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent. Following the data breach, it was revealed that Equifax’s failure to patch a server flaw resulted in hackers potentially stealing 143 million US citizens’ data, and the personal details of up to 15 million Brits. This sensitive information included email addresses, passwords, driving license numbers and phone numbers.

Furthermore, while Equifax originally said that no UK passwords or financial information were stolen in the hack, it has since admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

The ICO investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

Information commissioner Elizabeth Denham said Equifax showed a “serious disregard” for its customers and their personal information.

Why should you join the Equifax group action?

The sheer scale of the Equifax data breach means that millions of people across the UK are now at an increased risk of theft and identity fraud. So we welcome the news that the ICO is holding Equifax to account.

However, while fines are an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

What can you claim compensation for?

Many Equifax customers have had their financial information stolen, and that can be devastating if it gets used by cybercriminals to carry out fraud or theft. But, in addition to this, much of the data stolen from Equifax is considered to be personally identifiable information. This means that the data can be used to identify a specific individual, and be manipulated to undertake identity fraud.

We should all be very worried about what could happen if our personal data gets into the wrong hands. With enough information, cybercriminals can steal our identities, apply for credit in our name, set up fraudulent bank accounts and access our existing accounts. So, it is understandable that victims would want to seek compensation for Equifax’s failure to look after their information correctly, and the best way to do this is through a group action case.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

What is a group action?

A group action allows people with the same type of claim to bring it together on a collective basis. Doing this strengthens their overall position and increases their chances of settlement or success at Court. What’s more, with a group action, claimants often share the legal fees. So, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

How to join the Equifax group action

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by our firm. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is also providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if someone is awarded £1,500, they will get all of the compensation. There are no solicitor’s fees win or lose.

If you have been affected and want to join the group action, you can register your details here.

,

Data protection complaints increase leading to possible rise of GDPR breach compensation

According to the Information Commissioner’s Office (ICO) – the watchdog responsible for regulating data protection laws in the UK – the number of reported data protection complaints has almost doubled since April this year. If the regulator upholds these complaints, there could be a corresponding rise in GDPR breach compensation claims.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.  This saw more robust data protection laws come into force. GDPR is the most significant change to data privacy regulations in over two decades. The new rules are designed to:

  • Boost the rights of individuals by giving them more control over their information
  • Put more limitations and responsibilities on how organisations can handle personal data
  • Make data protection (including data breaches) more transparent.

The GDPR also saw the introduction of tough penalties for data breaches. In fact, companies who fail to put adequate data protection processes in place and subsequently suffer a breach could face fines of up to €20,000,000 or 4% of their total global annual turnover for the last financial year.

While the ICO does not award GDPR breach compensation to victims, if a company is found guilty of a data violation this can strengthen an individual’s claim.

According to the ICO:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

The stats exclude the health sector.

The figures indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months. For example, at Hayes Connor Solicitors we are currently pursuing cases against:

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

If you have been affected by any of these cases, or if you want to make a GDPR breach compensation claim against another organisation, let us know.

Making a GDPR breach compensation claim

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

You can make a GDPR breach compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your GDPR breach compensation claim, quickly and easily.

Our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.

CONTACT US AND START YOUR GDPR breach compensation CLAIM TODAY

British Airways breach caused by the same hackers as Ticketmaster
, , ,

British Airways data breach caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent British Airways data breach. The group has been very active in the past three years. It is also thought to be behind the Ticketmaster data hack.

Earlier this year we reported that cybersecurity analysts RiskIQ believed that the Ticketmaster data theft was part of a larger credit card scheme.

A new report by RisqIQ states that there are clues linking the same operation to the British Airways breach. The company said the code found on the British Airways site was very similar. However, the code was modified to suit the way the airline’s website had been designed.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”.

If the British Airways data breach was carried out by the same group, the threat to consumers could be much worse than thought. RisqIQ has said that it looked like the group behind the attack had decided to target specific brands, and that more breaches of a similar nature were likely.

What should you do about the British Airways data breach?

Regardless of who was behind the attack, British Airways was responsible for keeping your data safe, and this is something it has failed to do.

The British Airways data breach has compromised payment details and personal data. This information that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. British Airways has said that it has informed those involved, so if you have received this email let us know.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

To join our British Airways data breach group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

REGISTER NOW

Data breach
,

Can you make a data breach claim against Gloucestershire Police?

Following a worrying data breach scandal, Gloucestershire Police has been fined £80,000 for sending a bulk email that identified victims of historical child abuse.

Commenting on the breach, Steve Eckersley, Head of Enforcement at the Information Commissioner’s Office (ICO) said: “This was a serious breach of the data protection laws and one which was likely to cause substantial distress to vulnerable victims of abuse, many of whom were also legally entitled to lifelong anonymity”.

As such, those affected should now be looking to claim compensation.

 What happened in this case?

