Five cybersecurity trends to watch in 2019

Scrutinising the cybersecurity landscape, here are some of the key trends you can expect in 2019.

  1. Cybersecurity is now a threat to every organisation

Cybersecurity has been brought into the mainstream. Modern criminals are no longer content with targeting banks and other financial institutions. Instead, they are affecting all kinds of organisations from hospitals to law firms, local authorities to businesses.

Common threats include ransomware, phishing and malware.

You can check out the latest data security incidents by sector on the ICO’s website.

  1. Hefty fines are coming

Since the introduction of the GDPR, the ICO has taken a proactive stance when it comes to commenting on large-scale breaches. But, as yet it is still focused on supporting organisations to take appropriate action in the immediate aftermath of any privacy violation. And helping to prevent breaches from happening in the first place.

So, we haven’t yet seen the enormous fines promised for those that don’t look after our data properly. But you can be sure they are coming. And, according to data protection lawyers, the Ticketmaster data breach could be a real test to see if the legislation will hold companies to account.

  1. Methods of attack are becoming increasingly more sophisticated

While the majority of attackers are still going after easy “low-hanging fruit” there are signs that cybercriminals are becoming increasingly sophisticated.

For example, last year two friends were jailed after breaching the TalkTalk website in 2015 as part of a group of hackers. During the raid, the pair managed to get away with the names, addresses and dates of birth of 1.6 million customers, before sharing much of the data online. And while TalkTalk was fined £400,000 by the Information Commissioner’s Office (ICO) for not appropriately securing the data, the “significant, sophisticated systematic hack” is thought to be one of the biggest data breaches in history.

AI-assisted imposters are also set to become an increased threat. With machine-learning helping to make existing cyber-attack efforts like identity theft, denial-of-service attacks and password cracking faster, more formidable, and more effective.

Furthermore, as we move deeper and deeper into the Internet of Things (IoT), more and more devices and data are going to be connected to the internet. Keeping these safe from hackers is going to be an ongoing challenge.

  1. The law is still evolving when it comes to data protection

 In 2019, it is much easier to bring compensation claims for distress, rather than as an add-on to a financial loss claim. What’s more, the courts are looking at a wider-range of factors when deciding on appropriate compensation.

There is also more emphasis on the relationship between privacy rights and data protection from a legal perspective. This is good news for individuals as it means they can start a claim based on more than one ground (i.e. for the misuse of private information and for breach of data protection obligations).

  1. Cybersecurity is now political

We’ve all read about how Facebook was allegedly used to corrupt our democratic process following the Cambridge Analytica scandal. With questions raised over whether our data was used to influence the outcome of the Brexit referendum.

What’s more, a recent parliamentary committee warned that our critical national infrastructure is at risk from cyber attackers. And, The National Cyber Security Centre (NCSC) cautioned that hostile states are likely to target British infrastructure.

For example, experts are predicting that smart energy meters could leave householders vulnerable to cyber-attacks and higher bills. Perhaps even more concerning, in March 2018 the National Grid was put on alert amid fears of a Russian cyber-attack, and given advice on how to boost its defences to prevent power cuts and avoid a catastrophic attack.

Awareness is crucial

At Hayes Connor, we believe that raising awareness of the growing cybersecurity threat will help organisations across the UK improve their data protection processes. But it’s also vital that we all do our bit to protect ourselves as individuals.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.




Are hospitals doing enough to protect patient confidentiality?

One in 13 patients will have their records stolen after a healthcare provider data breach[1]. However, despite the headlines, fraudsters don’t just use the internet to get their hands on our sensitive information. So, while hospitals are looking at what they can do to protect our online data, they must also look at improving security measures to prevent unauthorised physical access to sensitive medical records.

In an unusual case, our solicitors saw just how one fraudster was able to get his hands on sensitive medical information by impersonating a member of the hospital’s medical team.

What happened in this case?

In this data breach, a woman (our client), was a patient in hospital having just given birth. However, while she was there a fraudster impersonated a doctor to obtain information about her personal medical situation.

A student nurse provided the highly sensitive information to the imposter, which included details about a disease which our client had recently been diagnosed with, and with which she was struggling to come to terms with.

