Posts

DATA BREACH
,

Marriott facing GDPR fine and compensation payments

The Marriott data hack is one of the most serious data breaches of its kind. And, following the breach – which resulted in 500 million guests being compromised – the hotel group is facing a GDPR fine and compensation payments to customers.

Marriott data breach compensation

So far, two US-based law firms have already filed class action lawsuits against Marriott International. A class action (also called a group action), is where a group of people – sometimes even thousands of people – who have been affected by the same issue collectively bring their cases to court. These victims then fight together to achieve compensation. Where circumstances are very similar, group actions can be a powerful tool and can have a more significant impact than a single claim.

Find out more about group actions.

A US Senator has also called on Marriott to reimburse those affected to allow them to purchase new passports. However, to date, Marriott has offered no monetary reparation.

Committed to helping victims of data breaches and cybercrime to achieve the justice they deserve, at Hayes Connor Solicitors we are also considering launching a group action to compensate UK victims of the Marriott data breach.

Marriott data breach GDPR

Marriott is a US-based company. But, because many of its guests are EU citizens, the data breach falls under EU GDPR legislation. This means that the hotel group could face a fine of up to £17.8 million or 4% of its annual turnover. Marriott’s turnover in 2017 was £20.4 billion.

So, Marriott could be facing a regulatory fine and litigation. As such the financial implications could be huge. What’s more, if you are a Marriott International customer and you have suffered emotional distress because of the data breach you could be entitled to compensation – even if you haven’t lost out financially.

Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

So, if you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here. 

We can take on your claim on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

TAKE ACTION NOW!

notjusthackers
, ,

NHS family member shared confidential medical information

When it comes to medical data breaches, in most cases, it is human error rather than cybercrime that leads to information falling into the wrong hands. But what happens when someone deliberately accesses and shares your private and sensitive medical records?

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was revealed by a family member working for the NHS.

What happened in this case?

In this data breach, the sister-in-law of our client (who was a NHS staff member), accessed the NHS system and then shared personal details about our client with the rest of her family. This included specific information about our client’s baby.

As a direct result of this violation, our client’s relationship with family has broken down. She has received threats from a family member resulting in police involvement, and has to deal with the ongoing worry of further danger.

In response, our client has suffered stress, anxiety attacks and trauma. Ultimately she has required medication to be prescribed to help manage the psychological effects of this terrible breach of trust.

To make matter worse, the breach has meant that our client can no longer continue her university studies, so she has also suffered the loss of expenses, and the opportunity to progress her career.

Lessons learned

NHS employees have a duty of confidentiality not to divulge private information. But in this case, this duty was disregarded. And, while the family member who accessed the data is responsible for this, the NHS must do more to protect patient information. For example, by designing systems that only allow the specific specialists, doctors or consultant allocated to a patient to have access to their data.

Also, every staff member accessing a patient’s records should provide a reason for doing so. And all NHS employees should receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
,

What can happen when your ex gets access to your financial information?

When we think about data breaches, we often worry about hackers and cybercriminals getting hold of our banking details. But in some cases, significant damage can be caused when our financial situation is made available to people much closer to home.

In a recent case, our solicitors saw the impact of what can happen when a bank statement was sent to an ex-partner’s address by mistake.

What happened in this case?

In this data breach, our client’s bank sent personal information disclosing his financial situation to his previous address, where his ex-partner still lived. This happened despite our client changing his address with his bank five years ago.

Our client’s ex-partner then disclosed this information to her friends, family and acquaintances; causing him significant distress and embarrassment. Furthermore, due to the disclosure of his financial position, our client’s ex-partner also refused him access to their children and prevented him from taking them on holiday.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress and anxiety.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly. You are completely within your rights to ask for a copy of the data your bank (or any other organisation) holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address (as in this case) but it is a good safety precaution to take. Find out more about making a SAR.

Lessons learned

If you are an employee of a bank and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. Such steps could include things like additional data protection training, making sure that all updated addresses and information are saved in the correct field, and checks and balances on systems generating correspondence.

In many cases, data breaches can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

data breach

Stolen identities selling for just £10

According to a report by The Independent[1], the personal data of UK citizens is selling for as little as £10 on the dark web.

The dark web is a hidden section of the internet which allows users to remain anonymous and untraceable. It is popular with cybercriminals looking to buy and sell data.

A full ID package – which usually includes the name, address, online passwords, banking data and other identifying information of an individual – is also being offered for sale on several popular online black markets. Other available information includes the logins for dating apps, streaming services, online shopping sites and social media profiles. The data offered provides more than enough information for hackers to carry out online fraud and identity theft.

