data breach claim
, , ,

Making a data breach claim. What has changed?

A recent case against Google for illegal data harvesting has transformed how data breach claims are managed in the UK. But what has actually changed? And what does this mean for you?

The background

Between 2011 and 2012, Google used cookies on Apple’s Safari web browser to illegally collect data about its users. In response, a group action was launched to help people challenge the big technology company over this data privacy violation. But, in October 2018, the case was thrown out.

Essentially, it was deemed too difficult to calculate how many people had been affected, and in what way. This is because, to make a data breach claim, each person had to show that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. In group action cases such as this, where multiple people had been affected, this was especially complicated.

However, this case was taken to appeal, and, in a “ground-breaking” ruling, the Court effectively reformed the data breach claims process.

Change one – you can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

Change two – you can make a data breach claim even if the only thing exposed was your email address

People can now seek compensation even if the only personal information breached was their email address. Everyone has the right to the protection of their personal data. Especially when such data now has an economic value (e.g. it can be sold).

Change three – there are now different ways to join a group action claim, depending on how you have been affected

Until now, if someone had their data breached, they would have to prove how this privacy violation affected them. In group action cases (where lots of people are affected by the same breach), this could be a complicated process. Because not everyone will have experienced the same loss and consequences. So, making an award in these cases can be tricky.

But, the Court of Appeal has made the group action claims process easier.

People involved in a significant data breach (that has resulted in differing levels of financial loss or emotional harm), can still make a group action case. You can find out more about how to make a group action claim here. So, in these cases, nothing has changed.

But now, people who have had their data breached in a mass privacy violation, but who have not experienced any harm, can also claim. To do this, they will need to join a representative action.

The type of action required for each case will depend on the exact breach. If you are unsure about which option is available to you, our helpful data breach experts are happy to answer any queries you might have.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm (e.g. having their email address stolen and data privacy violated).

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions.

In addition, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

A representative action is a quicker way to claim for compensation

A representative action can be launched based on the total number of those affected, not just the individuals who have proactively decided to pursue compensation. This will make claim process much quicker. However, to receive a share of the settlement, affected parties will still need to register to join the action. There is likely to be a strict time limit to do this.

What about individual data breach cases?

The ability to claim compensation for individual personal data breaches still exists (for example, where a bank has posted your financial statement to the wrong address). But now, you can claim compensation even if you haven’t suffered because of the breach.

In such instances, people can claim directly with the organisation responsible. However, we would always recommend using a specialist data breach solicitor.

At Hayes Connor, we take a holistic and long-term view when it comes to claiming compensation on your behalf. And, our understanding of the effects of a breach mean we always ensure the best possible outcome for you. It is not unusual that – on reviewing your case – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law.

How will you know if you can make a data breach compensation claim?

Since the introduction of the General Data Protection Regulation (GDPR), any organisation that processes your personal data MUST let you know if it has been breached. And, once you have been told about any violation, you can make a claim.

How do you make a data breach claim?

If you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.





ba group action
, ,

British Airways data breach group action gets the go-ahead

British Airways (BA) customers have been given permission to launch compensation claims against the airline following a huge data breach in 2018. At the High Court , Mr Justice Warby granted a group litigation order, paving the way for the group action against BA.

What happened in this case?

Last year, almost half a million British Airways customers had their personal data stolen in series of breaches.

Hackers accessed the BA website and mobile app to steal information including card details, addresses, email addresses and travel arrangements. According to an investigation by the Information Commissioner’s Office (ICO), some passengers were taken to a fake website where hackers harvested their details. Also, many customers were forced to change their bank accounts or credit cards.

Earlier this year, the ICO announced its intention to impose a fine of more than £183 million on BA over the breach. The series of hacks, were some of the most severe cyber-attacks in UK history. And they were only possible due to inadequate security arrangements at the airline.

But, while the ICO has the power to impose data breach fines, it does not give this money to victims. That’s why making a compensation claim is so important. Furthermore, we can use the evidence uncovered by the ICO to make a very strong case. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

Join our No Win, No Fee, BA compensation case

At Hayes Connor Solicitors, we have already started a group action claim against British Airways to help victims of this data breach to secure compensation.