To date, nothing untoward has happened to our client following this incident, and there has been no contact from the person who obtained her medical records. But as she still does not know who accessed her data, and what might be done with, this situation is incredibly disturbing, and understandably this uncertainty has caused the woman considerable distress.

Lessons learned

Hospitals and other healthcare organisations need to do more to protect sensitive patient data.

All too often employees are involved in healthcare data breaches, and as such, employee training and awareness must form a core part of any security strategy and measures.

In this case, the hospital in question subsequently investigated the incident and agreed to improve their security systems and internal practices. Just simple steps such as ensuring that all members of staff wear ID at all times can make a big difference.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] Accenture

data breach
, ,

Should you hold British Airways responsible for its data breach?

At Hayes Connor Solicitors, we’re helping victims of the British Airways data breach to claim compensation after their personal information was put at risk by the airline.

However, in our work we often hear people talking about how companies like British Airways (BA) should not have to pay for the acts of unscrupulous hackers. And it’s true that cybercriminals are becoming increasingly sophisticated. But this doesn’t let negligent organisations off the hook.

The truth is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. We believe that this was the case at BA.

As such, claiming compensation isn’t just in your best interests. The only way big organisations will be persuaded to take their data privacy responsibilities seriously and make improvements is by hurting their bottom line.

Brand loyalty is all well and good, but it’s vital that we don’t put the needs of big companies above the rights of their customers.

Crucially, if BA had done everything in its power to protect its customers’ data, and had robust security processes in place, it is unlikely that a claim for compensation would be successful. This is why we usually wait for the results of an investigation by the Information Commissioner’s Office (ICO) before starting a group action.

So, was BA responsible for the data breach? Let’s look at the facts.

  1. British Airways didn’t spot the data breach for two weeks

In September last year, it was revealed that almost 400,000 BA customers had their bank card details stolen in one of the most severe cyber-attacks in UK history.

Worryingly, the hack went undetected for two weeks before BA told its customers about the breach and reported the incident to the police. BA has admitted that the hackers spent more than a fortnight accessing data online and we believe that this is a significant failure by BA – one that increases the risk to passengers substantially.

With 12 days between the BA data breach occurring and the incident being detected, questions have been asked as to whether poor systems made this cyber-attack worse.

  1. British Airways uncovered a second data breach when investigating the first

To make matters worse, when investigating this case, a second data breach was also spotted at the airline.

In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.

  1. Hackers could already have made millions from the British Airways data hack

Russian hackers may have made millions selling credit card details stolen from BA customers. Research has found that stolen data was put up for sale on the dark web about a week after the BA breach. Hackers were charging between £7 and £40 (approximately) for each card’s worth of information.

BA says it has not received reports of fraud resulting from the attack on its own systems.

  1. The British Airways hack might have been caused by the same hackers as Ticketmaster

According to reports, a cyber-criminal operation known as Magecart is behind the recent BA data breach. The group has been very active over the past three years. It is also thought to be behind the Ticketmaster data hack.

A report by RiskIQ states that clues link the same operation to the BA breach. The company said the code found on the BA site was very similar. However, the code was modified to suit the way the airline’s website had been designed. Crucially, if RiskIQ, is right about how the attack worked, a cybersecurity researcher has told the BBC that “BA should have been able to see this”. So the hack could have been very easily prevented.

Worryingly, in the Ticketmaster data breach case:

  • 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards, and
  • 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

What’s more, it is becoming increasingly clear that the impact and losses people sustain following a data breach are not always immediately apparent. Indeed, in the Ticketmaster data breach, we are starting to see cases where the impact occurred months later. This is often because data stolen is used in batches over time.

So, as yet it’s impossible to say how many people have been impacted by the BA data breach, and to what extent.

  1. British Airways has been accused of not taking its responsibilities seriously following the data breach

Following the BA data breach, the airline said that compensation claims would be discussed on an ‘individual basis’. However, it is not up to the airline to dictate the terms of any compensation payments.

In response, customers took to the media to share their fury at the airline’s handling of the privacy violation.

