Whilst this comes with a large range of benefits such as having all of our important information conveniently stored in an easily-accessible place, it also increases the risk that someone else will be able to gain access to this and use your data for nefarious activities.
As such, it is becoming increasingly important to people to make sure they know that:
We walk you through the two types of data breaches and what you should do…
Business breaches can mean hundreds of thousands of people having their data lost, sold or mishandled without their knowledge. As such, businesses have a responsibility to secure customer information safely, and securely. This is well summed up by Elizabeth Denham of the Information Commissioner’s Office (ICO) who said:
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
If a business you have signed up to has lost your information or their security system has been compromised and your data has been stolen, they have a legal obligation to let you know as soon as they realise this has happened.
Hopefully, they will follow this rule and you will be informed as soon as possible that your information is compromised. It is often the case that they will try and reassure you that “only” certain parts of your data has been breached and tell you to not worry but this is a lot easier said than done if you are now faced with the prospect that your private information has been lost and shared with others.
1. Contact the ICO
It is likely that if the business is telling you that they have lost your data, they will have also self-reported themselves to the ICO. Nonetheless, it is still worth getting in touch with them as they will carry out a detailed investigation into what has happened and do a formal report confirming whether or not they believe the breach was something that the business should have or could have prevented.
The ICO will also often issue a large monetary fine if they believe the business has failed in their duties to protect your information adequately and the ICO’s decision will be a good indication of whether or not you will be able to bring a claim.
2. Find out what data of yours has been breached
Once you have contacted the ICO or you are aware they are investigating the breach, your next step should be to try and find out how much of your information has been lost. It may be the case that only some of your personal information (i.e. your name and email address) have been shared or it may be much more severe and you could discover that your financial information has also been compromised.
When you ascertain how much of your data has been breached, it is a good idea to seriously consider changing your passwords for other websites / email addresses and bank accounts to reduce the risk of the people who have stolen or received your information, using this to their advantage.
3. Make a claim
After you have done this, you should now think about the prospect of obtaining compensation for this breach. As we have said above, we do not believe it is fair that you should be expected to trust large businesses with your information only to find out they have negligently lost your data or had it stolen because their security systems are inadequate. It is likely that this incident will have caused you a great deal of stress, worry and in more severe cases actual financial loss if you have been the victim of fraudulent activity because of this breach.
Just because you have not suffered an actual financial loss, it does not mean you are not able to bring a claim. Article 82 of the EU General Data Protection Regulation (GDPR) itself expressly states that:
Making a claim
At CEL, we completely understand that you may be nervous or hesitant to make a claim after something like this has happened. The prospect of giving another business information about yourself after what has just happened to you is no doubt a daunting one but at CEL we understand the importance of data protection.
With business breaches often resulting many people being affected, we often approach these cases as a group claim. This means a ‘strength in numbers’ approach when tackling big businesses.
Regardless of if your claim is individual, or group, you will still receive first-class client care on a strictly no-win, no-fee basis.
Whilst it is more common for hackers to target larger businesses, there is also the possibility that they will try and steal your data through your personal device or account. Understandably, this is a very worrying prospect and it emphasises why it is so important that you ensure your computer or any device that contains your personal information is as secure as possible.
One way you may be able to tell that your personal information has been compromised is if you receive a call or letter from your bank to say there has been unrecognised or unusual financial activity in your account. It may also be that you receive a notification from an online business you use to say they have noticed a device not usually used by yourself has signed in or tried to sign into your account.
These are usually strong indications that something has gone awry but there are instances where the changes are much more subtle or harder to detect.
1. Contact the business of the hacked account
The first thing you should do is get in contact with the business who you hold the account to let them know what has happened and see if they can help. It might be that if a bank account has been hacked, the bank’s counter-fraud team will be able to freeze the fraudulent transaction and prevent the money from being taken.
2. Change your password
After this, if you still have access to your account, make sure you change the password as soon as possible. If you use this same password or a similar variant of it for other accounts, also change these as this will hopefully prevent further hacking. Finally, it is also a good idea to consider closing down the compromised account and making a new one to reduce the risk of it being hacked again. Whilst this is inconvenient and not ideal, it may give you some peace of mind if you know that the account which was hacked is no longer active.
Whilst you can often claim for breaches that occur when a business you have trusted with your information loses your data, it is harder to bring claims for targeted attacks on your personal computer or device as there is no other “third party” involved in the data breach. As in, it is just your device and the people who have tried to steal your information and you are unlikely to be able to track these people down and they are even more unlikely to have the money to pay you compensation on the off-chance you did manage to identify them.
However, if you believe that an account of yours has been hacked because a business you trusted with your information has suffered a data breach, then it is worth considering bringing a claim.