Posts

gender identity clinic breach
, ,

Gender identity clinic investigating data security incident after patient email leak

The Charing Cross Gender Identity Clinic in London is investigating a ‘data security incident’. The clinic supports adults with issues related to gender. It has patients who are transitioning or considering doing so from across the UK.

Tavistock and Portman NHS Foundation Trust run the clinic. According to a statement on its website, the breach exposed the email addresses of many of its patients.

The statement reads:

“We are currently investigating a data security incident.

 “This incident involved an email from our Patient and Public Involvement team regarding an art project that we are looking forward to launching. Unfortunately, due to an error, the email addresses of some of those we are inviting to participate were not hidden and therefore visible to all.

 “We are hugely apologetic and understand that this is a serious data breach.”

Approximately 2,000 people are exposed

Two separate emails were sent to Charing Cross Gender Identity Clinic patients. In total, the personal details of almost 2,000 trans patients are reported to be exposed.

This is a massive breach of patient confidentiality and people are understandably upset. Speaking to the media, one patient said: “It could out someone, especially as this place treats people who are transgender”.

There are also concerns that, in being outed as trans, “that could be hugely dangerous to their wellbeing and safety.”

The breach was caused by human error

Most security breaches happen because of distractions or mistakes. And that certainly seems to be the case here. In fact, not using the blind carbon copy (bcc) functionality when sending to multiple recipients is a common cause of data breaches.

Often this happens because strict policies and procedures are not in place to ensure the safe processing of information. Or, staff have not received regular data protection training to make sure they understand the potential consequences of breaching data protection laws. In this case, the clinic also appears to be financially stretched and under-resourced.

However, the bottom line is that the Trust should have ensured better compliance to protect potentially vulnerable patients and maintain their privacy.

What happens now?

The Charing Cross Gender Identity Clinic data breach has been reported to the Information Commissioner’s Office (ICO) and is now being investigated. The Trust is also treating the privacy violation as a serious incident.

Anyone distressed by the breach of trust can make a complaint here. We would also urge victims to contact the ICO and let it know about their concerns.

The ICO could fine the Charing Cross Gender Identity Clinic

Where adequate processes and protections are not in place, the ICO does have the power to issue fines.

For example, an independent inquiry into child sexual abuse was fined £200,000 by the ICO after sending a bulk email that identified possible abuse victims. In this case, an officer sent an email to 90 people involved in a review without using bcc. This allowed the recipients to see each other’s email addresses and identified them as possible victims of child sexual abuse. In 2016, the ICO also fined another London clinic £180,000 after it leaked the email details of almost 800 patients diagnosed as HIV positive.

These fines were issued before the introduction of the GDPR in 2018, so, a penalty for Tavistock and Portman could be much higher. However, it’s important to note that, while the ICO does hand out fines, it does not award compensation to victims of data breaches.

Make a claim against the Charing Cross Gender Identity Clinic

Data breaches are not just caused by cybercriminals. Every day we hear how simple human errors are causing misery and upset to people across the UK. And, given the nature of this data breach, the emotional distress to patients should not be underestimated. Furthermore, this breach could potentially put people in serious danger.

Of course, there are concerns that claiming compensation could take money from an already underfunded clinic. However, in 2019, all organisations should have insurance in place to protect against such threats.

What’s more, while you might support the clinic, it must meet its legal obligations when it comes to protecting sensitive data. Where an organisation fails to do this, holding it to account is often the only way to ensure standards are improved.

If you have been the victim of the Charing Cross Gender Identity Clinic data breach, find out how we can help. Complete our online form. Or give us a call to discuss your case in more depth.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

SAR Requets
, ,

Metropolitan Police failing to respond to subject access requests

You have the right to find out if an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this data. This is called making a subject access request (SAR). The ICO (the UK’s data protection regulator) has been working with the Metropolitan Police Service (MPS) to address its large SARs backlog. However, the MPS has more than 1,100 open requests. With nearly 680 over three months old. The ICO believes that this is a cause for concern.