In addition to the available personal information, the report highlights how hackers are using the dark web to find guides on how to use this information. For example, for just £6 cybercriminals can buy a “how to obtain loans” guide which gives step-by-step instructions on how to take out a loan using stolen data. The guide does not require any special skills to follow the instructions.

Worryingly, the availability of such information seems to be on the rise; not least because a series of high-profile hacks have seen the data of hundreds of millions of people exposed.

The report also warns that the “public has little to no sense of how much of their data has been compromised”. Indeed, cybersecurity experts believe that it is not a question of whether a person has been hacked, but how many times. As such, the key is to minimise any risks.

How to protect yourself from cybercriminals

There are steps you can take to protect yourself even if your data is available to hackers. This includes:

  • Contacting your bank/credit card provider if you are worried that your banking details have been exposed
  • Being aware of common phishing techniques and keeping an eye out for fraudsters who attempt to gather additional personal information
  • Avoiding clicking any links or opening any attachments within suspicious emails
  • Reporting any suspected phishing attempts to the police and relevant authorities
  • Looking out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alerting your bank or card provider immediately if there is any suspicious activity
  • Monitoring who you accept into your social media circles
  • Keeping an eye on your credit score for any unexpected dips
  • Calling Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Being aware of any unsolicited communications that refer you to a web page asking for personal data
  • Registering with a suitable fraud prevention service
  • Enabling two-factor authentication on accounts that support it
  • Regularly changing your passwords on all your accounts
  • Using different passwords for all websites and apps
  • Using a secure password service
  • Never automatically saving your card details online.

You can find out if your data has been hacked at sites such as Have I Been Pwned.

Claiming compensation if your data has been put at risk

At Hayes Connor Solicitors, we help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

In some cases, these data breaches are massive news stories following hacks against the likes of Ticketmaster, Equifax and British Airways. But, every day, we also help people come to terms with smaller data breaches that have a severe and often lasting impact on them.

The impact of cybercrime can be devastating. For example, following last year’s Ticketmaster data breach, 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards. What’s more, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests. The only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

If you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-id-value-hackers-cyber-crime-a8683821.html

notjusthackers
,

Can you trust solicitors to look after your personal data?

At Hayes Connor, we’re committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone who has been let down by their solicitor.

In a recent case, we saw the impact of what can happen when a client’s personal information wasn’t looked after by the person they trusted to represent them.

What happened in this case?

In this data breach, a former member of the Armed Forces appointed a solicitor to represent her at a Tribunal she was involved in. However, this solicitor lost her sensitive information, including her medical and service records on a train.

Following this shocking data breach, the woman suffered severe psychological effects including stress, anxiety and trauma. As a result, she has been prescribed medication, and her ongoing conditions have been exacerbated.

Turning to Hayes Connor for help, she revealed that her mental health had deteriorated to such an extent that it affected her ability to leave the house, and led to in her being demoted in work, resulting in a substantial pay cut.

Lessons learned

Solicitors must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information – both in and out of the office.

In many cases, data breaches can be avoided by solicitors abiding by the data protection principles of their firms. But it is up to these firms to make sure that all employees receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

At Hayes Connor, our process is fully compliant with ICO guidance and we never put your details at risk.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data protection
,

Businesses must do more than pay lip-service to the idea of data protection

At the end of 2018, our managing director Kingsley Hayes revealed the key data privacy trends that our firm has seen since the General Data Protection Regulation (GDPR) came into force. You can read more about these trends here.

One of the most worrying things we are seeing is that the businesses entrusted to look after our personal information are doing little more than paying lip-service to the idea of data protection. Indeed we would argue that a lack of care is still rife, despite the tightening of our data protection laws.

What are we seeing?

At Hayes Connor Solicitors, we have received more than 2,500 enquiries from customers who have suffered as a direct result of a data breach. That’s in the last six months alone. Some of these cases saw breaches of personal, financial and sensitive data from big companies including the likes of Ticketmaster, British Airways, and Dixons Carphone.

Not just hackers

But, while these cases are important, every day smaller data breaches are causing misery and upset to people across the UK. And while these incidents don’t make the headlines, for those involved the experience can be just as devastating.

At Hayes Connor, our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways. Crucially, in most cases, these data breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors.

How are organisations responding to data breaches?

