Posts

data breach
,

Charity data breaches double over past two years

According to figures obtained from the Information Commissioners’ Office (ICO), the number of reported data breaches from charities has doubled. In 2017/18 there were 148 data security incidents referred to ICO by charitable and voluntary organisations. That’s a 100% increase over two years.

The rise in charity data breaches reflects a growing trend across all sectors. In fact, over the past two years, general business has seen a 215% increase and education and childcare organisations a 142% rise. On average, the number of reports across all sectors has grown by 75%.

The figures were obtained by risk management firm Kroll via a Freedom of Information Act request.

The General Data Protection Regulation (GDPR), which requires organisations to report data breaches is thought to be a key factor in the increase of reports. And it is likely that we will continue to see a dramatic increase in data breach accounts now that self-reporting is mandatory.

A Kroll spokesperson said: “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK”.

Charity data breaches in the spotlight

Earlier this month it was revealed that a review of eight charities by the ICO uncovered many concerns around data monitoring, reporting and training. As the charities involved voluntarily took part in the ICO risk review, they have not been named.

In addition, earlier this year the British and Foreign Bible Society was fined £100,000 for failing to protect the personal data of 417,000 of its supporters. Following an investigation by the Information Commissioner’s Office (ICO), it was revealed that the Society exposed these supporters to possible financial or identity fraud.

With data breaches often causing significant distress for those affected, victims of the British and Foreign Bible Society data breach may now want to claim compensation. Find out more about this case.

Making a charity data breach claim

Many people donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data.

Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often charities and organisations are insured against data breaches, so you don’t have to worry about the impact of the good work you support.

What’s more, it doesn’t matter if criminals haven’t used your data. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

If you are worried that a charity has put your data at risk in any way, find out more about making a data breach compensation claim, or contact us today for a free initial assessment.

 

data protection
,

Massive NHS data breach. Are you affected?

According to damming new research by a leading think tank, the NHS saw nearly 10,000 documents either stolen or missing last year. The massive data breach affects 68 hospitals.

According to the findings:

  • University Hospital Birmingham was the worst affected with 3,179 missing documents
  • Bolton NHS Trust suffered a significant data breach with 2,163 documents lost
  • University Hospital Bristol also lost 1,105 records
  • Royal Devon and Exeter NHS Foundation Trust revealed that 425 of its records had been lost or stolen.

The information was collated via a Freedom of Information request pertaining to lost and/or stolen patient records. You can read the report in full here.

Reasons for the data breaches are said to include outdated and insecure methods of documentation, and cheap vulnerable means of recording. For example, 94% of NHS Trusts still use handwritten notes for patient record keeping and encrypted platforms are not thought to be widely used.

In June this year, we revealed that 150,000 patients have had their confidential data used without consent in another major NHS data breach. In this case, confidential personal data, given on the basis that it was to be used to provide medical care, was exploited for clinical audit and research purposes by the NHS, without the consent of patients. We have also looked at how healthcare accounts for nearly half of all data breaches.

In addition to human error the health service remains a top target for hackers. For example, one of the largest and most infamous cyberattacks on the NHS was the WannaCry attack in 2017.

So, with identity fraud and sales of patient records on the dark web on the rise, it is vital that the NHS does more to protect our sensitive information.

Have you been affected by the latest NHS data breach?

If you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful medical data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

Start a claim for compensation

DATA BREACH
, ,

Human error rather than cybercrime biggest cause of self-reported data protection breaches

Human error rather than cybercrime biggest cause of self-reported data protection breaches

According to the Information Commissioner’s Office (ICO), the number of reported data protection breaches has almost doubled since April this year.

The increase has happened since the introduction of the General Data Protection Regulation (GDPR) on May 25th. Under the GDPR the self-reporting of data breaches is now mandatory. As such, we can expect to see this increase in data breach reporting to continue to rise.

However, despite fears about cybercrime, human error is seven times more likely to cause data protection breaches than hackers.