What has happened in this case?

The ICO has issued two enforcement notices ordering the Metropolitan Police Service to respond to all SARs by September 2019. The regulator has also asked the MPS to “make changes to its internal systems, procedures or policies, so that people are kept up to date on any delays that may affect their data protection rights and how the situation is being addressed.”

The ICO added, “Ultimately, the public must be able to trust that police forces are upholding their information rights, and this case is a reminder to other police forces that we will take action against those organisations that do not comply with their SAR obligations”.

What do you need to know about making a subject access request?

Find out how to make a Subject Access Request on the ICO website.

Crucially, when it comes to making a subject access request, the ICO has stated that there is “no requirement for a request to be in writing”.

What can you use a SAR for?

You can use a SAR to find out:

  • What personal data an organisation holds about you
  • Whether an organisation is processing your personal data
  • How the organisation got hold of your data
  • The types of personal data being processed
  • Why your data is being processed
  • Any third parties that your data is being shared with
  • How long your data will be kept for
  • How you can have your data amended or deleted
  • Whether they use any automated decision-making processes
  • Any other supplementary information.

Of course, it could take longer for an organisation to supply everything they have about you. So, if you only need certain data and you want to speed things up, it makes sense to be specific.

The ICO has provided a handy template to help you to do this.

What else do you need to know about making a subject access request?

  • Organisations should provide contact information for making a SAR. Under the GDPR, this information should be available on an organisation’s website (check the privacy policy usually found in the footer)
  • Requests can be responded to electronically (as long as it is secure)
  • You can ask for a paper copy of the data held about you, but a company only has to provide this if it is reasonable to do so
  • SARs need to be replied to within one calendar month. However, they might need extra time to consider your request and, if so, can take an additional two months to do this
  • Organisations must make you aware of any delays which may affect their requests. They should also explain how the situation is being addressed
  • Organisations can ask for further information to establish your identity, particularly where sensitive data is involved. However, such requests must be “reasonable and proportionate”
  • A copy of your personal data should be provided at no cost to you. Although “reasonable” fees can be charged for manifestly unfounded or excessive requests
  • An organisation can refuse a SAR if they believe it to be ‘manifestly unfounded or excessive’. They may also deny a SAR if your data includes information about another individual. However, they can’t just ignore you. They must still write to you and explain why your SAR is being refused
  • You have a legal right to ‘rectification’ of your records. So, if something in your data is wrong, you can ask to have it corrected. Organisations have one month to respond to your request
  • If you are worried about the way an organisation is handling your information, the ICO has provided a handy letter template to help you to raise your concerns.

What can you do if you don’t believe your SAR has been taken seriously?

If you believe any fees to be unfair, you can complain to the organisation in question. However, if the matter is not resolved, you should report your concerns to the ICO.

If more than a month has passed since you made your SAR, and you have not heard anything back, you should write to the organisation reminding them of your request and their obligations under the GDPR. And, if you still don’t hear back, you should complain to them using their complaints process. And, if you are not happy with their response, you can complain to the ICO.

If you think your request has been rejected unjustly, you can raise a complaint with the organisation in question. And if you remain dissatisfied, the ICO.

If the organisation refuses to change their records, you can complain to the ICO. However, there’s a difference between information that is incorrect and information that you disagree with. For example, if you have a dispute with your doctor over a diagnosis, you can’t change your health records. However, you might be able to add a note to this record stating that you disagree with the medical opinion.

If you believe that an organisation is not handling your data properly, you can also complain to the ICO.

Find out more about Subject Access Requests.

Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

data breach compensation
, ,

What is included in a data breach compensation claim?

As data protection solicitors, one of the things we regularly get asked by people who have suffered because of a data breach is “what can I claim for”?

Data breaches can and do cause serious and lasting damage. To claim compensation, you must be able to prove that you suffered as a result of the breach. And, while each case is judged on its own merits, there are some things we would typically look for when it comes to recovering damages for victims of a data breach.