We can help you claim compensation for financial losses, as well as for inconvenience and distress. And, following a recent ruling[1], we can now claim on your behalf even if you haven’t suffered financial or emotional damage as a result. The loss of control of your personal information is sufficient grounds to make a claim.

What is a group action case?

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-party actions.

With a group action claim, this group of people (the Claimants) collectively bring their cases to court against a Defendant (in this case, British Airways). These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

Use a data breach expert for the best chance of success

At Hayes Connor Solicitors, we believe that the best way to make big companies pay for their data protection failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

We have become a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as BA, Ticketmaster and Equifax.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So, we are confident that our team will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected. And this could see you lose out financially as a result.

Don’t miss out on the compensation you deserve in the BA group action!

Since the data breach, we have been contacted by hundreds of people who were put at risk by BA.

The action that we are taking is still open to you to join. But, as we have already started our group action case, it is vital that you register with us ASAP.

To join our British Airways data breach group action compensation claim, register with us today.


[1] Lloyd v Google

Equifax agrees to settle data breach for £561 million
, , ,

Equifax agrees to settle data breach for £561 million

Equifax has agreed to pay up to £561m ($700m) to settle its data breach case in the US. The 2017 incident resulted in hackers stealing the personal data of millions of people. Up to 143 million US citizens and 15 million Brits were affected by the Equifax data breach.

The Federal Trade Commission believes that the credit reference firm failed to take reasonable steps to secure its network. The huge fine is the FTC’s largest data-breach settlement to date.

Find out more about the Equifax data breach.

What has happened in the US case?

According to FTC spokesperson: “Equifax failed to take basic steps that may have prevented the breach.” For example, while Equifax’s security team ordered that systems be patched within 48 hours after being informed of the discovery, the firm failed to check that this was done. As a result, hackers were able to exploit the flaw and steal consumers’ personal details over many months.

The FTC added: “This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

At least $300m of the fine will go towards paying for identity theft services and other related expenses incurred by victims of the data breach. The rest will be used to cover consumer’ losses, to pay state penalties, and to pay a penalty to the Consumer Financial Protection Bureau.

The deal also requires Equifax to boost its cybersecurity systems. As part of the settlement Equifax had agreed to:

  • Carry out an annual audit of security risks
  • Submit to an external assessment every two years
  • Ensure that third-parties with access to personal data also have adequate data protection measures in place.

What has happened in the UK case?

Following an investigation into the Equifax UK data breach, The Information Commissioner’s Office (ICO) fined Equifax £500,000.

However, because of when this breach happened, the UK investigation was carried out under old data protection legislation rather than the new General Data Protection Regulation (GDPR). As such, the £500,000 fine was the maximum penalty allowed. So, many believe that Equifax got off lightly.

The ICO investigation also revealed multiple failures at the credit reference agency.

Can you claim compensation for the Equifax data breach in the UK?

Hayes Connor Solicitors has launched an Equifax data breach group action claim as millions of people seek to hold the business to account. This is an essential step in ensuring big companies like Equifax do more to uphold their obligations and keep people safe.

Equifax sent letters to everyone who had their personal details accessed to let them know that they were affected. To join our group action, you will need to provide evidence that you received notification that your details formed part of this breach.

Hayes Connor Solicitors is providing no-win, no-fee funding arrangements in this case, and, if successful won’t charge a “success fee”. This means, if you win £1,500, you get all of the compensation. There are no solicitor’s fees – win or lose.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

Once you register with us, a member of our team will be in touch to explain the next steps.


Starwood Guest Reservation Database Security Incident – have you had this email?

UK customers affected by the Starwood Hotels & Resorts data breach are now receiving an email from Marriott International (which owns the hotel group).

The Starwood brands affected by the data breach include W Hotels, St. Regis,Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels,Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels& Resorts, Four Points by Sheraton and Design Hotels. Starwood branded time share properties are also affected.

The email confirms that:

“On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred.

“Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

“Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.

“Marriott reported this incident to law enforcement and continues to support their investigation. The company is also notifying regulatory authorities.

“Marriott deeply regrets this incident happened. From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts. Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

The email also sets out some steps that Marriott has taken since discovering the breach. These include:

  • Establishing a dedicated call centre to answer questions you may have about this incident. The call centre is open seven days a week, and is available in multiple languages
  • Sending emails on a rolling basis to affected guests whose email addresses are in the Starwood guest reservation database  
  • Providing guests with the opportunity to enrol in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found.       