According to data released under the Freedom of Information Act, out of 2,124 self-reported data breaches in 2017-18, fewer than 300 were because of cybercrime.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email
  • Unencrypted devices being lost or stolen

Worryingly, while cybercrime is not responsible for most data protection breaches, reported cybersecurity incidents have increased by 31% over the same period. Of these attacks, malware, phishing and ransomware were the most common culprits.

Which sectors report the most data protection breaches?

The sectors most affected by data protection breaches are:

  • Healthcare with 1,214 data breach reports (this sector was already subject to self-reporting before the GDPR)
  • General business with 362 data breach reports
  • Education and childcare with 354 data breach reports
  • Local government with 328 data breach reports.

In total, taking into account self-reported breaches and complaints from elsewhere, the ICO received a staggering 21,019 data protection concerns in 2017/18.

What can you do if you are the victim of a data protection breach?

The ICO can impose hefty fines on organisations that don’t meet their obligations under the Data Protection Act. The biggest fine it has issued so far is for £400,000, but that was made before the new GDPR rules. However, the ICO does not award compensation to victims.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. If you are not sure whether your information has been misused or mishandled, we can find this out for you.

If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your claim, quickly and easily. So you can be sure of receiving your compensation in the shortest possible time.

We can help you to claim compensation for data protection breaches, data leaks, human rights breaches, and the misuse of personal information.

At Hayes Connor Solicitors, we understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. That’s why we remove the jargon from the process and make sure you always know what’s happening with your case. Of course, it goes without saying that our process is fully compliant with ICO guidance and we never put your details at risk.

START A DATA BREACH CLAIM

hayes connor solicitors
,

Claiming compensation for distress following a data breach

At Hayes Connor Solicitors, we have launched compensation claims against a number of high-profile companies that have failed to keep your personal data safe. We believe that these companies must be held to account for their failure to protect your information.

The General Data Protection Regulation (GDPR) places strict obligations on businesses to keep our data safe. And you could be entitled to compensation if an organisation fails to meet these. But did you know that you can also claim for GDPR distress as well as financial losses?

What the law says

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure. However, in order to be entitled to compensation for GDPR distress you must show that you have suffered emotionally because of the breach.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private letters you would be distressed. So why should you feel any less upset at having your online data taken; particularly when these companies gave the burglar the keys?

Why shouldn’t you seek compensation for a failure to look after your information correctly?

The emotional impact of data breaches

Some people would have us believe that claiming for GDPR distress is an overreaction. That your psychological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information stolen.

But according to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

The sheer scale of the information we share online is enough to leave victims open to the threat of fraud. For example, with enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

So we should all be very worried about what could happen if our data gets into the wrong hands.

What’s more, being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to “get over it” isn’t helpful.

Crucially, the law understands the damage that can be caused by worry and upset. So you are 100% within your rights to make a compensation claim.

Claiming for GDPR distress following a data breach

At Hayes Connor Solicitors, we are committed to helping those affected by data breaches and cybercrime. And, we believe that the best way to make big companies pay for their failures is to use an expert lawyer to make a data breach compensation claim.

In addition, we also work with, and refer our clients to, other organisations and partners such as Victim Support. The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents, last year Victim Support offered help to nearly a million victims of crime across the UK.

If you need assistance after a data breach, there are many resources on the Victim Support website to help you cope.

Don’t let them get away with it!

Something has to be done to make companies accountable for not looking after our information correctly. Claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

If you want more help or advice about making a claim then contact us today

data breach appeal
, ,

Morrisons loses data breach appeal

Supermarket Morrisons has lost its appeal following a breach at the company which resulted in thousands of its employees’ details being posted online. The case is the first data leak group action in the UK.

In December 2017, in a landmark ruling, the High Court found Morrisons supermarket group liable for a mass data breach caused by the criminal actions of a rogue employee. However, Morrisons went on to challenge this decision.

