Category: Latest
The third anniversary of the GDPR
This May, we have reached the third anniversary of the GDPR, which was introduced in the UK and across the EU in 2018. Seen as a momentous event for data security, the General Data Protection Regulation was predicted to overhaul data protection policies in UK businesses and organisations, affording data subjects greater rights and securities.
Designed to update data protection for the digital age, the GDPR requires that all data controllers use the appropriate technical cybersecurity measures and organisational strategies when processing and holding personal information. To some extent, important changes have been made, but it seems many data controllers have yet to fully grasp what their legal obligations are under the GDPR.
Unfortunately, there has been no major downturn in the occurrence of data breaches over the last few years, which have left countless victims worrying about the mishandling and/or exposure of their private information. Over more than 6 years of representing victims for privacy matters, we have seen how profoundly victims have been affected by incidents. We will be here to support victims in making data breach claims for as long as organisations neglect their data protection duties.
Midlands News Association data breach causes exposure of journalists’ personal information
A report by HoldtheFrontPage has recently reported that the Midlands News Association has been faced with a data breach incident, after an unauthorised third party is understood to have accessed private folders.
It is believed that data relating to former journalists of the regional newspaper was published online after being downloaded. The MNA reportedly maintain that the published data is “difficult to download and access”, but the risks for the victims could be significant.
When a data controller fails to protect private information, they can be held accountable under the law here in the UK. The victims of data breaches can often be entitled to recover compensation for any harm caused to them. As such, anyone affected by the Midlands News Association data breach can contact us for advice on their potential claim. We may be able to offer No Win, No Fee legal representation.
Customers notified of Fat Face data breach
Fashion retailer Fat Face recently released an email to customers which has brought a data breach from earlier this year to the public’s attention. It is routine for companies to notify customers of data protection breaches, but this email comes a long time after the Fat Face data breach occurred, and reportedly included a request that customers keep the details of the breach private.
It has also been claimed that Fat Face paid a ransom to a cybercrime gang after the data breach occurred in January, but this allegation has yet to be confirmed by Fat Face itself or by ICO investigators.
Nevertheless, it is worrying that customers remained unaware of the breach for over two months, as it may mean that they may not have been vigilantly monitoring potential security risks or data misuse. If it emerges that Fat Face can be held liable for the breach, those who were notified of their involvement in the data breach may be eligible to claim compensation.
Birmingham City Council data breach
Following an error by council staff, the Birmingham City Council data breach has reportedly exposed the private details of residents, potentially including those of vulnerable children.
We understand that the breach arose as a result of the accidental publication of private information to a site that was freely accessible to members of the public.
Though the council has stated that the mistake was corrected quickly, it is nevertheless true that the victims’ data could have reached the hands of malicious people. Any situation in which personal data is exposed in this way should be treated seriously and, in many cases, it may be possible for those affected to claim compensation. It can also be possible to represent victims for a legal case on a No Win, No Fee basis.
SITA data breach affects hundreds of thousands of passengers worldwide
In late February, the SITA data breach was revealed as a powerful cyberattack, which comprised of a server holding information relating to hundreds of thousands of air passengers.
Labelled as “highly sophisticated” by the company, it is understood that the wide-reaching cyberattack has not affected “highly sensitive” data, but it nevertheless demonstrates that IT systems can be severely vulnerable as hackers continue to enhance and advance their methods.
In fact, it has long been apparent that travel companies are often vulnerable to cyberattacks. They hold a wealth of sensitive data about their customers, including passport details and payment card information. A such, airlines and hotel chains can be a prime target for hackers. British Airways, which is understood to be implicated in the SITA data breach, succumbed to two major data breaches in 2018, for which we are currently representing claimants in a group action.
British Airways group action deadline – do not miss your chance to claim!
The British Airways group action deadline has received a short extension to summer 2020, which may mark the final end as to when people can sign-up for a legal case and take part in the GLO.
The first BA data breach emerged almost three whole years ago in 2018, and The Group Action Lawyers has been taking on claims for almost as long. However, there are still thousands of customers who have still not made their claim yet.