Financial losses

With enough information, cybercriminals can use your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Evidence of financial losses include things like receipts, bank statements etc.

Distress

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. A data breach can have a significant impact on you, both mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. When it comes to any psychological effects we may be able to arrange for a medical consultation to help prove your claim.

A number of our clients have suffered life changing consequences following a data breach. In many cases these clients have been examined by experts and have a confirmed diagnosis. Failing to acknowledge the impact a data breach can have on poor mental health is a mistake.

How much data breach compensation can you claim?

Data breach compensation following data hacks and confidentiality breaches can range from a few hundred pounds to tens of thousands of pounds.

For example, someone whose medical records were stolen could be entitled to £6,000. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.

Typically, we would look to claim for:

  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • Any recognised psychological injury
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

How do we prove your claim?

Once you have told us that you want to make a data breach or cybercrime compensation claim, we will send you our initial documentation pack. This sets out what we will do for you, how we will do it, and what we need to proceed with your claim.

Within this pack, you will also find our data breach questionnaire. This lets you tell us as much about your case as possible. We ask you to complete this to best of your ability.

The type of questions we ask include:

  • When the data breach took place
  • When you found out about the data breach
  • What information was stolen/put at risk
  • If you have reported the data breach (e.g. to the ICO, the police etc.)
  • If you have you received any documentation admitting the breach (and if so, when)
  • Whether the organisation that put your data at risk has given you a reference number
  • If you have suffered any distress as a result of the data breach. And if so have you spoken to your GP about this
  • Whether you have any pre-existing vulnerability to distress or psychological trauma
  • Whether you have suffered any financial loss as a result of the breach. And if so, what these losses involve
  • Whether anyone else has been affected by the breach. And if so, who and how.

We need this information to ensure we make the strongest possible claim on your behalf.

Once you have signed and returned the necessary information to us, we will make a start on your case. It is not unusual that – on reviewing your impact form – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a massive difference in the eyes of the law. That’s why appointing expert data breach compensation solicitors is essential.

How much does it cost to make a data breach compensation claim?

Access to professional legal advice is a fundamental right. That’s why it is vital that everyone can afford to make a data breach or cybercrime compensation claim should they need to.

Removing the financial risk, at Hayes Connor Solicitors, we provide our services on a no-win, no-fee basis to help our clients get the compensation they deserve. So, if we don’t win, you don’t have to pay us a penny.

If your claim is successful (and that’s what we all want!), you usually have to contribute towards your solicitor’s costs. This ‘success fee’ is taken from the compensation awarded to you. The amount of the success fee depends on when your case is settled, but with Hayes Connor Solicitors, you never have to pay more than 25% of your compensation.

What’s more, if enough people come forward to make a large group action claim, we might be able to waive this fee (by getting the other party to pay it instead of you). That would mean that there are no solicitor’s fees win or lose. We always make sure you are fully informed about any potential costs before we proceed.

Helping our clients get the compensation they deserve

Every day serious data breaches take place. And, all too often these breaches put people’s mental health and even their lives at risk.

Our data protection solicitors provide high-quality, sensitive legal advice and support to help victims of data breaches and cybercrime to claim compensation. We may be able to act for you on a NO WIN, NO FEE basis.

Find out more about making a data breach claim with Hayes Connor Solicitors.

 

compensation
,

Claiming compensation for distress under the Data Protection Act

If you have been the victim of a breach of your personal data, the Data Protection Act gives you the right to compensation. You can claim for any money you lose because of a data breach. For example, if a cybercriminal uses your credit card to buy something or steals from your bank account.

But most Data Protection Act breaches don’t actually lead to financial loss. Instead, it is much more common for people to suffer from emotional distress following the misuse of their personal data.

What does the law say?

Until a few years ago, anyone who wanted to claim for distress following a breach of the Data Protection Act first had to prove that they had also suffered financial loss. But this is no longer the case.

