When data protection is too late after a cyberattack

It is too late to treat data protection with the seriousness that is required after a cyberattack has taken place, and information has already been exposed.

Despite the obviousness of this, and the stringent GDPR legislation in place, too many organisations are still failing to take action to stop a cyberattack rather than taking action after it has happened. The result is that many people can suffer when they lose control over their personal information which ends up in the hands of criminals.

Anyone affected by a data breach could be entitled to pursue a claim for compensation with our leading privacy claims experts now on a No Win, No Fee basis.

Far too many still deal with matters after a cyberattack

Far too many organisations are only treating data protection more seriously after a cyberattack has taken place, which is not good enough. In simple terms, this can be the point where it is too little, too late, and the damage has already been done. Despite the additional attention data protection has received in light of the GDPR, and many organisations suffering cyberattacks which ought to be a lesson to others, it is still common for some to only treat data protection with more respect after a cyberattack has taken place.

I recently saw one study that suggested we are still at the point where half of organisations are not doing enough until after a cyberattack has taken place.

As we often say, it only takes one weak link for cybercriminals to be able to steal swathes of very personal and sensitive information. Data has value, which is why criminals are targeting it, and they want to be able to use it to commit fraud and theft. In one single attack, they could end up exposing the information for millions of people, so it is incredibly important for organisations to do all they can to protect the information in their charge.

What victims of a data breach can do now

Not only does the GDPR put in place what needs to happen for an organisation to look after the information in their charge, but the GDPR is also there for victims to use in the event information has been exposed.

Using the GDPR, the victim of a data breach could be entitled to claim compensation for any distress and loss that they have suffered from. In most cases, it is common for people to suffer some form of distress, which is caused by the loss of control of personal information. A distress claim alone could be worth thousands of pounds, and our average data breach settlement for mostly individual cases is at just over £6,000 in damages per client. As such, the  law is on your side, and it is well worth your time pursuing your case.

What’s more, for eligible clients, we are able to offer No Win, No Fee legal representation. Ultimately, if your information has been exposed due to an avoidable cyberattack, that is when you could be eligible to pursue a case.

Easily avoidable incidents: claiming Equifax compensation for its data breach

There have been plenty of examples of easily avoidable data breaches, and one that springs to mind is our Equifax compensation claim action.

Although this incident predated the GDPR by a year, given the nature of the information that Equifax stores and processes, you would think they would have incredibly robust systems in place to protect the data they look after. Unfortunately, in early 2017, the company failed to patch a known security vulnerability, and this allowed criminals to gain access to its systems. The result was that the information for millions was affected, and we are representing a group of people who are pursuing compensation claims here in the UK.

Compensation for government data leak incidents

Failures to protect customer data: what victims can to