Posts

The Telegraph, 10th February 2020

Hayes Connor featured in The Telegraph following news that Chinese military hackers have been charged with the 2017 Equifax cyber attack. The malicious incident affected 15 million people in the UK with 700,000 of those having sensitive personal data stolen. Hayes Connor filed a claim in the High Court in October 2019 seeking an estimated £100 million compensation for those affected.

Data protection at the forefront in the lead up to general election

Robust cybersecurity is front of stage again as news of two attempted cyber attacks on Labour were exposed.

The party has claimed that no personal data has been breached in what has been described as “large scale and sophisticated” attacks. Read more

GDPR Weekly Show – Episode 62 – 20th October 2019

Hayes Connor featured on this week’s GDPR podcast with news of our client’s successful data breach claim against his local NHS Trust after it shared confidential details from his medical records without consent (listen from 11 minutes, 13 seconds).

The podcast also features news of the team’s landmark representative action against Equifax worth an estimated £100 million (listen from 28 minutes, 14 seconds).

thebusinessdesk.com, 17th October 2019

Kingsley Hayes featured on thebusinessdesk.com with news that Hayes Connor had issued a claim worth an estimated £100,000 million against Equifax in the High Court on behalf of all affected individuals. The landmark legal action is the first time that a law firm has issued a representative data breach claim which could see the Court ordering Equifax to pay compensation to all its affected UK customers to Hayes Connor to distribute accordingly.

Hayes Connor issues landmark £100 million data breach claim against Equifax

North West based data breach and cybersecurity specialist Hayes Connor Solicitors is the first in the UK to serve a representative data breach claim in the High Court. The action could see Equifax ordered to pay up to £100 million in compensation to its estimated 15 million UK customers affected by its 2017 data breach.

The action follows the Court of Appeal’s decision on the Lloyd v Google case on 2nd October which ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire affected population. Read more

Equifax agrees to settle data breach for £561 million
, , ,

Equifax agrees to settle data breach for £561 million

Equifax has agreed to pay up to £561m ($700m) to settle its data breach case in the US. The 2017 incident resulted in hackers stealing the personal data of millions of people. Up to 143 million US citizens and 15 million Brits were affected by the Equifax data breach.

The Federal Trade Commission believes that the credit reference firm failed to take reasonable steps to secure its network. The huge fine is the FTC’s largest data-breach settlement to date.

Find out more about the Equifax data breach.

What has happened in the US case?

According to FTC spokesperson: “Equifax failed to take basic steps that may have prevented the breach.” For example, while Equifax’s security team ordered that systems be patched within 48 hours after being informed of the discovery, the firm failed to check that this was done. As a result, hackers were able to exploit the flaw and steal consumers’ personal details over many months.

The FTC added: “This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

At least $300m of the fine will go towards paying for identity theft services and other related expenses incurred by victims of the data breach. The rest will be used to cover consumer’ losses, to pay state penalties, and to pay a penalty to the Consumer Financial Protection Bureau.

The deal also requires Equifax to boost its cybersecurity systems. As part of the settlement Equifax had agreed to:

  • Carry out an annual audit of security risks
  • Submit to an external assessment every two years
  • Ensure that third-parties with access to personal data also have adequate data protection measures in place.

What has happened in the UK case?

Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) fined Equifax £500,000.

However, because of when this breach happened, the UK investigation was carried out under old data protection legislation rather than the new General Data Protection Regulation (GDPR). As such, the £500,000 fine was the maximum penalty allowed. So, many believe that Equifax got off lightly.

The ICO investigation also revealed multiple failures at the credit reference agency.

Can you claim compensation for the Equifax data breach in the UK?

Hayes Connor Solicitors has launched an Equifax data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big companies like Equifax do more to uphold their obligations and keep people safe.

Equifax sent letters to everyone who had their personal details accessed to let them know that they were affected. To join our group action, you will need to provide evidence that you received notification that your details formed part of this breach.

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you win £1,500, you get all of the compensation. There are no solicitor’s fees – win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Once you register with us, a member of our team will be in touch to explain the next steps.

