/ Money

Have you been a victim of a data breach?

Has your data been compromised in a cyber attack? Have you noticed any fraudulent or suspicious activity as a result? We want to hear about your experiences.

Back in May, a cyber-attack hit EasyJet, which could have exposed up to nine million people’s details.

In 2015, hackers accessed the details of 156,959 customers and 15,656 bank account numbers belonging to TalkTalk customers.

I’m currently working on an investigation into cyber-attacks and would like to hear from anyone who has lost money or encountered a scam following a data breach like these.

How do scammers use the data?

When your data is compromised in a cyber-attack, it can be sold to scammers on the dark web.

As a result, you might notice fraudulent activity after a data breach, such as:

⚠ Nuisance phone calls or emails

Credit or debit card fraud

Identify theft

If you’ve experienced any of these and think the suspicious activity is linked to a cyber-attack, I’d be really keen to hear more about it in the comments below.

As part of the investigation, I’ll be looking into what happens to your data in between it being stolen and it reaching scammers.

I’ll also be looking at better ways for you to protect yourself against harmful activity after a data breach.

What to do if you’re affected by a breach

If your personal data has been compromised in a cyber-attack, it’s well worth taking steps to protect yourself:

🔷 Change your password if your data has been lost and you use similar login details on other websites.

🔷 Keep a careful eye on your bank accounts and credit report for any suspicious activity and call your bank straight away if you notice anything.

🔷 Be wary of unexpected emails or phone calls – they could well be scams.

You can read our full guide to data breaches here.

Should customers be compensated?

A number of high-profile companies have been hit with data breaches over the past few years, and it looks like there may well be more going forward.

While the companies are often fined by the Information Commissioner’s Office, there is little by way of compensation for consumers affected.

Under GDPR legislation that came into effect in 2018, organisations are legally obliged to keep data secure.

So, if your data is lost and it causes you financial damage or distress, you may be able to make a claim from the organisation that lost it.

I’ll be looking into how many successful claims have been made by consumers and whether people should be entitled to compensation when their data is stolen.

Have you ever made a successful or unsuccessful claim against an organisation following a data breach? 

If so, let me know in the comments and I’ll follow up with the best way for us to have a private discussion about what happened.

Em says:
14 July 2020

Hi Hannah, your lead article contains a small error:

While the companies are often fined by the Information Commissioner’s Office (EasyJet was fined as much as £183 million), there is little by way of compensation for consumers affected.

EasyJet have yet to be fined by the ICO for their 2020 data breach. It was British Airways who were fined £183 million over their data breach in 2018 – only 500,000 customers. If EasyJet are found culpable for the data leak of 11 million customers, the fine might be somewhat more than that (up to 4% of revenue), so potentially up to £256 million.

I received notification recently saying that there had been a data breach where my information may have been exposed. I cant remember what company it was. However, 4 months ago I was a victim of identity theft where 2 mobile phone accounts were set up and phones delivered to me using my name and address and I was informed that someone tried to get credit to but a laptop, again using my name and address. Thankfully, they did not have my bank account details. The fraud departments of the phone companies have undertaken their investigation and closed the cases along with the finance company. I also reported this to my bank and Action Fraud.

Looks like some folk having scones at the Ritz have been scammed, see:- https://www.bbc.co.uk/news/technology-53793922

Thanks for that information Derek. It confirms that the Ritz – which probably makes the perfect scones – puts the scam on before the cream. See –

<”Afternoon Tea is served daily at 11.30am, 1.30pm, 3.30pm, 5.30pm, and 7.30pm. Priced at £53.50 for adults and £35 for children (including Value Added Tax at the prevailing rate at the time of payment) until 12th January 2021.
https://www.theritzlondon.com › aft…

Quite a long afternoon and presumably 2 hours in which to enjoy your sandwiches. I wonder how many ask for more ”a delectable selection of cakes and pastries, which will be replenished on request ” to extract maximum value?