According to an article in The Metro, one BA customer said “They talk about compensation to be discussed on a case-by-case basis. To me, this seems incredibly unprofessional.”

He added: “They are trying to not take full responsibility for it”.

The same customer is reported to have suffered fraudulent activity on his credit card, which he used to book a BA flight during the time the data was at risk.

Some customers have complained that they have not been contacted by BA about the data breach, despite having seen fraudulent activity on their payment cards. Others have complained about BA advising customers to go to their bank for advice, rather than issuing its own instructions to help travellers stay protected.

One BA customer told the BBC: “I have six cards linked to my BA account. I have no idea how much of my data information has been stolen. I will have to go to each of my credit card providers, cancel the cards, and all the direct debits, etc., related to those cards. This will take a long time, something I have to do with no help from BA”.

Make a British Airways compensation claim with Hayes Connor Solicitors

At Hayes Connor, we want to reduce the number of data violations taking place across the UK.

To do this, we are helping to raise awareness of data breaches and cybercrime, and educating people and businesses to prevent similar infringements from happening. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

But, where a breach has already occurred, it’s vital that you can recover your losses. We could be talking about one of the most severe data breach cases to hit the UK, so it’s critical that people can get the help they need.

To join our British Airways data breach group action compensation claim, you will need to register with us. We’ll let you know what is happening in this case and if and when you can make a BA data breach compensation claim.


data breaches

Sandwell Council suffers 500 data breaches in just five years

Following an investigation by The Express & Star, it has been revealed that almost 500 data breaches have occurred at Sandwell Council in the past five years.

According to the report, sensitive information has been either stolen, lost or incorrectly disclosed. And in some cases, people’s names and addresses were unintentionally shared.

Sandwell has classed all 499 data breaches as ‘low level’ incidents. However, with one data breach occurring every four days on average, this is sure to be worrying for people living in the area.

Sandwell Council is said to be reviewing its ‘information governance arrangements’, However, speaking about the findings, which were made available following a Freedom of Information request by the newspaper, a spokesperson, said: “The majority of these minor data breaches have occurred in cases where data is being transferred internally between council departments, rather than to outside organisations.

“These low-level data breaches will occasionally have included the unintentional sharing of, for example, a name or address.

“None of the breaches met the threshold requiring referral to the Information Commissioner.

“The council takes action in respect of every breach, however minor, and can in many cases recover the data immediately.

“It must be remembered that the council handles thousands of pieces of data every single day.”

Not good enough

These violations correspond with our experiences of data breaches at local authorities across the country. Where in most cases, its human error rather than cybercrime that is the biggest cause of data privacy violations.

However, we would argue that handling thousands of pieces of data every day is not a good enough excuse when it comes to data protection failures.

For example, some of the breaches involved staff accidentally sending emails or paperwork to the wrong people. And, while Sandwell Council might consider this to be a low-level data breach, the devastation such negligence can cause can’t be underestimated.

For example, in a recent case, our solicitors saw first-hand what can happen when a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.

This mistake saw the letter being sent to and read by a neighbour, before being divulged to other family members and neighbours. This caused considerable distress, upset and embarrassment to our client and his family. As such, the consequences of this “small” error were far-reaching.

What can you do to stop this from happening to you?

If you are concerned that your data might be at risk, either by Sandwell Council, or another local authority, you can ask for a copy of the data the council holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.

This won’t guarantee that an error doesn’t result in information being sent to the wrong person, but it is a reasonable safety precaution to take. You can also ask the council for a copy of their acceptable use policy and data protection policy.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.



Are you sharing too much on social media?

The Facebook/Cambridge Analytica scandal highlighted what can happen when we share our data online. In this case, a researcher garnered details on the likes and habits of Facebook users (without their consent) via a personality quiz app called ‘This is Your Digital Life’. Cambridge Analytica then used this data to target users with political messaging.

But, despite the media attention this case received – and the possible impact on our democracy- it seems that plenty of us are still willing to hand over our information without thinking about the consequences.

The problem with memes

The latest trend across Facebook, Instagram and Twitter is to share a then-and-now picture. But how many people who took part in this “innocent” meme have considered how facial recognition software could be used to exploit this data?