And, since a landmark case in 2015[1], there have been many successful claims for distress. So, if you have suffered emotionally after an organisation breached any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

For example, in 2016, six asylum seekers received awards of between £2,500 and £12,500 after their personal data was inadvertently published on the Home Office website.

What will the court look at when deciding how much compensation to award?

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure.

However, the court may be prepared to award damages even in cases where your fears about what might happen with your data are not rational. Simply the threat of disclosure, and the loss of trust in authorities resulting from a data breach could result in compensation.

The emotional impact of a Data Protection Act breach should not be underestimated

If a criminal came into your home and stole your private letters and other information, you would be distressed. So why should you feel any less upset at having your online data taken?

The emotional impact of a data breach can be devastating. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect a person’s friends, family and job. We deal with serious cases that put people’s mental health and even their lives at risk. So, downplaying the impact of a data breach claim is extremely disrespectful to the victims.

Who is responsible?

While cybercriminals often target organisations to steal their data, in most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by companies not taking data protection seriously resulting in simple human errors.

However, even where criminals are involved, in most cases organisations have not invested in adequate levels of security. So, the hackers only managed to steal the data because nobody put a “lock on the door”.

Make a Data Protection Act compensation claim with Hayes Connor Solicitors

At Hayes Connor Solicitors, we believe that companies must be held to account for their failure to protect your information.

Some people would have us believe that claiming for distress is an overreaction. That your physiological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information stolen. But we should all be very worried about what could happen if our data gets into the wrong hands. Why shouldn’t you seek compensation for a failure to look after your information correctly?

Crucially, the law understands the damage that can be caused by worry and upset. So you are 100% within your rights to make a compensation claim.

What’s more, claiming compensation for distress isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

If you have been the victim of a data breach or cyber fraud, find out how we can help you to get data breach compensation by completing our enquiry form or give us a call to discuss your case in more depth.

Or, for more advice on how to keep your data safe, follow us on Twitter and Facebook.


[1] Google Inc v Vidal-Hall and others [2015]

employment data breach
, ,

How Hayes Connor helps our clients after an employment data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is the employment data breach. Here are just some of the employment data breach cases we have helped our clients with recently.

Breach of data leading to an employment dispute

Our client was referred to a qualified third-party for a standard workplace assessment. This assessment was designed to make sure she had everything she needed to reach her full potential in her job. However, the party conducting the evaluation added sensitive personal information about her to their report. And they gave this to her employer.

This information was not relevant to the assessment. Moreover, it led to a dispute between our client and her employer over the disclosures she made while applying for her job.

In response, our client made a data breach claim against the workplace assessment provider. And, as well as claiming for the initial breach of her sensitive information, she also claimed for the loss and injury she suffered by the infringement when this knowledge was used against her.

Employment data breach leads to an increase in unwanted spam

Our client suffered a data breach when his employer was hacked and his financial information was put at risk.

As a result of the hack, our client was bombarded with unwanted spam calls and text messages, Some of which became quite personal. This proved to be very distressing. It resulted in him and his family suffering from distress and worry. Our client was diagnosed with an anxiety-related psychological condition that would require treatment to help him fully recover.

As the spam could be traced back to the original data hack, he was able to claim for the breach of his data and the injury caused.

Help is needed after an employment data breach

Today, such unlawful disclosures are all too familiar. And, in such cases, this can result in complex anxiety and stress.

But in such situations, you can claim damages for any psychological injuries caused by the breach of your personal data. If you find yourself suffering, make sure you seek appropriate medical attention as soon as any symptoms arise so that the impact can be adequately assessed.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following an employment data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making an employment data breach compensation claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it. And we will make sure that your employment rights are protected during and after any claim against an employer.

Our professional, friendly team will advise you on whether you have a valid claim against an employer (or third-party). If you have a substantial case, we may be able to act on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

local authority breach
, ,

How Hayes Connor helps our clients after a local authority data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is local authority data breaches.