A Sunday tradition when we holidayed in Dartmouth was lunch at the riverside hotel. Fixed price with a great selection of food for the three courses, including a delectable selection of puddings and pastries. We were a little amused to see one gentleman, dining with his wife, secreting a couple of pastries in the large patch pockets of his corduroy jacket. When he had gone the waitress who had served them saw we had noticed and told us they were locals who did this regularly.

Sorry, just realised I’m well off topic. I may now get writs from the modoreators.

I was half tempted to post this thread in the scones Convo but given the relevance to data breaches, thought it should best go here.

Hi Hannah this has been an ongoing issue for me 2/12 years to be exact compromised email accounts money been took from my bank subscriptions been taken By apple and never refunded me someone taking ownership of my whole account I still have bank receipts screen footage involved the police with names addresses bank statements and still never investigated and still haven’t and it’s still going on I’ve had numerous of mobile no emails with Tesco three and Bt I’ve had three WiFi installed and each one has been compromised it’s cost me thousands I’ve had my Samsung tv repaired three times twice when it was under a year old and just over a year old a new motherboard had to be replaced all the settings where modified the interface I could only watch some channels and most apps where locked and I couldn’t open them then an external remote control had been added to this day I haven’t had that tv on as I couldn’t have the added stress to what I already have I lost both my parents this year first my mum on jan2020 then my dad nov2020 the product was apples I phone and all apple done for two years was wipe it start from new with a new email and it’s still like this two and a half year later I lost all the memories I had of my mother and dad and will never be able to replace that ever again that means more to me than anything I have suffered serious anxiety stress sleepless nights as it been relentless every day with something fake codes from fb redirected to fake sites numbers that are in my itemised bills today that do not belong to me I have a least 30 mobile numbers all written down I’ve been everywhere but because apple wiped my phone twice a week I had no evidence to use but this time with another brand new phone a different provider with my phone and broadband 2 new numbers and 2 emails since Oct 2020 and the broadband was only installed in Oct I could go on and on I would be here all day even my car online account I had seven emails made up and I’ve had the police out here with concrete evidence and still not enough apparently I got a run down of my credit and it stated I had a mobile from 2013 until 2017 never received one bill from Tesco regarding that contract but Tesco did tell me about that on a phone call to deny it and said there was no recorded calls regarding that information Tesco said I would receive a letter when they discovered the unusual activity on my account as my security question was changed to be changed back again to the first there was an online account made up and I confronted Tesco and said I don’t even know the password or I haven’t set up an acount to be told it would be my username which I never had so never gave them any username I’ve wrote to citizens advice action fraud waiting on the document from Samsung about the repairs I have enough evidence that my identity has been stolen and still sitting in the same position wondering who and where my identity is being used I look forward to hearing from you oh I’m not receiving emails either at the moment and this device is 8 month old so there’s a hidden agenda behind that so no one can get in touch with me that I’ve reached out to for help I would appreciate hearing from you if I get your response and can get emails thank you so much for taking the time and reading this as it is long thanks again (hence the email address)

I’d like to know how far does the 2018 gdpr law go? Does it require top level end to end encryption? If not then it SHOULD! Anything less is a waste of time, if it’s not end to end encrypted then there’s the possibility of “back doors” which provide ways in which is why end to end encryption needs making compulsory. I think anything less is a serious breach of trust. We have to trust all manner of institutions with our seriously sensitive personal information which is why we need maximum protection. It seems to me that there’s too much of the old “give an inch and they take a mile” kind of stuff going on where if regulations only require so much then the various institutions will all too often only use the minimum requirements which by the looks of it are hopelessly inadequate, as is all too often the case with UK legislation, far too loose and slack and casual and needs seriously tightening up, RIGHT up! And I sometimes get calls on my landline from someone claiming to be from openreach, telling me that they’ve noticed some kind of security problem with my router, but they don’t sound remotely like a legitimate outfit, so I tell them NOTHING and hang up sharpish.