The employee stole data from nearly 100,000 staff. This included names, addresses, salary and bank details. The information was then posted online and sent to newspapers. The media did not publish the data and Morrisons was informed of the breach. The employee was subsequently jailed for eight years.

The Court of Appeal upheld the original decision against the supermarket with three judges saying they agreed with the High Court’s earlier decision.

 

Where Next

Over the last 18 months, we have seen numerous examples of significant personal data loss. Many of these violations have been able to occur due to weaknesses contained in companies’ IT software.

As the trend towards a cashless society accelerates, this will only continue as retailers and other businesses seek quicker and slicker interfaces with their consumers. Both at the point of sale and throughout their customer journey.

In the case of Morrisons, significant steps were taken to protect data, but those steps failed. In this instance, the data was lost at the hands of an employee turned hacker. However, data is also at threat simply due to careless employees going about their day-to-day business.

The latest ruling is the tip of a very large iceberg. Mass data breach actions are also being made against Ticketmaster and British Airways among others. Such actions, when properly prepared and investigated, will have significant financial consequences in terms of damages and costs.

Data breaches on a large scale are a real and pressing threat. In response, the clear and overwhelming view of the Court of Appeal is that such events must be foreseen by companies, and insured against.

The reaction of the insurers to such events, their provision of cyber cover and premium costs is now under the spotlight. Indeed, we predict a situation where the volume of exclusions to policies will increase.

Companies must now protect themselves better from data loss. But they also need to be extremely vigilant as to the activities and errors of their employees to be afforded the cover they pay for, or think they pay for.

 

If you have been affected by this or any other data breach then you can get in touch with our experts today

,

Data protection complaints increase leading to possible rise of GDPR breach compensation

According to the Information Commissioner’s Office (ICO) – the watchdog responsible for regulating data protection laws in the UK – the number of reported data protection complaints has almost doubled since April this year. If the regulator upholds these complaints, there could be a corresponding rise in GDPR breach compensation claims.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.  This saw more robust data protection laws come into force. GDPR is the most significant change to data privacy regulations in over two decades. The new rules are designed to:

  • Boost the rights of individuals by giving them more control over their information
  • Put more limitations and responsibilities on how organisations can handle personal data
  • Make data protection (including data breaches) more transparent.

The GDPR also saw the introduction of tough penalties for data breaches. In fact, companies who fail to put adequate data protection processes in place and subsequently suffer a breach could face fines of up to €20,000,000 or 4% of their total global annual turnover for the last financial year.

While the ICO does not award GDPR breach compensation to victims, if a company is found guilty of a data violation this can strengthen an individual’s claim.

According to the ICO:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

The stats exclude the health sector.

The figures indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months. For example, at Hayes Connor Solicitors we are currently pursuing cases against:

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

If you have been affected by any of these cases, or if you want to make a GDPR breach compensation claim against another organisation, let us know.

Making a GDPR breach compensation claim

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

You can make a GDPR breach compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your GDPR breach compensation claim, quickly and easily.

Our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.

CONTACT US AND START YOUR GDPR breach compensation CLAIM TODAY

data breach compensation
,

Can you afford to use a solicitor for your data breach claim?

When it became clear that people across the UK were mis-sold PPI, often to the tune of thousands of pounds, there was a surge of new claims management companies on the scene. All promising to help consumers get back what they were due.

But, all too often, these companies were more concerned about making fast cash than helping victims. With assurances of no up-front fees turning into extortionate commission rates that left people short-changed.

Fast forward to today, and it seems like its data breach claims that are now rarely out of the news. But, as we start to talk about holding companies to account for any breach of trust when it comes to our valuable information, so do comparisons with PPI claims.

And, it is not hard to see why. It is possible that high-profile data breaches could be seen as a way to make a profit by unscrupulous claims management “factories”.  So it’s vital that you are aware of what is at stake and the options available to you.

Don’t let them get away with it!

Organisations must be held to account for their failure to protect our personal data. The sheer scale of the information we share on online is enough to leave victims open to the threat of fraud.