Marriott has also provided some additional security steps victims of the breach cantake. This includes:

  • Monitoring your SPG account for any suspicious activity
  • Changing your password regularly
  • Not using easily guessed passwords
  • Not using the same password for multiple accounts
  • Reviewing your payment card account statements for unauthorised activity
  • Immediately reporting any unauthorised activity to the bank that issued your card.
  • Being vigilant against third parties attempting to gather information by deception (“phishing”), including through links to fake websites
  • Contacting the relevant authorities if you believe you are the victim of identity theft or your personal data has been misused.

In the UK, Action Fraud is the national fraud reporting service, and is the starting point for any police investigation into your loss. UK residents should also in form the Information Commissioner’s Office (ICO).

Committed to helping victims of data breaches and cybercrime, Hayes Connor Solicitors can also help you to claim compensation following the Starwood Hotels & Resorts data breach. And we can do this on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

If you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here. 


nhs digital data breach
, ,

Can you make a NHS data breach claim?

Last month it was revealed that 150,000 patients had their confidential data used without their consent. This NHS data breach was the result of GP practices using software that failed to prevent information being used for research purposes despite patients objecting.

This shocking error is a breach of the Data Protection Act and those affected are within their rights to start a claim for compensation. Any patients affected will have received a letter from NHS Digital.

However, this isn’t the only time our health service has failed to protect the people it is supposed to. In fact, earlier this year we reported on another NHS data breach, after it was revealed that the Bayswater Medical Centre left sensitive patient records, registration forms and repeat prescription information in an empty and unsecured building for over a year.

In this case, the Information Commissioner’s Office (ICO) fined the healthcare provider £35,000 for its negligence. And, with medical data breaches often having severe consequences for those affected, patients of the Bayswater Medical Centre should also be looking to claim compensation.

NHS data breaches are on the rise

Across the UK, our healthcare is rapidly going online. And, this is a good thing when it comes to providing services that are fit for purpose in our digital age. However, as the online information revolution sees our medical organisations move away from paper record keeping, it is vital that there are adequate and robust protections in place.

However, over the last few years, healthcare and the NHS has proved a profitable target for hackers, leading to a rise in medical data breaches. So much so that one in 13 patients will have their records stolen after a healthcare provider data breach.

The healthcare industry is one of the most vulnerable to cyber-attacks as two high profile data breaches highlight.

  • In March 2017, an IT system widely used by GPs allowed access to patient records by anyone using the same platform. This meant that the sensitive and confidential records of 26 million patients could be viewed by thousands of receptionists, clerical staff and pharmacists, even if they had no medical reason to review them
  • In May 2017, the WannaCry ransomware attack severely disrupted NHS operations, leading to cancelled appointments, diverted patients and suspended A&E services.

You can see a list of other NHS data breaches on the ICO website.

How do you make a NHS data breach compensation claim?

At Hayes Connor, we can help you make claims against a wide range of healthcare organisations already fined by the ICO. We can also keep you updated on upcoming and current healthcare data breach claim investigations.

We can make medical data breach claims against:

  • GPs
  • Pharmacies
  • Hospitals/NHS Trusts
  • Dentists
  • Opticians
  • Individual healthcare staff
  • Private health companies.

To claim compensation in a medical data breach case, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm, as well as anguish and anxiety. In fact, if you have suffered damage or distress caused by a medical or other healthcare organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful NHS data breach compensation claim.

With strict-time limits in place for making most compensation claims, if you want to achieve maximum recompense in the minimum amount of time, it’s essential to act now.

carphone warehouse compensation
, ,

Ten million customers could claim compensation for distress in Dixons Carphone data breach

Following the Dixons data breach discovered in June this year, Dixons Carphone has begun contacting customers to warn them that their information has been accessed by hackers. And, while the company initially estimated that 5.9 million people could be at risk, that figure is now closer to 10 million. But with Dixons Carphone claiming that no customers have been the victim of fraud as a result of the hack, can you claim compensation for distress?

What has happened?