Writing in Wired, Kate O’Neil argues that: “Like most emerging technology, there’s a chance of fraught consequences. Age progression could someday factor into insurance assessment and health care. For example, if you seem to be aging faster than your cohorts, perhaps you’re not a very good insurance risk. You may pay more or be denied coverage.”

She also refutes claims that there is nothing to worry about because “if you have been on social media for a long time the various platforms have this information anyway”. Instead, she argues that a simple, helpfully labelled set of then-and-now photos would be of much more value to these companies than having to trawl through hundreds (if not thousands) of unrelated images.

And it’s not just this current meme that is causing concern. How often do we share when we are away on holiday, when our birthday is, our mother’s maiden name, the name of our first pet, and even where we live? All data that can be used against us if it falls into the wrong hands.

Just a simple “what is your pirate/superhero/band name” post can reveal the answer to some of the most common security questions used by our banks.

Our responsibility to ourselves

It is absolutely right that we are demanding that organisations look after our data with respect, but it is also crucial that we apply the same standards to our own behaviour if we want to stay safe.

For example, when using technology, we must be conscious of the data we are sharing, and how it can be used. On social media this includes things like:

  • Not accepting friend requests from people you don’t know
  • Being careful about what you share online
  • Removing location data from your posts
  • Using a different password for all your accounts
  • Using two-factor authentication
  • Checking the privacy settings of all your accounts
  • Not downloading suspicious apps
  • Thinking twice before clicking on any links
  • Reading the T&Cs of any games or apps you want to use
  • Being aware of common phishing techniques and keeping an eye out for fraudsters who attempt to gather additional personal information.

Today, social media is part of everyday life. So we would never suggest that you stop using it if you don’t want to. But some simple steps can help you to stay safe.

At Hayes Connor, we believe that raising awareness of cybersecurity issues will help to protect ourselves as individuals. For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0330 995 0070 to discuss your case in more depth.


The importance of looking after sensitive candidate information during the recruitment process

When applying for a job, we trust recruiters and the places we hope to work with a vast amount of sensitive information. But all too often this isn’t looked after as well as it should be.

In a recent case, our solicitors saw the impact of what can happen when sensitive information supplied as part of a job application was processed incorrectly.

What happened in this case?

In this data breach, the individual managing the recruitment process wrongly addressed sensitive applicant information and failed to send it by recorded delivery or hand delivery, as was the company’s standard purported practice.

The documentation included the following material:

  • A copy of the applicant’s passport
  • A copy of her driving licence
  • A copy of her birth certificate
  • Two letters to prove her address/identity
  • Copies of her NVQ certificates.

The information has still not been recovered and therefore remains a potential threat to our client.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress, anxiety and trauma. So much so that her GP has prescribed medication.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.


hayes connor

Psychology and data breaches. The emotional impact of privacy violations

The sheer scale of the information we share with organisations is enough to leave us all open to the threat of financial and identity fraud. But, when talking about the real-life impact of data breaches, we often don’t consider the impact on an individual’s mental state.

At Hayes Connor Solicitors, we help our clients to make compensation claims after their data has been put at risk by the organisations they trust to look after it. In some cases, these breaches result in serious financial fraud. But, every day, we also help people come to terms with privacy violations that have a severe and often lasting impact on their mental health.

To shed some light on this issue, we interviewed renowned clinical psychologist Professor Hugh C. H. Koch – visiting professor in law and psychology at Birmingham City University School of Law – to find out more about the typical psychological effects experienced by victims of data breaches.

Is there a lack of trust in the organisations that hold our personal information to keep that data safe?

The small number of cases which are publicised and involve the abuse of personal information indicate that personal information can be inappropriately used and this raises individuals’ concerns about security.

Why has that trust broken down?

Significant publicity is given within the media when an organisation or one of its members has abused personal information, resulting in some form of data breach. As a result, individuals are less likely to trust organisations in general when providing personal information. This then can adversely affect effective communication, dealing with correspondence and, especially, telephone or email communications.

Are people becoming more stressed about the need to keep their personal information and passwords secure?