For example, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And we should all be very worried about what could happen if this gets into the wrong hands.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.

Should you do it yourself?

You can make a data breach claim on your own. What’s more, if you go ahead and no settlement is reached, you can even represent yourself in court. In fact, the number of people doing this over recent years has increased.

The legal term for representing yourself this way is called ‘litigating in person’ (LiP). However, while there has been a rise in the number of people doing this, this is often because they don’t think they have any choice due to a lack of alternative funding options.

The benefits of using an expert data protection lawyer

At Hayes Connor, we believe that the best way to make big companies pay for their failures is to use a specialist lawyer. Of course you would expect us to say that – but let us explain why.

Firstly we have the legal expertise needed to take on big players such as Ticketmaster and Equifax. And, where enough people come forward, we might even launch a group action against a company.

We believe that a group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team will get the results you deserve.

Can you afford to use a data breach claims lawyer?

We deal with all breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

To cover our costs, if we win your claim, we will charge a success fee. This is capped at 25% of any compensation you receive. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

In some group actions, we expect to be paid by the offending party and might even be able to work at no charge to you. This means, when you win, unlike with a claims management company, you could receive 100% of the compensation awarded to you.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession, and this could ultimately see you lose out financially as a result.

Why appoint Hayes Connor Solicitors?

Leading our field when it comes to understanding this often complex area of law, we provide clear and comprehensive advice and legal support to ensure the best possible result for you.

Unlike those unscrupulous claims management companies we only ever get in touch with people who have asked us to, which means we NEVER cold call, send spam texts, spam emails, or engage in any other form of nuisance marketing.

What’s more, at Hayes Connor we understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. So, our process is fully compliant with the latest guidance, and we never put your details at risk.

FIND OUT MORE ABOUT MAKING A DATA BREACH CLAIM

data breach lawyers
,

Ticketmaster to close resale site Get Me In. Can you still make a data breach claim?

The Ticketmaster data breach saw cybercriminals get away with the personal and financial information of thousands of people in the UK. As well as the main Ticketmaster site, the data hack also affected, TicketWeb and the resale website Get Me In.

Following the breach, Ticketmaster is now closing its secondary ticketing websites Seatwave and Get Me In, in a bid to combat touts. However, if you used Get Me In and were affected by the data breach, you can still make a compensation claim against the company.

The Information Commissioners Office (ICO) has already made it clear that it does not approve of companies closing to evade data breach inquiries. Earlier this year, and following the announcement that controversial data analytics firm Cambridge Analytica was to shut down, the ICO said that: “investigations cannot be impeded by the closure of these companies.”

In this case, there is no evidence that this is why Get Me In is closing. In fact, according to Ticketmaster: “We know that fans are tired of seeing others snap up tickets just to resell for a profit on secondary websites, so we have taken action”.

However, it is vital that Get Me In customers affected by the Ticketmaster data breach know their rights and are not put off making a claim.

What happened in the Ticketmaster data breach case?

Ticketmaster was affected by a substantial data protection breach after cybercriminals hacked the company’s websites. Different customers had different data stolen including financial information (some of which was fraudulently used), email addresses and other personally identifiable information (PII).

Find out more about the different types of data breaches in this case.

Make a Ticketmaster data breach claim

The only way for you to hold Ticketmaster to account is to make a data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

At Hayes Connor Solicitors, we have already been contacted by lots of Ticketmaster customers who are worried that their data was not looked after as carefully as it should have been.

In response, we have now submitted a letter before action (LBA) to Ticketmaster. This LBA lets Ticketmaster know that we plan to start proceedings against them, and that we are very serious about getting our clients the compensation they deserve.

If you want to join our action against Ticketmaster, it is not too late!

To start your compensation claim, you will need you to register with us. To date, our action against Ticketmaster has more than 500 clients, and it is clear that the data breach is extensive. As such, we expect Ticketmaster to take our claim very seriously.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000.

REGISTER NOW