In the increasingly digital world we currently live in, as customers we are now fully accustomed to handing over highly sensitive personal details at almost every turn.
The majority of us have accepted we now live in a ‘Big Brother’ society. Our mobile phones track our every move, and for almost every new service we register for, we hand over our personal details.
At the click of a button we are now prepared to give our names, addresses, phone numbers, email addresses, and often, credit or debit card details.
We do this because, as a society, we have come to increasingly trust and feel comfortable with the digital world, particularly those big companies and organisations which tell us our details are safe, and will never be passed onto another party.
However, this week we have seen one of the biggest and most respected companies, national phone and broadband operator Talk Talk, become the victim of what it called a ‘significant and sustained cyberattack’ on its website.
As a result, its four million customers were warned that all of those sensitive, personal details mentioned above may have been accessed, and potentially passed on to others.
Such an error could, of course, have far-reaching consequences for all of those customers, especially should that information, particularly relating to bank accounts, fall into the wrong hands.
Much has been written over the past few days about potential compensation claims being made by customers under the Data Protection Act, and having taken calls from Talk Talk customers ourselves since news of the hacking broke, we believe customers may have a case.
Whilst it had been previously difficult to bring compensation claims under the Data Protection Act for distress caused by a breach, a Court of Appeal decision earlier this year allowed individuals to claim compensation for that very reason, even if they suffer no financial loss as a direct result of the breach.
As has been reported, those claims are likely to be in the region of up to £1,000, and whilst not huge in amount, will go some way to compensating people for the worry and stress suffered as a result of the company’s failure to protect their information.
In an email to customers, Talk Talk said it took all threats to the security of customer data very seriously, and stated that it constantly reviewed its systems to make sure they were as secure as possible at all times. It also said it had contacted customers as soon as possible in the wake of the attack.
However, this latest cyber-attack on the firm, which has seen a 15-year-old boy arrested and questioned, was reportedly the third possible data breach at the company in 10 months.
In light of that, serious questions have to be asked as to whether the business was doing enough to prevent its customers, as it claims.
The firm has also said in statements that it was the victim of the cyber-attack on Wednesday, October 31, yet it only revealed the matter publically the following day.
A customer we are advising received his email from Talk Talk on the Friday – leaving potentially a 48-hour period before he could take any action to protect himself – and in particular his money – from attack.
Questions have to be asked as to whether Talk Talk could have acted quicker in its communication of the situation, as it appears to have taken too long to reveal that customers’ personal information had been put at risk, preventing them from taking immediate preventative actions themselves.
That is why we are considering claims under the Data Protection Act, and are happy to provide advice to Talk Talk customers affected.