Disturbingly, regardless of the size of the organisation, or the type of the breach, many companies are falling short of what we would expect when a failure in data privacy occurs. In our experience, companies and their representatives (be they legal or insurance based) are still responding with a pre-packaged “we won’t do it again” approach. This fails to recognise the full impact of the breach, which can be significant and of a psychological nature.

In many instances, the accepted risk management plan seems to be:

  1. Say sorry
  2. Provide free security monitoring software
  3. Promise it won’t happen again
  4. Advise the customer that there is nothing that they can do to remedy any losses they might suffer.

Such absence of care over the very real impact of data breaches should not be tolerated or accepted. And, in 2019, we would challenge businesses to do more to meet their data privacy responsibilities and provide an adequate response where they fail to do so.  This is necessary to ensure that individuals can expect a standard of data protection we should all aspire too.

If this challenge is not accepted, more and more customers will look for help to protect their privacy, and claim back from organisations where they have suffered loss.

Leading by example

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are helping to raise awareness of this issue and educating people and businesses to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

cyberattack
,

Tesco fined over £16 million following cyberattack

Tesco Bank has been fined a whopping £16.4m fine following a cyber-attack. The incident, which took place in November 2016, resulted in cybercriminals stealing £2.26m from 9,000 people.

Following an investigation into the data breach, the Financial Conduct Authority (FCA) has now penalised Tesco for the ‘avoidable’ cyber-attack.

This is the first time that the FCA has issued a fine against a company for online fraud.

If you have suffered damage or distress caused by Tesco’s failings you might be able to claim compensation.

What happened in the Tesco data breach?

In 2016, Tesco suffered an “unprecedented” attack on its online accounts. During this attack cyber-criminals used an algorithm to generate authentic Tesco Bank debit card numbers and then, using those “virtual cards”, they carried out thousands of unauthorised debit card transactions.

Altogether, fraudsters stole a total of £2.26million.

What was the result of the Tesco data breach Investigation?

While Tesco was a victim of the cyber-attack, the FCA investigation has revealed that the attackers were able to exploit “deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team to carry out the attack”. As a result, these deficiencies left Tesco personal current account holders vulnerable.

The FCA also listed a catalogue of errors at the bank, including:

  • Not taking appropriate action to prevent the fraud from happening in the first place
  • Not responding to the attack with sufficient “rigour, skill and urgency”
  • Making a number of mistakes when dealing with the crisis
  • Ignoring warnings.

According to a spokesperson at the FCA, “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.

“In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started.

“This was too little, too late. Customers should not have been exposed to the risk at all.”

What should you do now?

While Tesco has refunded customers for any financial losses, if you have suffered damage or distress caused by its failings, you may be able to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

In this case, some victims were unable to access their funds when they needed them most, so were unable to pay for essentials such as food.

Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So you should seek compensation for a failure to look after your information correctly.

At Hayes Connor Solicitors, we are considering launching a group action to help victims of the Tesco data breach to claim compensation. If we believe you have a substantial group action case we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

REGISTER NOW TO FIND OUT HOW WE CAN HELP YOU.

 

cybercrime claims
,

Cybercrime losses up 24% in just six months

According to the police, £34.6 million was reported stolen from UK victims of cybercrime between April and September 2018. That’s a whopping 24% increase on the previous six months.

What do the latest statistics reveal?

  • More than £190,000 a day is lost in the UK by victims of cybercrime
  • Over a third of the victims affected had either their social media or email accounts hacked
  • People hacked via their social media and email accounts lost a total of £14.8 million
  • 13,357 people in the UK reported cybercrimes over six months.

According to a police spokesperson, cybercriminals were targeting people’s social media accounts “in a bid to make money and steal personal details”. This could leave victims “at risk of identity theft”.

The City of London Police, which runs Action Fraud, has warned people to:

  • Keep separate passwords for each of their online accounts
  • Make sure that they use the latest software and app updates
  • Be suspicious of unsolicited requests for personal or financial information (phishing)
  • Never call numbers or follow links provided in unsolicited texts or emails.

What is Action Fraud?

Action Fraud is the UK’s national reporting centre for fraud and cybercrime[1]. Victims of online offences such as scams and financial/identity fraud should contact Action Fraud to report their loss. You can do this online or via telephone. For any other form of cybercrime such as online stalking, harassment, or fears about sexual grooming, you should contact the police directly.

What else is Action Fraud saying?