The breach, which took place in 2017, saw data leaked from servers containing customer records from Currys PC World and Dixons Travel stores. Both payment card details and non-financial records were compromised.

While Dixons Carphone’s investigation has not uncovered any evidence of additional fraud, it has revealed that significantly more data was taken than first thought.

In an email to customers affected by the data breach, Dixons Carphone admitted that the scale of the non-payment leak reached around 10 million customers. Details stolen during the attack include names, addresses, phone numbers, dates of birth, and email addresses – all of which can be used by cybercriminals to commit further crimes.

Alex Baldock, chief executive of Dixons Carphone, has apologised for the breach and admitted that the company had ‘fallen short’ of its duty to protect customers. And, a spokesperson for Dixons Carphone said that: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result.”

However, by downplaying the severity of the hack, it is clear that Dixons Carphone does not understand the importance of keeping its customers’ personal data safe, and the sheer scale of damage and distress that can be caused by criminals gaining access to personally identifiable information (PII).

In fact, while there is no evidence of financial losses suffered by customers of Currys PC World and Dixons, this doesn’t mean that the impact on victims is any less significant.

Distress matters in data breach cases

Being the victim of a crime can have a considerable effect on you. Both mentally and physically. Everyone reacts differently, but for some people, the consequences can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So, just because your financial details were not exposed or used, doesn’t mean the breach should be treated any less seriously.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Compensation for distress in data breach cases

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, the law recognises the potential damage that is caused by psychological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

A personal data breach is a 21st-century version of being burgled. So why shouldn’t you seek compensation for this failure to look after your information correctly?

What next in the Dixons Carphone data breach case?

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

Dixons Carphone has said that is “continuing to keep the relevant authorities updated.”

This is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined a £400,000 following another cyber-attack.

The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees was put at risk.

With a history of failures, the regulator will now be looking very carefully at this latest revelation.

Can you claim compensation for distress in the Dixons Carphone data breach?

Absolutely. Data breaches can have severe consequences for those affected, so, customers of Dixons Carphone should now be looking to claim compensation.

In this case, because of when the breach took place, any financial penalties paid by Dixons Carphone for failing to protect customer data adequately will be calculated under old data protection legislation. This means that the company will escape the threat of much more substantial fines now possible under the General Data Protection Regulations (GDPR).

But with a history of data negligence at the company, and a clear downplaying of the importance of this latest breach, something must be done to hold them to account.

If you have had an email from Dixon’s Carphone you could be entitled to several thousand pounds in compensation so it’s important to act now.


, ,

Equifax staff treating customers with disdain following data breach

The Equifax UK breach case is drawing to a conclusion, and we are hopeful that we will soon be able to start a group action against the company. However, it seems that the more we find out about this case, the worse it gets.

Earlier this year, we described how the lack of care shown towards customers affected by the Equifax data breach was made even worse when it was revealed that a former Equifax executive sold his shares in the company before the news of the data breach went public.

Earning roughly $1 million in the process, the executive was set to profit at the expense of millions of customers (in the UK and US). Luckily he was later charged with insider trading, but his actions reflect a disdain for consumer data protection that is all too common.

Last week there were reports that yet another staffer at Equifax was slapped with an insider trading rap. This time the culprit was a software engineering manager who “traded on confidential information he received while creating a website for consumers impacted by a data breach.”

It’s becoming clear, therefore, that something has to be done to hold Equifax to account. Particularly as people at the company appear to be showing a complete disregard of the impact the data breach has had on customers.

What is happening in the Equifax UK breach case?

In the UK, investigations led by the Information Commissioner’s Office and Financial Conduct Authority (FCA) are ongoing. However, industry experts are predicting that the FCA investigation into the Equifax data breach is now coming to an end.

If the FCA finds Equifax guilty of not looking after consumer data with the necessary levels of care, this could open the floodgates to millions of compensation claims being made against Equifax.

How much compensation could you receive?

While each case is different, it is expected that each person will be able to claim between £500 and £3,000. With 14 million customers affected in the UK alone, in addition to any fines imposed by the regulator, Equifax could find itself facing a compensation bill of millions of pounds. And that’s just for the Equifax UK breach. The figures in the US could be even more staggering.