People are certainly becoming more aware of the potential risks in giving out personal information to organisations which may or may not be stored and used for purposes of which the individual is unaware. The storage and changing of passwords also raises concerns about security. This increased awareness can, in some cases, result in individuals becoming stressed and worried about adverse consequences.

What are the typical psychological effects experienced by victims of data breaches?

Data breach victims typically experience high levels of anxiety, specific to the data breach but also generalised to other aspects of dealing with correspondence, telephone and digital communication and payment for services. Victims experience social anxiety, with difficulties dealing with friends and neighbours, tradesmen, shopping transactions and can develop oversensitivity or paranoia in their communications with others. They can also develop varying aspects of mood disturbances or depression especially including poor sleep and tearfulness.

How are the principles and methods for investigating psychological injuries following a data privacy violation evolving?

As a result of increased volumes of data breach incidents, lawyers and experts are using their respective skills to assess the psychological and social consequences, symptoms and ‘injuries’ in reliable and valid ways. Structured interviewing, psychometric assessment and perusal of medical and occupational records are all part of this process.

Do organisations (those that hold our data) understand the full impact, psychological stress, and trauma that can be experienced by individuals following a data breach?

Learning how individuals are adversely affected by data breach events is a gradual process. Once an organisation has ‘got it wrong’, it should learn in a reflective way, why and how this occurred and what deleterious effect a data breach has had on any one individual. As a result, it should improve security practices to prevent further occurrences.

What about the ICO? Does it still need educating on the emotional impact of data breaches?

The role of the Information Commissioner’s Office (ICO) is to uphold information rights in the interest of the public and manage the complaints process. To do this effectively it needs to understand the various psychosocial effects that data breaches can have on individuals.

Do changes to the law that reflect the impact of emotional distress go far enough?

It is important that mild or minor examples of emotional distress get recognised as well as the more severe and disruptive effects. However, it is essential that these are assessed and described in a reliable way.

How are psychologists and lawyers collaborating in this area?

Collaboration between lawyers and psychologists will result in clear and reliable assessment of the psychological effects of data breaches on individuals and families. In some cases, once an assessment takes place, some form of treatment may be appropriate to rectify any residual or ongoing problems. Collaboration will encourage rapid, accessible and effective assessment and treatment where appropriate.

What is working, and where do we need to improve?

In order to maximise the usability of a psychological assessment, it is essential to have a clear and concise description typically for a focused witness statement, as to the effects of the specific data breach. I repeat, ‘concise and focused’, rather than lengthy and unclear.

What can the legal profession do to shed more light on the emotional impact of data breaches and cybercrime?

Education within the legal media, both written and digital, concerning the psychological effect of data breaches reinforced at legal educational meetings and conferences will raise the bar of how much lawyers know and understand about data breach effects.

Are digital innovations making the data breach claims process less stressful for victims?

Digital innovation (D.I) is a development which has both positive and negative effects on the practice of law and wellbeing. If D.I helps to increase the recognition of data breach effects and their resolution, then this will reduce the overall stress on victims who are bringing claims.

Anything else you want to add?

This is an exciting and very worthwhile relatively new medico-legal intervention. At this time, it is likely that more such cases will be investigated. Further analysis of the effects on compensation and rehabilitation will be necessary.



  1. Koch HCH, Midgley S, Riggs E, and Adeleye N (2018). Psychological Injury, Cyber Crime and Data Breach Damages. Expert Witness Journal, Manchester, December.
  2. Koch HCH (2018). “From Therapist’s Chair to Courtroom – The Psychology of Tort Law”. LCB Publishing.
data breach

Hospital gives sensitive pregnancy discharge pack to wrong woman

Before they leave hospital, new mothers are given a set of postnatal notes, with information about their labour, delivery and postnatal care in hospital.

In a recent case, we saw the impact of what can happen when this personal pregnancy discharge pack was given to the wrong person by mistake.

What happened in this case?

Following the birth of her son, a woman was contacted on Facebook by a woman who knew her name, address and other personal information. Due to the personal information disclosed via the message she thought she was being contacted by her estranged mother and sister. This caused her considerable upset.