In addition to the sixth-monthly figures, reports on Action Fraud’s website also warn us that:

  • A staggering £50,766,602 was lost to romance fraud in 2018 with an average of £11,145 per victim and a 27% increase on the previous year. Action Fraud is warning people to be aware of romance scams in the run-up to Valentine’s Day
  • Fraudsters are targeting the growing over 55 population because they are more likely to have money to invest. Traditionally scammers cold-call but contact can also come from online sources (e.g. email or social media)
  • Fraudsters are sending the public fake TV licensing emails to steal their personal and financial information.

What can happen if you are scammed?

Cybercrime can result in both financial and/or identity theft. And, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

We all worry about what could happen if scammers get access to our bank accounts. But the impact of data breaches goes much further than financial losses.

According to Victim Support, the effects of crime can last for a long time. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

How to protect yourself from cybercriminals

In addition to the advice provided by Action Fraud, here are a few additional steps to help protect your personal information:

  • If you are worried that your financial details have been exposed, contact your bank/credit card provider immediately and ask them to keep a close eye on your account and request a new card
  • Report any suspected phishing attempts to the police and relevant authorities (Action Fraud)
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips (register for updates)
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Register with a suitable fraud prevention service
  • Regularly change your passwords on all your accounts (you might want to use a password security tool to help you to do this).

 

Leading by example

At Hayes Connor, we want to stop cybercriminals in their tracks. To do this, we are helping to raise awareness of this issue and educating people to prevent similar crimes from happening.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] England, Wales and Northern Ireland

data breach solicitors
, ,

What can happen when medical information falls into the wrong hands?

The world is rapidly going digital. And, this online information revolution has seen most organisations move away from paper record keeping. However, over the last few years, such information has proved a lucrative target for hackers.

But, when it comes to information falling into the wrong hands, in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, HM Courts & Tribunals Service (HMCTS) sent a copy of a confidential medical report to a person’s former partner by mistake. The report from a doctor said that the man (our client) was depressed and suicidal.

Once our client’s ex read the report – a document that she should never have had access to – she used its contents in an application to reduce his contact with his children. This application was successful (the court was not aware how this information was obtained).

As a direct response of the admin error, this data breach has had a devastating impact on our client. Having reduced contact with his children has caused him considerable distress and upset as well as aggravating his mental health problems.  So, in this case, the consequences have been particularly severe.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly.  You are completely within your rights to ask for a copy of the data an organisation holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address, but it is a good safety precaution to take. Find out more about making a SAR.

You should also ask any organisation that has access to your medical records about what type of information they share and with who.

You can also choose not to have your medical information shared or used for any purpose beyond providing your own treatment or care. This choice is known as a national data opt-out. Find out more about the national data opt-out.

Of course, there may be instances (as in this case) where you need or want to share this information. Likewise, your confidential patient information may still be used when there is a legal requirement to provide it.

Lessons learned

The duty of confidentiality goes beyond undertaking not to divulge confidential information; it includes a responsibility to make sure that written patient information is kept securely.

If you are an employee of a medical organisation or a government agency or department and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. This is especially important if you deal with sensitive information such as medical reports. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data breach claims
,

The impact of data breaches are often being felt months after the initial violation

A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. Not least because, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

In response, at Hayes Connor Solicitors, we help our clients to make compensation claims after their data has been put at risk by the organisations they trust to look after it.

Dealing with hundreds of different types of data breach cases, one thing that has become apparent to our solicitors is that the full impact is often not felt until months after the initial violation.

What are we seeing?

Over the last six months, we have received more than 2,500 enquiries from customers who have suffered as a direct result of a data breach. These cases saw breaches of personal, financial and sensitive data. But it is becoming increasingly clear that the impact and losses people sustain following a data breach are not always immediately obvious.

Indeed, at Hayes Connor, we have seen cases where the financial losses only start to occur three to six months later. This is often because data stolen is used in batches over time.

For example, some nine months after Ticketmaster data breach, we have discovered that:

  • 63% of all the clients we took on have suffered multiple fraudulent transactions on their payment cards
  • 31% of all clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Not just financial

We all worry about what could happen if scammers get access to our bank accounts. But the impact of data breaches goes much further than financial losses.

According to Victim Support, the effects of crime can last for a long time. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. And, like financial losses, this is often happening months after the initial breach was revealed.

With major breaches now occurring weekly, we expect this situation to escalate. As such, more must be done to protect customers following a data breach – and this cannot be a short-term fix.

Leading by example

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are helping to raise awareness of this issue and educating people and businesses to prevent similar mistakes from happening.

Ways to check if someone has stolen your identity include:

  • Checking your credit record to see if there are any searches that you don’t recognise
  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Making sure you read your credit card statements and other letters that come from your bank.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.