REGISTER NOW

data breach compensation
,

Hayes Connor Solicitors launches group action following Equifax data hack investigation

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation.

Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

What happened in this case?

The fine follows a 2017 cybersecurity incident which led to the loss of UK customer data held by Equifax Ltd on the servers of its US parent. Following the data breach, it was revealed that Equifax’s failure to patch a server flaw resulted in hackers potentially stealing 143 million US citizens’ data, and the personal details of up to 15 million Brits. This sensitive information included email addresses, passwords, driving license numbers and phone numbers.

Furthermore, while Equifax originally said that no UK passwords or financial information were stolen in the hack, it has since admitted that the passwords and partial credit card details of almost 15,000 UK customers were compromised.

The ICO investigation revealed multiple failures at the credit reference agency. For example, measures which should have been in place to manage the personal data were found to be inadequate and ineffective. Investigators also found significant problems with data retention, IT system patching and audit procedures.

Information commissioner Elizabeth Denham said Equifax showed a “serious disregard” for its customers and their personal information.

Why should you join the Equifax group action?

The sheer scale of the Equifax data breach means that millions of people across the UK are now at an increased risk of theft and identity fraud. So we welcome the news that the ICO is holding Equifax to account.

However, while fines are an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

What can you claim compensation for?

Many Equifax customers have had their financial information stolen, and that can be devastating if it gets used by cybercriminals to carry out fraud or theft. But, in addition to this, much of the data stolen from Equifax is considered to be personally identifiable information. This means that the data can be used to identify a specific individual, and be manipulated to undertake identity fraud.

We should all be very worried about what could happen if our personal data gets into the wrong hands. With enough information, cybercriminals can steal our identities, apply for credit in our name, set up fraudulent bank accounts and access our existing accounts. So, it is understandable that victims would want to seek compensation for Equifax’s failure to look after their information correctly, and the best way to do this is through a group action case.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

What is a group action?

A group action allows people with the same type of claim to bring it together on a collective basis. Doing this strengthens their overall position and increases their chances of settlement or success at Court. What’s more, with a group action, claimants often share the legal fees. So, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis (as in this case).

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

How to join the Equifax group action

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by our firm. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

Hayes Connor Solicitors is also providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if someone is awarded £1,500, they will get all of the compensation. There are no solicitor’s fees win or lose.

If you have been affected and want to join the group action, you can register your details here.

claim against Equifax
, ,

Everything you need to know about making a Group Action Claim against Equifax

In September 2018, Equifax was fined £500,000 by the Information Commissioner’s Office. The ICO’s investigation was carried out under the Data Protection Act 1998 rather than the current General Data Protection Regulation (GDPR), and the £500,000 fine is the maximum allowed under the previous legislation.

The fine came after Equifax’s failure to fix a security flaw in one of its online systems resulted in hackers accessing the personal details of millions of people in the UK and US.

But, while the fine is an essential step in ensuring big businesses like Equifax do more to uphold their obligations and keep people safe, it does very little to help those already affected by the breach. As such, anyone who has suffered following the Equifax cyber-attack should be looking to claim compensation.

But, if you were a victim of the Equifax data breach, how should you go about doing this?

In this short guide, our helpful team of online fraud and data protection solicitors have set out everything you need to know about making a Group Action Claim against Equifax.

Who can make a data breach group action claim against Equifax?

Following the data breach, Equifax sent a letter to those affected, informing them that their data was put at risk. The sensitive information exposed includes email addresses, passwords, driving license numbers and phone numbers. Everyone who has received this letter can claim compensation.

However, since the hack was first uncovered, Equifax has admitted that far more people were put at risk than first thought. This includes:

  • The sensitive details of up to 694,000 Brits
  • The passwords and partial credit card details of 15,000 UK customers
  • The personal data of a further 14 million UK users.

If you are in any way concerned, contact Hayes Connor Solicitors and let us know. We will check if you have had your data breached (if the company has not admitted as much already). Once we have established that your data has been violated – and the extent of this failing – we can start the claims procedure on your behalf. Of course, we’ll only do this with your explicit agreement!