The public sector is privy to a wide range of our sensitive information. And this data is regularly shared between organisations and departments as part of modern governance and the delivery of public services. But, with data breaches on the rise, government bodies must do more to improve cybersecurity.

Here are just some of the local authority data breath cases we have helped our clients with recently.

Copy of a court order sent to the wrong postal address

In this data breach, a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.

Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened. And after talking to the neighbour,  it became clear that it had also been read.

What’s more, when the letter was passed to the right house, it wasn’t handed to the right person. Because it was opened, it was read by another member of the family. They became distressed at the contents. This went on to cause difficulties in the family.

As a result of a seemingly small admin error when posting the letter, this data breach has caused considerable upset and embarrassment to our client. He had to explain a sensitive situation to his family in more detail than might otherwise have been necessary. And, his neighbours became aware of a very private and sensitive situation. One which has been talked about within his small local community.

As such the consequences of the error and the impact on his mental health were far-reaching.

Woman’s driving licence shared without her permission by a local council

The secretary of a committee informed our client that the local council had emailed them a copy of her driving license.

Concerned that her data had been breached, our client searched online for a data breach solicitor. She then emailed Hayes Connor to find out if we thought the case was worth taking on. We agreed that her data had been breached and took her case on a no-win, no-fee basis. We sent her a detailed questionnaire which she filled out and returned so we could prepare her case.

Next, we instructed our appointed barrister to provide expert advice on her prospects of success and the amount of compensation she was entitled to for the data breach.

Then we sent a letter before action (LBA) to the council. The LBA let the local authority know that we would be starting proceedings against it and we were very serious about getting her the compensation she deserved for the distress caused by the violation.

The council responded, attempting to justify why it felt her claim was not valid. However, we replied setting out why it was, and we requested that they supply a number of documents as evidence. We also sent a ‘Part 36’ offer to the authority. This is designed to encourage parties to settle disputes without going to trial. This offer was accepted.

Commenting on her experience, our client said: “Highly professional and very informative, every step of the way. Also been very helpful! After this experience I can’t think of anything at all that could improve your service. Everything was explained to myself in a straightforward way, and I certainly would recommend Hayes Connor, without a doubt! Absolutely fantastic!”

Help is needed after a local authority data breach

As central and local government becomes digital, it is vital that there are adequate and robust protections in place to secure the data and information held within it. And that public sector staff have the knowledge and ability to handle such data securely. But all too often this isn’t happening.  And, as you can see, the result of not looking after personal information properly could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a local authority data breach compensation claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

Our professional, friendly team will advise you on whether you have a valid claim against a local council, department or other government body. If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.

 

faqs about hcs
, , ,

FAQs about HCS

Here at Hayes Connor Solicitors, our core aim is to help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences.

To give you an idea about how we do this, here are some of the most common questions we get asked about our firm and the work we do.

Cybercrime is quite new. How can Hayes Connor Solicitors be compensation experts?

Over the past year, our firm has established itself as the only niche provider of legal services in this area. A relatively new and evolving area of law, this is all we do, and we have become a true specialist in data breach law. As such, we lead our field when it comes to understanding the complexities involved.

But before that, we worked on different types of compensation claims. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you. Both in terms of damages achieved and service delivered.

What type of cybercrime and data breach cases do Hayes Connor Solicitors do?

At Hayes Connor, our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways. There are two main ways we get compensation for our clients:

Group actions

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. However, in many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

Find out more about our NO WIN, NO FEE group actions.

Individual cases

In most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be devastating.

Take a look at our case studies to see how we are helping people across the UK to win the compensation they deserve – often on a NO WIN, NO FEE basis.

Will Hayes Connor Solicitors keep my data safe?

Absolutely. We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you.

Once we have your details, we treat these with the utmost care, compassion, and privacy.  We never pass on these details to third parties for marketing purposes – or indeed for any other reason without express permission. This commitment to ensuring our customers’ peace of mind is absolute.

