If an organisation fails to protect your personal data as it is legally required to do, you have a right to claim compensation. However, where the privacy violation affects multiple people, you won’t be the only person making a claim. In such circumstances, it is often worth joining a data breach group action.
In this quick guide, you’ll find out:
A group action claim arises when people – sometimes even thousands or millions of people – have been affected by the same data breach. A group action can be initiated even if the victims of the offence have experienced different levels of harm (e.g. if some people had their email addresses stolen, while others had their credit card details compromised).
Group action cases are sometimes called class actions, collective redress actions, multi-claimant or multi-party actions.
With a group action, the people affected by the breach (the claimants) collectively seek compensation from the defendant – either through settlement or an award in the High Court of Justice.
Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have all had their email addresses stolen.
In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Keller Lenkner UK’s data breach solicitors will be appointed as the representative in many future actions.
In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group.
Group action claims are becoming far more common in the UK. Here are just some of the reasons why:
Anyone who has suffered damage, distress, or a loss of privacy caused by an organisation breaching any part of the Data Protection Act can join a group action claim.
At Keller Lenkner UK, our data breach solicitors regularly launch group actions to take on corporate giants and large organisations who have failed to meet their data protection responsibilities.
In 2020, over 100 educational and third-sector organisations were put at risk following a breach of the Blackbaud cloud platform. Blackbaud – a firm that provides administration, fundraising, and financial management software – was targeted by cybercriminals in a devastating cyber-attack. The hackers demanded a ransom in exchange for deleting the data, which Blackbaud paid.
Almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. When investigating the first data failure, a second data breach was also spotted at the airline. And in a third data breach, security researchers uncovered unencrypted links within BA’s e-ticketing process.
The Dixons Carphone Warehouse data breach resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores.
In 2020, EasyJet admitted that, as well as the personal details of nine million customers, over 2,000 passengers had their credit card details accessed by hackers.
In 2017, poor security processes at Equifax led to a huge data breach. The ICO has since fined Equifax £500,000 and people who have been affected by the breach can register to make a compensation claim.
In August 2019, over 750 annual benefit statements were sent to the wrong postal addresses. These statements were for police officers of Sussex Police.
Equiniti, a company that provides support, communications and technology platforms to help manage company pensions, was responsible for distributing these statements.
In January 2021, London-based estate agent Foxtons discovered that it had experienced a huge data breach. But, despite an investigation finding 16,000 card details, addresses and correspondence related to this breach on the dark web, Foxtons did not tell its customers that criminals had accessed and exposed their data.
The personal details of victims of crime in Greater Manchester have been put online by mistake.
The data breach affects victims of sexual abuse, witnesses and people reporting crime. According to the Force, no informant details were breached.
Thousands of people are thought to be affected.
Hackney Council was sit by a serious cyberattack that affected most of its services. If you think you may have lost data in this incident, contact Keller Lenkner and we will help you to investigate that loss.
The Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR) – a company which performs early clinical trials of drugs and vaccines. The criminal group had previously promised not to attack medical organisations during the coronavirus outbreak.
Fintech startup LOQBOX – a company that helps people to improve their credit ratings – suffered a cyber-attack in February 2020. As well as personal data, some financial information was also breached.
In 2018, a huge data breach put 339 million Marriott International customers at risk. And, in 2020, Marriott confirmed another data breach – this time involving the personal information of 5.2 million guests.
The National Trust has issued a data breach alert after a cyberattack on cloud computing company Blackbaud. Blackbaud provides software to the National Trust. The National Trust confirmed that data about its volunteering and fundraising communities has been compromised. Its 5.6 million members are not though to be at risk.
OnePlus has emailed customers to let them know that a data breach put their personal information at risk. Worse, OnePlus confirmed that the hack resulted in customer order information falling into the hands of an unauthorised third-party.
Anyone involved in the People’s Energy breach could now be at risk. Customers are being warned that criminals might try and contact them using the stolen contact details. Victims of this breach are now at a greater risk of fraud, theft, and scams.
