If an organisation fails to protect your personal data as it is legally required to do, you have a right to claim compensation. However, where the privacy violation affects multiple people, you won’t be the only person making a claim. In such circumstances, it is often worth joining a data breach group action.
In this quick guide, you’ll find out:
A group action claim arises when people – sometimes even thousands or millions of people – have been affected by the same data breach. A group action can be initiated even if the victims of the offence have experienced different levels of harm (e.g. if some people had their email addresses stolen, while others had their credit card details compromised).
Group action cases are sometimes called class actions, collective redress actions, multi-claimant or multi-party actions.
With a group action, the people affected by the breach (the claimants) collectively seek compensation from the defendant – either through settlement or an award in the High Court of Justice.
Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have all had their email addresses stolen.
In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Keller Lenkner UK’s data breach solicitors will be appointed as the representative in many future actions.
In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group.
Group action claims are becoming far more common in the UK. Here are just some of the reasons why:
Anyone who has suffered damage, distress, or a loss of privacy caused by an organisation breaching any part of the Data Protection Act can join a group action claim.
At Keller Lenkner UK, our data breach solicitors regularly launch group actions to take on corporate giants and large organisations who have failed to meet their data protection responsibilities.
In 2020, over 100 educational and third-sector organisations were put at risk following a breach of the Blackbaud cloud platform. Blackbaud – a firm that provides administration, fundraising, and financial management software – was targeted by cybercriminals in a devastating cyber-attack. The hackers demanded a ransom in exchange for deleting the data, which Blackbaud paid.
Almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. When investigating the first data failure, a second data breach was also spotted at the airline. And in a third data breach, security researchers uncovered unencrypted links within BA’s e-ticketing process.
The Dixons Carphone Warehouse data breach resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores.
The DVLA makes money selling the names and addresses of registered vehicle owners to private parking companies so they can issue fines. If you have been issued with a parking charge notice you could be affected and due compensation.
In 2020, EasyJet admitted that, as well as the personal details of nine million customers, over 2,000 passengers had their credit card details accessed by hackers.
In 2017, poor security processes at Equifax led to a huge data breach. The ICO has since fined Equifax £500,000 and people who have been affected by the breach can register to make a compensation claim.
In August 2019, over 750 annual benefit statements were sent to the wrong postal addresses. These statements were for police officers of Sussex Police.
Equiniti, a company that provides support, communications and technology platforms to help manage company pensions, was responsible for distributing these statements.
In January 2021, London-based estate agent Foxtons discovered that it had experienced a huge data breach. But, despite an investigation finding 16,000 card details, addresses and correspondence related to this breach on the dark web, Foxtons did not tell its customers that criminals had accessed and exposed their data.
The personal details of victims of crime in Greater Manchester have been put online by mistake.
The data breach affects victims of sexual abuse, witnesses and people reporting crime. According to the Force, no informant details were breached.
Thousands of people are thought to be affected.
Hackney Council was sit by a serious cyberattack that affected most of its services. If you think you may have lost data in this incident, contact Keller Lenkner and we will help you to investigate that loss.
The Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR) – a company which performs early clinical trials of drugs and vaccines. The criminal group had previously promised not to attack medical organisations during the coronavirus outbreak.
LinkedIn has suffered a massive data breach affecting 700 million people. In total, 92% of LinkedIn users are reportedly affected by this breach. The stolen data includes salary information.
Fintech startup LOQBOX – a company that helps people to improve their credit ratings – suffered a cyber-attack in February 2020. As well as personal data, some financial information was also breached.
In 2018, a huge data breach put 339 million Marriott International customers at risk. And, in 2020, Marriott confirmed another data breach – this time involving the personal information of 5.2 million guests.
The National Trust has issued a data breach alert after a cyberattack on cloud computing company Blackbaud. Blackbaud provides software to the National Trust. The National Trust confirmed that data about its volunteering and fundraising communities has been compromised. Its 5.6 million members are not though to be at risk.
OnePlus has emailed customers to let them know that a data breach put their personal information at risk. Worse, OnePlus confirmed that the hack resulted in customer order information falling into the hands of an unauthorised third-party.