Find out more

A breach of trust

Your data is a valuable commodity. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. But all too often companies like Equifax do not protect it as well as they should do. As a result data breaches are on the rise.

To make matters worse, in most cases, data losses are entirely preventable; businesses just don’t like investing in cybersecurity, updating their systems, or training their staff.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.

Don’t be bought off!

Those affected by the Equifax UK breach were offered some free services to reduce their risk following the hack. These included a credit-report monitoring service, a web monitoring service, the option to get a copy of your credit report by post, and registration to a fraud protection service.

However, it’s vital that you know your rights before you sign up. Make sure you are not inadvertently signing away your rights to pursue a compensation claim at a later date.

How to make a compensation claim against Equifax

If you are in any way concerned, contact Hayes Connor Solicitors and let us know. You can register your details here.

We will check if you have had your data breached (if the company has not written to you and admitted as much already). And, once we have established that your data has been violated, we will start the claims procedure on your behalf.

When the results of the FCA investigation are revealed, we will make sure you are part of our group action against Equifax. With this group action claim, you and the other claimants collectively bring your cases to court against Equifax. Where circumstances are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.


equifax group action
, ,

What you need to know about Group Action Claims against Equifax

Why should you join a group action case against Equifax?

A group action allows people with the same type of claim to bring it together on a collective basis. Group action claims are becoming far more common in the UK. Here are just some of the reasons why:

  • Strength in numbers. Starting a claim can be frightening, and it’s not unusual for people who have perfectly valid complaints to be put off due to the risks of going up against a large and well-resourced Defendant. Where cases are very similar, group actions can be a powerful tool and can redress the balance
  • Save on legal costs. By joining together, individuals can share the risks and costs of claiming compensation. Legal advice is also shared, so not everyone in the action needs to pay for their own solicitor
  • Help victims with smaller claims. Group actions provide a way for people with more modest cases (that may not justify legal fees) to claim the compensation they deserve. Often, solicitors will agree to take such cases on a no-win no-fee basis
  • You might not have to go to court. Usually, a Test Case is started, and common issues are tried. The result of this case is then used as a precedent for other cases in the action; so every single claim doesn’t have to be taken to court.

However, just because a case is part of a group action, this doesn’t mean that everyone will get the same amount of compensation if successful. All claims within a group action are still settled based on their merits, and victims will receive what they are owed.

We believe that a group action is the best way to seek compensation from Equifax.

Find out more about group actions.

How much does it cost to join the Equifax group action?

At Hayes Connor Solicitors, we are dealing with all Equifax data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

What’s more, if your claim is successful we expect to be paid by the offending party (Equifax). So, as well as providing no-win, no-fee funding arrangements, we won’t charge you a “success fee”. This means, if you are awarded £1,500, you’ll get all of the compensation. There are no solicitor’s fees win or lose.

There are also no hidden charges or other administration fees.

How much compensation can you expect following the Equifax data breach?

We cannot say that you will definitely get compensation, but a group action helps to strengthen your chances. We believe Equifax has breached people’s data and needs to be held responsible by compensating for any losses, distress and inconvenience caused.

While each case is different, it is expected that each person will be able to claim between £1,000 and £2,500 (possibly even more for people who have had their financial data stolen).

What should you do now?

To become part of the Equifax group action, you will need to register with Hayes Connor Solicitors. Doing this guarantees that you will form part of the compensation claims that will be lodged by the firm. We will keep your details (securely of course!) and help you get the compensation you deserve.

Once you have registered with us, it’s important to keep a ‘diary’ or note of events since the hack. This will help us with your case.

For example:

  • Has your card been used without permission?
  • Are there transactions that you bank has picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email with your name on it? If so, create a folder and keep it as this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We have already received an influx of queries from people whose data was put at risk by the credit reference agency. If you were affected, you could be entitled to up to several thousand pounds, so it’s important to act now.

Register your details here.

data breach claims
, ,

23,000 Fortnum & Mason customers could be entitled to data breach compensation

High-end grocer Fortnum & Mason, has become the latest business to suffer a significant data breach due to hackers. This week, the store revealed that 23,000 customers have had their personal details stolen. The compromised information includes email addresses, home addresses, phone numbers and social media names.

Those affected should now consider claiming for data breach compensation.

