Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
For data breaches identified by third parties, what does this mean for the victim or victims, and what questions do we need to ask as part of a case?
Many of those that we represent are involved in cases and actions where the breach itself was revealed by someone other than the organisation that has committed the breach. In those sorts of cases, there are questions to be asked about how this is the case.
As a leading firm of data breach compensation lawyers, we may be able to help you.
Data breaches identified by third parties before the organisation that has committed the breach even knows about it can lead to added cause for concern. There shouldn’t be a breach in the first place but, when the incident itself is identified by someone other than the organisation affected, there are more questions to be asked.
The obvious one is why the organisation was unable to know that they had been breached in the first place. How was it that it took a third party to have to tell them that there is an issue?
We saw this in one of the major group actions that we are pursuing for our clients. In the case of the Virgin Media data leak, the exposed information was found by a third-party security researcher. This meant that the data had been left exposed for a period of ten months between April 2019 and February 2020.
In the context of a legal case for compensation, this can mean that there is a greater chance of success. If information has been left exposed for a long period of time and was not even identified by the organisation itself, this can demonstrate just how poor their approach is to information security.
There should be measures in place to prevent breaches but also to ensure that any risk or actual exposure of information is identified and rectified fast.
Sometimes, the damage from data breaches identified by security researchers, or even members of the public, could have been completely avoidable had warnings been heeded.
Many security researchers are constantly looking at the dark web, and when they see patterns or evidence that suggests a breach may have occurred, they will often notify the companies that may be involved. Unfortunately, not all of them take note; in fact, there has been suggestions in the past that many organisations are just ignoring the warnings that they receive. What they ought to be doing is taking steps to ensure that there has not been a breach, even if it just means being on the safe side.
In the Ticketmaster data breach compensation action that we represent clients for, it has been previously suggested that they were warned about the breach before it was discovered. It has been reported that Monzo Bank warned of the existence of the cyberattack in April before it was revealed two months later, basing their warnings on issues some of their customers had experienced.
Although after the fact, security researchers had suggested that the massive British Airways data breach event could have been avoided with a simple bug bounty costing as little as £10,000. It all shows that there is too little proactivity, and when data breaches identified by third parties are brought to the fore, it’s only right that more questions are asked.
Data breach rights are enshrined in law. Victims can be entitled to claim compensation with us on a No Win, No Fee basis.
For free, no-obligation advice today, please don’t hesitate to contact the team here.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020