 A police officer involved in a non-recent sex abuse investigation sent an update on the case to 56 people. These people included victims, witnesses, journalists and lawyers. However, the officer carelessly made all the email addresses viewable by all recipients.

Gloucestershire Police realised the mistake two days after it happened in December 2016. But while it successfully recalled three emails (and one email was undeliverable), 56 full names and emails were visible by to up to 52 people. The email also referenced schools and social services that were being investigated following the allegations of abuse.

On realising its error, the force reported it to the ICO and sent an apology to all recipients. However, this remains a “serious breach” of data protection laws.

What was the result of the investigation?

An investigation by the ICO into the breach found that adequate security processes were not put in place to prevent such errors from occurring. For example, the “bcc” (blind carbon copy) function, which can be used to keep addresses private when sending bulk emails was not automatically selectable on the system. In addition, Gloucestershire Police failed to provide staff with adequate (or any) training, guidance or policies on bulk email communication and the importance of keeping private and sensitive information safe.

The ICO spokesperson added: “The risks relating to the sending of bulk emails are long established and well known, so there was no excuse for the force to break the law – especially when such sensitive and confidential information was involved.”

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Gloucestershire Police is particularly worrying as those involved were likely to suffer significant distress knowing that they could be identified as victims of child abuse. The investigation also concluded that many of these victims were suffering from the lifelong consequences of this abuse, and were already vulnerable. As such, the failure to protect their privacy is likely to cause considerable emotional anguish.

To make matters worse, despite the findings by the ICO, and while Gloucestershire Police has since apologised for the mistake, it has failed to accept full responsibility. In fact, the force has said that it is disappointed by the decision and is considering an appeal.

While human error does happen, Gloucestershire Police simply did not make sure that appropriate procedures and training was in place to avoid such a breach from occurring. So it must be held to account.

If you are one of those affected and are concerned that your data was treated negligently, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM

data hack
, ,

Should you accept data breach compensation from British Airways?

Over the last few days, it has been revealed that almost 400,000 British Airways customers have had their credit/bank card details stolen. The “sophisticated, malicious criminal attack” is thought to be one of the most serious cyber-attacks in UK history.

In response, British Airways has contacted those customers affected and has said that it will be discussing data breach compensation claims on an ‘individual basis’. However, it is not up to British Airways to dictate the terms of any compensation payments.

Instead, at Hayes Connor Solicitors we would ask anyone affected by the breach to consider the following if they want to achieve the maximum data breach compensation possible following the British Airways data hack.

  1. It appears that British Airways has made this data breach worse than it needed to be

While the British Airways data hack started over two weeks ago, it took the airline until Wednesday night to alert its customers. We believe that this is a severe failure by British Airways.

British Airways has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals. So, in addition to any failure in its IT systems (failures that allowed the hackers to gain access to your data), we also believe this delay in reporting should be considered in any compensation claim.

  1. You deserve compensation even if you haven’t lost money

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual.

If this data gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

We want to make sure that anyone affected by the data breach understands that they can claim compensation for a failure to look after their data – and how much they could be entitled to – even if they haven’t suffered financially.

  1. British Airways might try to fob you off with a low offer

At Hayes Connor Solicitors, we are experts in data breach cases. And, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law.

That’s why it’s important not to be fobbed off by a low initial offer from British Airways. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Find out more about the benefits of using an expert data protection lawyer.

  1. You can claim compensation for distress

It doesn’t matter if you haven’t lost out financially as a result of the British Airways data hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information and bank details you would be distressed. So why should you feel any less upset at having your online data taken; particularly when British Airways may have given the burglar the keys?

If the British Airways data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation. And, at Hayes Conner Solicitors, we know exactly how much compensation you could get.

  1. A group action could strengthen your chances of success

Where lots of people have been affected in a similar way, group actions can be a powerful tool and can have a bigger impact than a single claim.

Find out more about making a group action claim.

We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the British Airways data breach.

To join this group action, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

cybercrime
, , ,

BA customers victims of huge data breach with cybercriminals stealing bank card details

Almost 400,000 British Airways customers have had their bank card details stolen in what is reported to be one of the most severe cyber-attacks in UK history.

Worryingly, while the huge data breach started over two weeks ago, it was only detected by the airline on Wednesday night. At that time BA told its customers about the breach and reported the incident to the police.

However, with 12 days between the BA data breach occurring and the incident being detected, questions are now being asked as to whether poor systems have made this cyber-attack worse.

All 380,000 customers who booked flights online or via the BA app during that time using a debit or credit card are affected.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are now considering launching a group action to compensate victims of the BA data breach.

What happened in the BA data breach?

Hackers carried out a “sophisticated, malicious criminal attack” on the BA website. BA has confirmed that the personal and financial details of customers making bookings had been compromised. In total, about 380,000 transactions were affected.