People who may have had their details stolen include:

  • Those who voted for the TV personality of the year category at the store’s food and drink awards
  • People who entered a competition to win tickets for an exhibition of Charles I’s art collection
  • Customers who filled in a survey about the concierge service at Fortnum & Mason’s Piccadilly store.

The poll had been organised by Typeform, a company which specialises in creating surveys and forms. On 27 June Typeform discovered that an unknown third party had accessed its server and downloaded information. In response, it “immediately and fixed the source of the breach.”

Commenting on the latest data protection scandal, Fortnum & Mason chief executive Ewan Venters has said that the hack is mostly limited to email addresses and there is no evidence that highly sensitive information like bank details or credit cards have been accessed.

However, today’s cybercriminals don’t just care about our financial information. They can also cause chaos with personally identifiable information such as an email address. In fact, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

The Fortnum & Mason data breach comes hot on the heels of a similar incident at Ticketmaster.

These types of incidents are becoming increasingly common and they often have severe consequences for those affected, so you could be entitled to thousands of pounds in data breach compensation. What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety then the law agrees that you are entitled to compensation.

All those affected have been contacted. So, if you have received confirmation that your details have been hacked, we would urge you to let us know and start a data breach compensation claim. If you took part in any of the surveys or polls listed above and you haven’t received an email, make sure that you check your junk mail folder.

Once registered with us, we’ll let you know what is happening in this case and if and when you can claim. You should also raise any concerns with the ICO.



data breach compensation
, ,

Ticketmaster data hack: what are the different types of data breaches?

Earlier this year, Ticketmaster was affected by a significant data protection breach after cybercriminals hacked the company’s website. And the number of people impacted by the theft of their details could be significantly worse than first thought.

But not everyone who is a victim of the Ticketmaster data hack has had the same information stolen. So, what are the different types of data breaches in this case?

Financial information stolen and used

There are reports that customers of Ticketmaster have been the victims of theft, with their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among others).

To make matters worse, according to digital bank Monzo, it warned Ticketmaster that something strange was going on two months before the business revealed its payment pages had been hacked. However, in responding to the bank’s concerns, Ticketmaster said that: “an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”

Anyone who has had their financial details stolen and used fraudulently could now be looking at compensation up to £5,000.

Financial information stolen

Many of those affected by the Ticketmaster data breach will have had their financial details stolen but not used (at least not yet). And these people are also entitled to make a data breach compensation claim.

Of course, there are those that will argue that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information robbed. That claiming for distress is an overreaction and that your psychological suffering and anguish doesn’t matter. Luckily the law doesn’t look at things this way and recognises the amount of damage that can be caused by worry and upset.

Being the victim of a crime can have a significant impact on you mentally and physically, and the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to “get over it” isn’t helpful.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

If you had your financial details stolen during the Ticketmaster data hack, you could be looking at compensation up to £3,000.

Email address stolen

If your email account has been hacked the consequences could be devastating. Not only does it give hackers access to lots of private data about you, but it also gives them a gateway into resetting passwords and accessing additional account information (such as your financial and social media accounts).

Sometimes hackers might even change your settings to forward a copy of every email you receive to themselves before you’ve had a chance to save your password. They might even start using your account as a gateway to your friends and contacts. Your email could also be passed on to third parties, so you become the target of sustained phishing attempts and spam.

So, if you have had your email address stolen it’s vital that you hold Ticketmaster to account.

Again, it doesn’t matter if there is no evidence of your data being used. If the distress of having your data in the hands of cybercriminals has caused you suffering, you can make a claim.

Anyone who has had their email address stolen could be looking at compensation up to £1,500.

Other personal information stolen

Along with the financial info and email addresses stolen, the Ticketmaster hackers also gained access to personally identifiable information (PII).

PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.

For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Anyone who has had their personal data stolen could be looking at compensation up to £500 – £1,000.

Claim Compensation Now

We have already been contacted by lots of Ticketmaster customers who are worried that their personal data was not looked after as carefully as it should have been.

In response, at Hayes Connor, we are supporting no-win, no-fee compensation claims for everyone who has had their data accessed in the Ticketmaster data breach.

Depending on the numbers involved we may even start a group action against Ticketmaster.

To start your compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.