As well as making sure all personal details are protected/confidential, we also deal with all enquiries sensitively and professionally, and we never ask unnecessary or intrusive questions.

Is it difficult to make a data breach or cybercrime compensation claim?

At Hayes Connor Solicitors, we understand that making a compensation claim can be stressful. As such, we’ve created a handy step-by-step guide to help explain the process.

Read our step-by-step guide to making a data breach claim.

Also, we understand that you want a fast, efficient, no-nonsense service – and that’s precisely how we deliver legal services to our clients. As such, we use the latest technology and a highly-trained team to provide excellence of service.

How much do Hayes Connor Solicitors charge to make a data breach or cybercrime compensation claim?

Access to professional legal advice is a fundamental right. That’s why it’s important that everyone can afford to make a data breach or cybercrime compensation claim should they need to.

Removing the financial risk, at Hayes Connor Solicitors, we provide our services on a no-win, no-fee basis to help our clients get the compensation they deserve. But what does this actually mean and are there really no costs if you appoint us?

Read our ‘Explaining No Win, No Fee’ guide.

Can’t I just make a claim without a solicitor?

You can make a data breach or cybercrime claim on your own. What’s more, if you go ahead and no settlement is reached, you can even represent yourself in court. In fact, the number of people doing this in recent years has increased.

The legal term for representing yourself this way is called ‘litigating in person’ (LiP). However, while there has been a rise in the number of people doing this, this is often because they don’t think they have any choice due to a lack of alternative funding options.

At Hayes Connor, we believe that the best way to make organisations pay for their failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

Firstly we have the legal expertise needed to take on big players such as Ticketmaster, Dixons Carphone and Equifax. And, where enough people come forward, we might even launch a group action against a company.

We believe that a group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team will get the results you deserve.

On the other hand, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession, and this could ultimately see you lose out financially as a result.

Crucially, we deal with all breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

How much will Hayes Connor Solicitors charge me if I win?

To cover our costs, if we win your claim, we will charge a success fee. This is capped at 25% of any compensation you receive. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

In some larger group actions, we expect to be paid by the offending party and might even be able to work at no charge to you. This means, when you win, unlike with a claims management company, you could receive 100% of the compensation awarded to you.

Will you explain everything in plain English?

Absolutely, we are committed to keeping you informed, every step of the way. In fact, we have created loads of content to ensure you always know what’s happening.

We do this because we want our clients to have as much information as possible before making a claim so that they feel fully informed at all times. Through this approach, we ensure that the process of making a data breach claim is understood, straightforward and stress-free.

Read our latest News & Resources.

Will you pressure me into making a data breach or cybercrime compensation claim?

No way. We hate spam and pushy lawyers!

At Hayes Connor Solicitors, we only ever deal with organic enquiries. We never buy data, cold call, or send spam texts or emails. Even our PPC campaigns are monitored to reduce the spam effect, and we never pressure anyone into making a claim. We feel this is essential when it comes to protecting our clients, and upholding the standards of the legal profession.

Will you help me to recover from a data breach or cybercrime?

Yes of course. This is why we believe that it’s vital that people seek compensation to help them get their lives back on track as soon as possible. But we don’t believe that our obligation to our clients stops there. So, we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

We also work with Victim Support to help those affected by cybercrime and data breaches. The partnership sees us provide the charity with regular expertise and advice on its legal content.

Monzo Data Breach
,

Is Monzo Bank losing its shine after a series of data breaches?

Monzo was heaped with praise after the challenger bank warned Ticketmaster that customers might be at risk. Long before the high-profile data breach was uncovered at the ticket sales company. Ticketmaster failed to take these warnings seriously. Despite Monzo’s caution that some customers were experiencing fraudulent transactions on their accounts after buying tickets from the online merchant.  But, the satisfaction of being the latest data security darling didn’t last long. Mainly because, shortly after Monzo called Ticketmaster out for its failures, the bank suffered a severe data breach of its own.