If your data was included in this breach, and you live in England & Wales, you may be able to make a compensation claim with Keller Lenkner UK.
In 2019, The Police Federation of England and Wales (PFEW) suffered a severe data breach following a ransomware cyber-attack hit the PFEW headquarters. Around 120,000 current and former officers are affected.
In November 2019, T-Mobile suffered a severe data breach. Over a million pre-paid customers are believed to be affected. T-Mobile was very unforthcoming about the data hack and did not provide additional information at the time of the breach.
TeamSport Indoor Karting, which operates racing circuits across the UK, suffered a significant data breach. The breach affects former employees of the company.
In June 2018, Ticketmaster admitted to a huge data breach. The breach happened after a supplier to Ticketmaster was infected with malicious software while having access to the Ticketmaster website. The Ticketmaster data breach affects up to 40,000 people.
Anyone involved in the Total Fitness data breach could now be at risk. Customers should be aware that criminals might try and contact them using the stolen contact details. Victims of this breach are now at a greater risk of fraud, theft, and scams.
If your data was included in this breach, and you live in England & Wales, you may be able to make a no-win, no-fee compensation claim with Keller Lenkner UK.
At Keller Lenkner UK, our data breach solicitors believe that data privacy rights should be protected. And that everyone should be able to claim if they have been let down. Cost should not be a barrier to justice. That’s why we offer no-win, no-fee agreements to help our clients.
No-win, no-fee means that, if your claim is not successful, you won’t have to pay a penny towards your case. There are no hidden charges or other administration fees. Before appointing any data breach solicitor, you must ask how much you will pay if you don’t win your case.
If your claim is successful, you usually have to contribute towards your solicitor’s costs. This is called a ‘success fee’. It is taken from the compensation awarded to you, and it can be much higher than you expected.
At Keller Lenkner UK, you never have to pay more than 25% of your compensation in a data breach case. There are no hidden charges or other administration fees. We always make sure you are fully informed about any potential costs before we proceed.
No. Just because your case is part of a group action doesn’t mean that you will receive the same amount of compensation as everyone else.
All claims within a group action are settled based on their merits, and, as with any case, the value of your claim depends on the extent of your suffering. So if your claim is successful, you will receive what you are owed.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach or cybercrime:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts
Cybercrime can have a significant impact on you, both mentally and physically. It can cause or exacerbate anxiety, stress and other psychological conditions.
Because we understand that the full impact of a data breach is often not felt until months after the initial violation, we take a long-term view when it comes to claiming compensation on your behalf.
There are no guidelines about how much compensation you can be awarded for a claim under the Data Protection Act. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.
Keller Lenkner UK Limited is a formidable multi-claimant law firm. Combining technical expertise with experience in handling large volume cases, we represent our clients with passion, experience and diligence.
Having opened a new data breach division in 2020, Keller Lenkner UK is also gaining an enviable reputation in data breach law. And, with a team of data protection experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor – and considerable multi-claimant expertise, it’s easy to see why.
We have offices in Chancery Lane, London and Liverpool City Centre, and the technology to provide a nationwide service.
The Keller Lenkner name is synonymous with negotiating power. What’s more, our directors have proven experience in the US. This means that our data breach lawyers are backed by global expertise. This is advantageous when it comes to taking on big players and complicated group actions.
Other firms might claim to be data protection experts, but it takes more than an understanding of the law to succeed. At Keller Lenkner UK our team of data breach lawyers has the passion, skill, persistence and resources to fight your corner and win.
Keller Lenkner UK is one of only two firms pursuing legal action against British Airways and the deadline to join our action is fast approaching.
Our expert data protection lawyers explain how to find out if HMR breached your data, as well as answering some of the other frequently asked questions in this case.
Ticketmaster knows exactly who was impacted by this data breach. All you must do to find out if your details were exposed is to ask Ticketmaster if you were involved. This is called making a data subject access request (DSAR/SAR).
