facebook data

My data has been breached. What do I do?

At Hayes Connor Solicitors, we have considerable experience helping individuals whose data has been breached.

Each case is different, but as a first step we ask if you have reported the data breach to the Information Commissioner’s Office (the ICO). The ICO is the body which undertakes investigations on behalf of individuals into suspected data breaches. If found guilty, it is likely that they will take action against the company which committed the breach. And, at this stage, we often mount individual or groups actions against such organisations.

Find out more about making a data breach claim in our handy guide.

But, at Hayes Connor, we don’t just focus on compensation. In today’s digital world, your personal data is a valuable commodity. So, we want to do all we can to keep you, and your sensitive information as safe as possible.

So, if you have been the victim of a breach or cyber-attack, it is essential that you know your rights and how to protect yourself.

What to do immediately after a data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you should:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • Contact your bank and/or credit card providers immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.
  • If you are offered any form of compensation or free services from the organisation that put your data at risk it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date.

What to do if you need support following a data breach

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims of crime across the UK.

Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

At Hayes Connor Solicitors, we are working with Victim Support to help those affected by cybercrime and data breaches. Ultimately, we want to ensure that victims have access to the support they need when they need it, as well as raising awareness of the threat to keep people safe online.

If you need support following a data breach or cybercrime, Victim Support is on hand just to support you.

Find out more about our partnership with Victim Support.

Making a data breach compensation claim

If you want to make a data breach compensation claim, contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Organisations have a duty to protect your sensitive data. And letting other people access this is a complete failure of this responsibility. So, why shouldn’t you seek compensation for this inability to look after your information correctly if it has caused you financial harm or distress?

Success Fees – FAQ’s


Success Fees are a mechanism by which a Solicitor will enter into an agreement with you for you to pay up to 25% of the damages you recover to that Solicitor in Costs. The Fee is only payable if the claim is successful and damages recovered. However, in some cases, your solicitor might charge a 0% success fee. This means you’ll receive 100% of any compensation awarded.


In the main, they mean that you will be paying part of your solicitor’s charges for running the claim for you. This being the case the Solicitor should account to you for the work they have done to justify charging the success fee. If they do not you may be able to challenge that fee.


In the main, because they are only entitled to fixed amounts of fees from Insurances companies who you are claiming against. This is the case for all Road Accident and Employer/Occupier or Public Liability claims with a value under £25,000 in damages.

Often the work that a solicitor will do for you in these cases will amount to a greater figure than the fixed costs available to them.


At all times a clear explanation of the fees they are going to charge you and why they are charging. They should be clear on the amounts, the timing of the payments and any other options you may have to fund that claim such as legal expense insurance you have already paid for elsewhere.


This is where you need to read the small print. There are many different approaches to the deduction of success fees and whether they include VAT, exclude VAT or have some element of administration charge or insurance product charge added. Always ask for a breakdown at the outset of how a fee is charged and an example.


Most Solicitors will not advertise their fee charges nor publish guidance on a website or other media for you to review. Always look at the No Win No Fee section of any material published and simply ask the question.

At Hayes Connor we work on a No Win No Fee basis and any success fee that is applicable will not exceed 25%. In some cases, particularly group actions, we offer 0% success fees.

cybercrime claims

Cyber Defamation

Have you been the victim of Cyber defamation? You can contact us to see if you may have a claim for compensation.

1. What is expression and defamation?

It is accepted in a democratic society that individuals have a right to express their own views and preferences. The Internet offers extensive potential for individuals and organisations to do this.

‘Defamation’, on the other hand, involves an abuse of freedom of expression whereby statements that may have a harmful impact on a person’s reputation are published.

Obviously it is important to ensure that unfounded claims should not be allowed to damage a person’s reputation, but it is also important for the law to balance such protections with the rights to freedom of expression that are a critical element of democratic societies. The issue of defamation has become a central issue in the use of the ‘Net because some corporations now use the threat of a legal action for defamation as a means to restrict the actions of groups or individuals campaigning against their activities. (See case study examples on notice and takedown).

2. How are defamation and freedom of expression covered by the law?

In the UK The Human Rights Act 1998 implements the European Convention on Human Rights (ECHR). Under the Convention:

  • The right to respect for an individual’s private and family life, home and correspondence is guaranteed under Article 8;
  • Rights of freedom of thought and expression are covered by Article 9;
  • Rights to freedom of expression and association are guaranteed under Articles 10 and 11.

