As data breach experts, Keller Lenkner UK is looking to launch a group action claim after Simplify Group, a company that provides conveyancing services to several leading agencies, experienced a ‘major security breach’. Simplify was forced to take down many of its online systems after the incident which is thought to be a cyber-attack. As a result, sellers and buyers across the UK were left in conveyancing chaos as they could not proceed or complete their transactions.
But while some buyers and sellers were keen to hold Simplify to account for this data violation, others questioned whether a claim should be made at all. Let’s look at their arguments…
It’s "ambulance chasing "
Some people felt that, because we haven’t yet got to the bottom of this incident, it was “ambulance chasing” to highlight the breach and let people know that we were looking into the matter. However, in our experience, big organisations like to sweep data breaches under the carpet, and, as a consumer champion law firm, we can’t let that happen.
We would never make a claim without first investigating a breach and making sure that the company involved was in some way responsible. But, as there are court deadlines in place to claim data breach compensation, we believe that we should make people aware of their legal options ASAP. That way, those affected by the breach can register with us, and we’ll keep them updated as any information comes to light. We only ever start a claim once we have a reasonable assumption that the business involved failed to meet its legal obligations.
We don’t even know if any data was breached
It is true that, while Simplify has confirmed a ‘major security breach’ it is not yet confirmed what customer data was compromised in the cyberattack. However, when it comes to GDPR failures and abuses, it is not just about data breaches.
Today, too many companies are failing to uphold our individual data rights in other ways. If you have suffered financial loss or distress caused by an organisation breaching any part of the GDPR/Data Protection Act, you have the right to claim compensation.
Moving home is already a stressful and emotional experience, and the additional anxiety and anguish caused by this breach added to the distress. In addition, because they were unable to proceed with their sale/purchase, many of those affected had to find unexpected storage for possessions and temporary accommodation. As a result, they lost out financially.
We could make those involved in the breach even more stressed
At Keller Lenkner UK, we understand that a data breach can cause significant levels of stress for those involved. But ignoring a breach is no way to deal with it. Anyone whose data might have been compromised in a breach – whether confirmed or not – should be told so that they can take steps to protect themselves.
Following a breach, cybercriminals routinely use compromised data to target victims with scams and phishing attacks. We believe that the best way to protect yourself from possible financial damage is to be aware of the risk.
No system is safe so Simplify should not be held responsible
We have heard some people say that no matter how good your cyber security is, there are always criminals that will be better. Therefore, it is not right to chase compensation as it could damage the offending organisation.
But we believe that companies must be held to account for their GDPR failures.
The sheer scale of the information we share on and offline is enough to leave us open to the threat of fraud and identity theft should it get into the wrong hands. For example, following a data breach, we have seen cybercriminals apply for credit in a victim’s name, set up fraudulent bank accounts and access their existing accounts. And, in this case, whether personal data was exposed or not, people have already experienced financial fraud and mental distress.
With data hacks and breaches happening more and more often, something must be done to make companies accountable for their failures to implement adequate data security measures. And, in our experience, in most cases, data security incidents of this scale usually uncover a catalogue of security errors within a company.
Claiming compensation could be the only way to ensure that they implement more secure processes in future. What’s more, in a world that is increasingly digital, cyber-attacks are going to happen, so organisations usually take out insurance to cover the risk of cybercrime.
We are "taking advantage" of a bad situation
We are proud of the work we do when it comes to upholding individual data protection rights. We also do a lot of work to raise awareness of data breaches and help people protect themselves so that the worst doesn’t happen. But, when things go wrong, it’s vital that people can access expert legal support. Crucially, because we offer no-win, no-fee funding arrangements, victims of GDPR failures can benefit from this legal support without having to worry about costs.