Anyone involved in the People’s Energy breach could now be at risk. Customers are being warned that criminals might try and contact them using the stolen contact details. Victims of this breach are now at a greater risk of fraud, theft, and scams.
If your data was included in this breach, and you live in England & Wales, you may be able to make a compensation claim with Keller Lenkner UK.
In 2019, The Police Federation of England and Wales (PFEW) suffered a severe data breach following a ransomware cyber-attack hit the PFEW headquarters. Around 120,000 current and former officers are affected.
In June 2021 it was revealed that over 100 special forces troops were publicly identified in an email security breach. Given that the names of those in special forces units are strictly protected, this is a severe breach that could have serious repercussions on UK intelligence and those whose data has been revealed.
In November 2019, T-Mobile suffered a severe data breach. Over a million pre-paid customers are believed to be affected. T-Mobile was very unforthcoming about the data hack and did not provide additional information at the time of the breach.
At Keller Lenkner UK, our data breach solicitors believe that data privacy rights should be protected. And that everyone should be able to claim if they have been let down. Cost should not be a barrier to justice. That’s why we offer no-win, no-fee agreements to help our clients.
No-win, no-fee means that, if your claim is not successful, you won’t have to pay a penny towards your case. There are no hidden charges or other administration fees. Before appointing any data breach solicitor, you must ask how much you will pay if you don’t win your case.
If your claim is successful, you usually have to contribute towards your solicitor’s costs. This is called a ‘success fee’. It is taken from the compensation awarded to you, and it can be much higher than you expected.
At Keller Lenkner UK, you never have to pay more than 25% of your compensation in a data breach case. There are no hidden charges or other administration fees. We always make sure you are fully informed about any potential costs before we proceed.
No. Just because your case is part of a group action doesn’t mean that you will receive the same amount of compensation as everyone else.
All claims within a group action are settled based on their merits, and, as with any case, the value of your claim depends on the extent of your suffering. So if your claim is successful, you will receive what you are owed.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach or cybercrime:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts
Cybercrime can have a significant impact on you, both mentally and physically. It can cause or exacerbate anxiety, stress and other psychological conditions.
Because we understand that the full impact of a data breach is often not felt until months after the initial violation, we take a long-term view when it comes to claiming compensation on your behalf.
There are no guidelines about how much compensation you can be awarded for a claim under the Data Protection Act. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.
Keller Lenkner UK Limited is a formidable multi-claimant law firm. Combining technical expertise with experience in handling large volume cases, we represent our clients with passion, experience and diligence.
Having opened a new data breach division in 2020, Keller Lenkner UK is also gaining an enviable reputation in data breach law. And, with a team of data protection experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor – and considerable multi-claimant expertise, it’s easy to see why.
We have offices in Chancery Lane, London and Liverpool City Centre, and the technology to provide a nationwide service.
The Keller Lenkner name is synonymous with negotiating power. What’s more, our directors have proven experience in the US. This means that our data breach lawyers are backed by global expertise. This is advantageous when it comes to taking on big players and complicated group actions.
Other firms might claim to be data protection experts, but it takes more than an understanding of the law to succeed. At Keller Lenkner UK our team of data breach lawyers has the passion, skill, persistence and resources to fight your corner and win.
An IT blunder at Hackney Council has publicly exposed the names and addresses of vulnerable women living in hostels for their own safety. The breach was only spotted when investigators at local newspaper Hackney Citizen informed the council.
T-Mobile has admitted that, once again, hackers have accessed its systems. The confirmation comes after some T-Mobile customer data was found listed for sale on a cybercriminal forum. The seller is asking for 6 bitcoin (around £203,000) for a 30 million subset of the data. The seller claims to be selling the rest of the data privately.
Around 16 million people may be affected by this improper handling of data, and if you have received a private parking fine from 2016 to present day, you could be due thousands of pounds in compensation.
Keller Lenkner UK has been shortlisted at The British Legal Awards 2021 in the ‘Independent Law Firm of the Year’ and ‘Strategic Legal Operations Team of the Year’ categories. We have also been shortlisted for the ‘Disputes Boutique Firm of the Year’ award at this year’s The Lawyer Awards.