In this case, the personal details of 20,000 of its customers were lifted from a third-party survey. And, making matters worse for Monzo, earlier this month it was revealed that nearly half a million customers had to reset their PINs after information was left in an insecure file.

So, has the shine really gone from Monzo bank?

Data protection heavyweight and managing director at Hayes Connor Solicitors, Kingsley Hayes certainly thinks so. Commenting on the ongoing Monzo saga, he said:

“All that glitters isn’t gold, and this certainly seems to be the case with Monzo bank”.

What happened in the Monzo data breaches?

Monzo data breach number one

In July 2018, Monzo reported that it had fallen victim to cyber crooks after attackers found a weakness in Typeform’s (a third -party survey supplier) security. In total, around 20,000 customers had their email addresses stolen. A smaller number also had additional information, such as postcodes and names of previous banks exposed.

Speaking about this case, Kingsley said:

“Despite the breach, Monzo escaped largely unscathed from reputational damage. Mainly because Monzo gave its customers as much information as possible as quickly as possible. This is vital when it comes to helping customers protect themselves from further damage following a privacy violation. However, as details about another breach now come to light, it’s unlikely that customers will be as forgiving a second time around”.

Monzo data breach number two

According to a new Monzo blog post, because of a failure in internal security processes, 480,000 customers PINs were theoretically accessible to employees at Monzo for months. And, as a result, half a million customers have now been advised to change their PINs.

Also, while Monzo claims that the PINs were encrypted, when talking to Wired, cyber security Marios Kyriacou said:“at this point, we do not know what ‘encrypted’ means. Given that PINs are made up of four digits, it wouldn’t be difficult to decrypt these and find out what the real PINs were.”

Adding his expertise to this matter, Kingsley commented:

“As this is the second data breach experienced by the bank, victims of the privacy violation are now rightly angry. Keeping everyone informed is all well and good, but Monzo would do better if it didn’t put its customers at risk of financial fraud, identity theft, and emotional distress in the first place.

“Also, unlike the previous cyber-attack, this failure is 100% down to Monzo. No cybercriminals or third-parties were involved. So, customers are left wondering whether Monzo’s internal security procedures are up to scratch. It certainly doesn’t look like they are.”

Holding Monzo to account

Kingsley added:

“Monzo has a duty to protect your personal information. Regardless of whether we are talking about a cyber-attack or a failure in security processes. So, if you have suffered damage or distress as a result of a Monzo data breach, you have a right to claim compensation.

“With data breaches on the rise, something has to be done to make big companies accountable for data losses. So, claiming compensation isn’t just in your best interests; it could be the only way to ensure that businesses everywhere implement more secure processes.

“At Hayes Connor Solicitors, we are already holding Ticketmaster to account for its failings, and we are ready to do the same for Monzo. Our process is fully compliant with ICO guidance, and we never put your details at risk.

“What’s more, as well as helping you to claim compensation, we also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.”

If you’d like to find out more, contact us today for advice and help.

REGISTER NOW

 

what kind of breaches
, ,

What kind of data protection breaches can we help you with?

At Hayes Connor Solicitors, we help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences. Our experts deal with a significant volume of data breach cases each day. And, during our work, we see how data breaches can affect people in different ways.

There are two main ways we get compensation for our clients.

1. Individual data protection breaches

In most cases, data breaches aren’t caused by scammers trying to hack big businesses. They are caused by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be just as devastating.

What can happen when sensitive information gets sent to the wrong address?

For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

In this data breach, a local authority sent a copy of a court order containing confidential personal information about a father (our client) and his daughter to the wrong postal address.

Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened. And after talking to the neighbour, it became apparent that it had also been read.

What’s more, when the letter was passed to the right house, it wasn’t handed to the right person. Because it was opened, it was then read by another member of the family. They became distressed at the contents. This went on to cause difficulties in the family.