Along with the financial info stolen, it appears that the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data or financial information following the BA data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

If you have been affected by this BA data breach, please contact your bank or credit card provider immediately.

BA has admitted that the hackers spent more than two weeks accessing data online. This increases the risk to passengers substantially. There are also fears that customers’ details will be sold on the dark web to cybercriminals.

What has BA done about the data breach?

BA has notified the police and relevant authorities. The National Crime Agency has also been brought in to investigate this case.

The airline has also issued an email to affected customers stating that:

“From 22:58 BST 21 August 2018 until 21:45 BST 5 September 2018 inclusive, the personal and financial details of customers making or changing bookings at ba.com, and on our app were compromised. The stolen data did not include travel or passport information.

 “The breach has been resolved and our website is working normally.

 “We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice.

 “We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.

 “Further information can be found at ba.com.”

Is BA offering compensation for the data breach?

British Airways customers have rightly vented their fury at the airline, especially as it long it took them so long to notice that they had been attacked.

Customers have also taken to social media to raise concerns about how secure BA’s IT security processes are. And they are right to do so. Just because BA was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

The airline has said that compensation claims will be discussed on an ‘individual basis’. However, it is not up to BA to dictate the terms of any compensation payments.

At Hayes Connor Solicitors, we are experts in data breach cases, and, once you have registered with us, it’s not uncommon that we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why it’s important not to be fobbed off by a low initial offer from BA. Instead, by making a no-win, no-fee claim with us, we can increase the amount of compensation you receive substantially.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

What can you do about the BA data breach?

With investigations now underway into the data breach, if BA is found responsible for this appalling data protection failure, the airline will no doubt have to pay a hefty fine. But, while the Information Commissioner’s Office does issue fines, it does not award data breach compensation. At Hayes Connor Solicitors, our data breach solicitors can help you with that.

We have already been contacted by many British Airway customers who are worried that their personal and financial data was not looked after as carefully as it should have been.

In response, we are preparing a group action compensation claim for everyone who has had their data accessed in the BA data breach if it is found that BA have failed to adequately protect that data.

To preserve your ability to claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000 in compensation.

REGISTER NOW

data compensation
,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW

data breach compensation
,

Can you afford to use a solicitor for your data breach claim?

When it became clear that people across the UK were mis-sold PPI, often to the tune of thousands of pounds, there was a surge of new claims management companies on the scene. All promising to help consumers get back what they were due.

But, all too often, these companies were more concerned about making fast cash than helping victims. With assurances of no up-front fees turning into extortionate commission rates that left people short-changed.

Fast forward to today, and it seems like its data breach claims that are now rarely out of the news. But, as we start to talk about holding companies to account for any breach of trust when it comes to our valuable information, so do comparisons with PPI claims.

And, it is not hard to see why. It is possible that high-profile data breaches could be seen as a way to make a profit by unscrupulous claims management “factories”.  So it’s vital that you are aware of what is at stake and the options available to you.

Don’t let them get away with it!

Organisations must be held to account for their failure to protect our personal data. The sheer scale of the information we share on online is enough to leave victims open to the threat of fraud.

For example, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And we should all be very worried about what could happen if this gets into the wrong hands.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.

Should you do it yourself?

You can make a data breach claim on your own. What’s more, if you go ahead and no settlement is reached, you can even represent yourself in court. In fact, the number of people doing this over recent years has increased.

The legal term for representing yourself this way is called ‘litigating in person’ (LiP). However, while there has been a rise in the number of people doing this, this is often because they don’t think they have any choice due to a lack of alternative funding options.

The benefits of using an expert data protection lawyer

At Hayes Connor, we believe that the best way to make big companies pay for their failures is to use a specialist lawyer. Of course you would expect us to say that – but let us explain why.

Firstly we have the legal expertise needed to take on big players such as Ticketmaster and Equifax. And, where enough people come forward, we might even launch a group action against a company.

We believe that a group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team will get the results you deserve.

Can you afford to use a data breach claims lawyer?

We deal with all breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

To cover our costs, if we win your claim, we will charge a success fee. This is capped at 25% of any compensation you receive. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

In some group actions, we expect to be paid by the offending party and might even be able to work at no charge to you. This means, when you win, unlike with a claims management company, you could receive 100% of the compensation awarded to you.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession, and this could ultimately see you lose out financially as a result.

Why appoint Hayes Connor Solicitors?

Leading our field when it comes to understanding this often complex area of law, we provide clear and comprehensive advice and legal support to ensure the best possible result for you.

Unlike those unscrupulous claims management companies we only ever get in touch with people who have asked us to, which means we NEVER cold call, send spam texts, spam emails, or engage in any other form of nuisance marketing.

What’s more, at Hayes Connor we understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. So, our process is fully compliant with the latest guidance, and we never put your details at risk.

FIND OUT MORE ABOUT MAKING A DATA BREACH CLAIM