These rights may have limitations put on them ‘as prescribed by law’ and which are ‘necessary in a democratic society’. The qualifications to these rights are the subject of continuing legal debate and case law.

The Defamation Act 1996 is the main UK law governing defamation. A defamatory statement can be published in:

  • Verbal form, when it is classed as slander – because only the spoken word is involved, slander can often be difficult to prove; or
  • Written form, when is classed as libel – a case for libel is easier to bring because evidence can be documented.

Material may have the potential to defame someone if:

  • The statement made would make an ordinary person modify their opinions of a person as a result of hearing or reading the statement.

Under UK law it is possible to defame corporations as well as individuals.
Defamation actions in relation to the Internet have so far involved libel. Libel must be widely ‘published’. You could libel someone using electronic networks by:

  • Sending an email, or an email attachment, where that email is widely posted or forwarded;
  • Making material available via a web page;
  • Posting to an email list or newsgroup; or
  • Streaming audio or video via the Net.

Anyone who actively transmits defamatory material is liable as part of any legal action. Most standard contracts for Internet services include conditions relating to defamation.

The 1996 Act creates a category of ‘special publisher’, where;

  • the material transmitted is passed automatically by electronic systems without their involvement; or
  • they are only the suppliers of the equipment or systems that enable publishing or distribution.

The Act also outlines the framework for prosecuting cases of alleged defamation, as well as various defences for anyone prosecuted along with the author of the material. To successfully defend against prosecution you must show that:

  • You were not the author, editor or publisher of the material;
  • That you had taken ‘reasonable care’ to prevent the publication of any defamatory material; and
  • That you did not know, or had reason to believe, that the material was defamatory, and that your transmission did not contribute to the construction of the defamatory material; or
  • The reputation of the ‘defamed’ person is such that the material could not conceivably change the average person’s views on them.

The current legal framework will probably be revised as part of new legislation for electronic commerce and electronic media.

If a person discovers that material that is damaging to their reputation is about to be disclosed, they could bring an injunction to prevent publication (on the basis of the damage it would cause, rather than on grounds of defamation). If the alleged defamatory material is already in the public domain, an injunction could be requested to force the removal or recall of the material before the case is heard.

3. How do defamation laws threaten civil liberties?

Companies and individuals may threaten a defamation action or use an injunction to silence their critics or campaigners. An injunction can be instantly actioned and prosecuted, regardless of whether it is justifiable. Given this, and the difficulty of fighting actions through the higher courts, some corporations have used injunctions rather than defamation actions to tackle problems with groups or campaigns.

Internet service providers, like other publishers, will not normally defend a claim of defamation. Rather than risk the costs of a legal action, many will simply remove the allegedly offensive material and undertake not to allow its future publication.

Filtering and blocking systems can be used in computers and Internet servers as a much simpler, and more effective, means for controlling access to material:

  • Filtering sifts packets of data or messages as they move across computer networks and eliminating those containing ‘undesirable’ material; and
  • Blocking prevents access to whole areas of the Internet based upon an address or location.

Concerns have been raised about the use of blocking and filtering software and the impact on freedom of expression. In the US, where such systems are widely used, a wide range of sites have been blocked; as well as those deemed ‘offensive’ because of their sexual or violent content, other sites seem to get blocked on the basis of their political content.

Filtering and blocking mechanisms are increasingly being used to control public access to sites critical of the state or status quo. Some states (such as China and Singapore) require the installation of this software, making it a form of indirect state censorship. Lists of blocked sites are usually protected under legal regulations on intellectual property, so it is difficult to have an informed debate about the civil liberties implications of such censorship.




First Massive Data Breach of 2017

Clients of Uber and Fitbit exposed

A massive data breach has just been discovered by a web infrastructure company. Cloudflare, the company concerned, have exposed potentially millions of customers to the risk of their personal data being accessed by unscrupulous third parties.

Examples of information which have been leaked by their failure to spot a glitch in their own software system will have exposed people’s passwords, encryption keys and other personal information to others on the internet.

Cloudflare provide software services to numerous companies – Uber, FitBit and OKCupid are amongst their client base and if you are a customer of those organisations your data may well have been leaked.

No hacking of cloudflare was involved. It was a fault in their own systems which has led to this occurring. Although they have now solved the problem, individuals and their corporate clients have been exposed.

It’s likely that a regulatory investigation will now take place and potential claims will follow. If you believe your personal data may have been leaked, please contact ourselves to advise you further.