As a result of a seemingly small admin error when posting the letter, this data breach has caused considerable distress, upset and embarrassment to our client and his family. He had to explain a sensitive situation to his family in more detail than would otherwise have been necessary. And, his neighbours became aware of a very private and sensitive situation. One which has been talked about within the small local community where he lives. As such, the consequences of the error were far-reaching.

Breach of data leading to an employment dispute

In another case, our client was referred to a third-party for a standard workplace assessment. This assessment was designed to make sure she had everything she needed to reach her full potential in her job. However, the party conducting the evaluation added sensitive personal information about her to their report and gave this to her employer.

This information was not relevant to the assessment our client undertook. Worse, it led to a dispute between her and her employer over the disclosures she made while applying for her job.

In response, our client made a data breach claim against the workplace assessment provider. As well as claiming for the initial breach of her sensitive information, she also claimed damages for the loss and injury she suffered by the infringement when this knowledge was used against her.

2. Data protection breaches group actions

In many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim.

With a group action claim, this group of people (the claimants) collectively bring their cases to court against a defendant. These victims then fight together to achieve compensation in the High Court of Justice.

Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

At the moment, we have launched (or are considering launching) group action claims against the following companies:

  • Amazon
  • British Airways
  • Dixons Carphone Warehouse
  • Equifax
  • Marriott International Group
  • TeamSport Indoor Karting
  • The Police Federation of England and Wales (PFEW).

Find out more about our NO WIN, NO FEE group actions.

Helping our clients get the compensation they deserve

These are just some examples of the types of data breach cases we deal with every day. And, as you can see, these are serious cases that often put people’s mental health and even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Find out more about making a data breach claim with Hayes Connor Solicitors.

Or, for more advice on how to keep your data safe, follow us on Twitter and Facebook.

 

ba data breach
, , ,

What evidence do you need to join the BA data breach?

The ICO has announced plans to fine British Airways (BA) a whopping £183.93 million for its 2018 data breach. As a result of the BA data breach, almost 400,000 British Airways customers had their personal details and bank cards stolen. Enough details were exposed to make the threat of cybercrime a real possibility. Many banks had to cancel and re-issue cards as a result of the breach.

While cybercriminals caused the breach, the ICO is coming down strong on BA. This is because the privacy violation was only possible due to inadequate security arrangements at the airline.

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. As such, we have launched a group action to help victims of the BA data breach to get the compensation they deserve. And, we are currently collating valuable information about how this privacy violation has affected people to help us make the strongest claim possible.

What do you need to join our BA data breach?

To join our BA group action, we need evidence that your data was put at risk by the data breach. British Airways claims that it has emailed everyone involved in the violation, so if you still have that email, we can use that to start your claim.

However, in some cases, victims of the British Airways breach may not have received this email. For example, it might have gone into your spam folder. As such, we would advise you to check to make sure you haven’t received an email from the company (but do not click on any suspicious links).

Of course, if the email did go into your spam folder, it may have already been automatically deleted. If this is the case, you will need to provide alternative evidence.

If you haven’t got the email from BA, you can provide:

  • Evidence that you purchased tickets from BA on or between 22.58 on the 21st August 2018 and 21.45 on the 5th September 2018. Only people who bought tickets during this specific timeframe were impacted by the data breach
  • Evidence of any fraudulent transactions/attempts/alerts/cancelled cards that relate specifically to the card you used to purchase tickets from BA
  • Confirmation that, as far as you are aware, your card was not put at risk by another data breach.

What if you haven’t suffered any losses?

If you did use your card to purchase tickets during the above period, but haven’t yet been the victim of any fraudulent activity, this doesn’t mean that you are safe. Often data stolen by cybercriminals is used in batches over time. So, the losses incurred by a data breach are not always immediately apparent.

As such, if you used your card during the affected period, and are worried that you could be at risk, you can still let us know.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, our BA group action allows people affected by this breach to bring a claim on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.

REGISTER NOW