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the Equifax hack. Being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety – in a way that could be diagnosed by a psychologist – then the law agrees that you are entitled to compensation.

Why should you join the group action claim against Equifax?

A group action allows people with the same type of claim to bring it together on a collective basis. Group action claims are becoming far more common in the UK. Here are just some of the reasons why:

  • Strength in numbers. Starting a claim can be frightening, and it’s not unusual for people who have perfectly valid complaints to be put off due to the risks of going up against a large and well-resourced Defendant. Where cases are very similar, group actions can be a powerful tool and can redress the balance
  • Save on legal costs. By joining together, individuals can share the risks and costs of claiming compensation. Legal advice is also shared, so not everyone in the action needs to pay for their own solicitor
  • Help victims with smaller claims. Group actions provide a way for people with more modest cases (that may not justify legal fees) to claim the compensation they deserve. Often, solicitors will agree to take such cases on a no-win no-fee basis
  • You might not have to go to court. Usually, a Test Case is started, and common issues are tried. The result of this case is then used as a precedent for other cases in the action; so every single claim doesn’t have to be taken to court.

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

We believe that a Group Action Claim against Equifax is the best way to seek compensation.

Find out more about group actions.

How much does it cost to join the Equifax group action?

At Hayes Connor Solicitors, we are dealing with all Equifax data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

What’s more, if your claim is successful we expect to be paid by the offending party (Equifax). So, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you are awarded £1,500, you’ll get all of the compensation. There are no solicitor’s fees win or lose.

There are also no hidden charges or other administration fees.

How much compensation can you expect following the Equifax data breach?

We cannot say that you will definitely get compensation, but a group action helps to strengthen your chances. We believe Equifax has breached people’s data and needs to be held responsible by compensating for any losses, distress and inconvenience caused. While each case is different, it is expected that each person will be able to claim up to £2,500 (possibly even more for people who have had their financial data stolen).

What should you do now?

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by the firm. We will keep your details (securely of course) and help you get the compensation you deserve.

Once you have registered with us, it’s important to keep a ‘diary’ or note of events since the hack. This will help us with your case.

For example:

  • Has your card been used without permission?
  • Are there transactions that you bank has picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email with your name on it? If so, create a folder and keep it as this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We have already received an influx of queries from people whose data was put at risk by the credit reference agency. If you were affected, you could be entitled to up to several thousand pounds, so it’s important to act now.

Register your details here.

,

INFOGRAPHIC: Everything you need to know about the Equifax Data Hack

Hayes Connor Solicitors, is launching a group action to help victims of the Equifax data hack claim compensation. Our firm of expert online fraud and data protection solicitors is expecting an influx of queries from people whose data was put at risk by the credit reference agency. The group action is being initiated after Equifax was fined £500,000 by the Information Commissioner’s Office (ICO).

Here’s a quick overview of this case:

Register your details here.

,

Data protection complaints increase by almost 50% in three months

According to the Information Commissioner’s Office (ICO), the number of reported data protection complaints has almost doubled since April this year. The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.

The stats show that:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

In total, there were 957 reported data security incidents in Q4 2018. Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

Worryingly, reported cybersecurity incidents also increased by 31% over the same period. Overall, general business, education and local government were the sectors with the most reported data breaches (the figures exclude the health sector).

Commenting on the changes since the introduction of the GDPR, a spokeswoman for the ICO said: “It’s early days and we will collate, analyse and publish official statistics in due course. But generally, as anticipated, we have seen a rise in personal data breach reports from organisations.

“Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

A rise in data breach awareness

The stats indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months.

For example, at Hayes Connor Solicitors we are involved in the following cases:

 

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

 

If you have been affected by any of these data protection cases, or if you want to make a data breach compensation claim against another organisation, let us know.

At Hayes Connor Solicitors, we’ve been helping people to get the justice they deserve for over 50 years, so we know what it takes to make a successful data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

START A DATA BREACH CLAIM