If all 400,000 victims claim, they could be sharing a total compensation pay-out of up to an estimated £2.4 billion, according to current estimations based on case law and settled claims information. All you should need to claim is proof that BA notified you of your involvement in one of their two data breaches in 2018, so do not hesitate to register on the BA Group Action site here if you think you are eligible.
Royal Derby Hospital gynaecologist investigation updated
Since the Royal Derby Hospital gynaecologist investigation was revealed, the Group Action Lawyers has anticipated news of further women being added to the list of affected patients.
In December 2020, 110 more women were reportedly informed of their involvement in the inquiry so our suspicions have, unfortunately, been confirmed.
The allegations surrounding obstetrics and gynaecology consultant Daniel Hay first came to light amid a statement from the Royal Derby Hospital which revealed that eight women had been “unnecessarily harmed” by the doctor. At that point, the hospital had contacted 136 women regarding a review of their treatment, with fears that the number of patients harmed may rise. Now, the number of patients involved in the investigation stands at 382.
Claim for the Transform Hospital Group data breach
For clients of the Transform Hospital Group, 2020 ended with the distressing news that their private data had been exposed in a malicious ransomware attack.
As a plastic surgery chain, the group holds extremely sensitive information about their patients, including surgery photos known as “before and after” images. It is understood that such photos are the subject of the ransomware attack, with some 500 gigabytes of it being held.
The affected customers may now be living in constant fear of their sensitive information being published online, as well as their details being misused in order to commit fraud or identity theft. With such sensitive information at risk, customers are, unsurprisingly, very distressed by the prospect of targeted exposure and humiliation. At the Group Action Lawyers, we have already begun taking on claimants, and we foresee that a group action may be brought if more claims are made, allowing us to launch a collective fight for justice.
Thousands could make Essure compensation claims
If you have suffered as a result of complications arising from the use of Essure, perhaps leading to the removal of the device or a recommendation by your doctor to have Essure removed, you could be one of the many eligible to make Essure compensation claims with the Group Action Lawyers.
Essure is a form of permanent birth control that is usually fitted whilst a patient is awake. It is then designed to sterilise the recipient and was manufactured by Bayer HealthCare in the United States but has been fitted in women across the globe.
What next for regulators after the BA cyberattack fine?
The Information Commissioner’s Office (ICO) announced that the BA cyberattack fine will be issued at just £20 million following their 2018 data breach.
This came as a shock to many after the ICO announced an intention to issue a fine in the sum of £183 million last year, with the final fine involving a reduction of 90%.
It is thought that the BA fine was reduced so significantly due to the impact of the coronavirus pandemic. The aviation industry in general has seen huge losses in flight and customer numbers as a result of lockdowns in various countries. The ICO appears to have taken this into consideration when issuing the fine, but many believe it is still an insignificant amount to the global airline and that it will not have the desired effect. The big question now is how this could shape regulations and fines in the future, as there is a cause for concern here.
Rise in anti-depressants prescriptions for children
The reported rise of anti-depressants prescriptions for children could be a cause for concern, particularly when the use of anti-depressants is not generally recommended by the NHS for under 18’s.
Recent figures reportedly show over 1,500 children under the age of 5 were prescribed anti-depressants, with the numbers reaching over 91,000 for 16-year olds.
Any recent reported rise in anti-depressants prescriptions for children could be partially attributed to the outbreak of the coronavirus pandemic in March. Many people, children included, have struggled to receive professional mental health services as the waiting times are so long. With the NHS staff under further pressure to cope during the pandemic, many surgeries and treatments have seen pauses and delays as resources are directed elsewhere.
The Flagship Group data breach
The Flagship Group data breach occurred on Sunday 1st November, resulting in Flagship Group’s systems and online services having to be taken offline.
The Group has since taken down more of their systems to prevent the further spread of the cyberattack as well.
The extent of the breach remains unknown but the personal details for both customers and staff may have been exposed in the Flagship group data breach. In their housing branch, Flagship Homes, they are understood to currently employ over 1,200 staff and own and manage 31,000 homes in England. Based on these figures, it could be that a significant number of people have been affected by the incident.