However, it eventually became clear that she was being contacted by a stranger who had been given her pregnancy discharge pack and the personal details of her son by mistake. This happened despite the fact that the other woman had attended a completely different hospital in a different town from her.

As a result of this data breach, the woman suffered stress, anxiety and trauma, which resulted in her needing medication from her GP.  She has also suffered from ongoing flashbacks of family problems.

Lessons learned

The healthcare sector handles some of our most sensitive personal data, and, as patients, we have the right to expect this will be looked after. However, all too often this isn’t the case.

Hospitals and other healthcare organisations need to do more to protect sensitive patient data. It is vital that there are adequate and robust protections in place to secure patient information and that healthcare staff have the knowledge and ability to handle such data securely.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

Hayes Connor highly commended as boutique law firm of the year

We are delighted to announce that Hayes Connor Solicitors was highly commended at the Eclipse Proclaim Modern Law Awards in the boutique law firm of the year category.

The prestigious awards, which are now in their sixth year, celebrate and identify sparkling talent and success in the modern legal services arena. They also showcase and set the benchmark for best practice in the ever diverse, challenging and exciting legal landscape.

The event organisers were overwhelmed with nominations this year, receiving more submissions than ever, so it is a significant achievement by our firm.

The boutique law firm of the year category honours firms that specialise in a niche area of law. In our case, data breach and cybercrime.

The judges made their award based on the following criteria:

  • A practice that has performed exceptionally in terms of establishing itself in its chosen market
  • A firm that has demonstrated extensive development and progress as a business, including, but not limited to; strategy, growth, financial performance, employee development, diversity and training
  • An innovative practice that has demonstrated its ability to creatively and effectively compete with multi-practice firms
  • A practice that exceeds the expectations of basic client care and professionalism.

The award ceremony took place on Thursday 31st January in Victoria Warehouse, Manchester.

Commenting on the accomplishment, Kingsley Hayes, managing director at Hayes Connor said: “Our core aim is to help our clients get the redress they deserve following data protection breaches, cybercrime, and other online offences. And, despite an almost entirely online approach, Hayes Connor Solicitors has fast become one of the most recognised names in the sector.

“Over the past 12 months, our firm has established itself as the only niche provider of legal services in the data protection, GDPR and cyber fraud area. This is all we do, and we have become a true specialist in this area of law. We are thrilled that we are being recognised for our achievements in his area.”

As well as the boutique law firm of the year commendation, Hayes Connor was also shortlisted in the Marketing and Communication Strategy of the Year category. This class looks at firms which have shown exceptional originality and innovative thinking in this area.

We were shortlisted based on the work we have done to establish our position as a thought-leader in data breach and cybercrime legal services; informing and educating consumers on their rights.

While we are disappointed to miss out on this award, we recognise the strength of this category and congratulate the winner.


Bank sends credit card statements to the wrong person

Financial crime is a hot topic at the moment, with stories about push payment fraud and takeover fraud leaving people worried about what could happen if they became the victim of a bank scam.

But in many cases, its human error rather than cybercrime that is the biggest cause of financial data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when a person’s financial information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a bank sent partial credit card statements to the wrong person. The information was sent to a completely different person to the account holder (our client), attached to the back of a bundle of documents she had requested.

Luckily, in this instance the woman who received our client’s statements was honest, and despite being a complete stranger she contacted him to let him know what had happened. She also reported the incident to her local branch, although she was not satisfied with how the bank proposed to deal with the matter. If such a simple error can be made, what’s to say it couldn’t happen to other customers?

As a direct response of this admin error, this data breach has caused considerable distress and worry to our client. He has now lost confidence in his bank and can’t be sure if his sensitive and personal data has been further breached.

Lessons learned

Banks, credit card providers and other financial institutions need to do more to protect sensitive financial data.

All too often staff are involved in such data breaches, so employee training and awareness must form a core part of any security strategy and measures.

If you are an employee of a financial organisation and want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that this doesn’t happen to you. Such steps could include things like additional data protection training, secure systems for storing information, checks and balances on systems generating correspondence, and measures to ensure that the correct information is being sent to customers.

This is especially important if you deal with sensitive financial information which could cause serious harm if it falls into the wrong hands.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.