Getting you
the compensation you deserve

We’re here for you. Call us on
0800 327 7575

or request an appointment online.

To get started
Fill in your details below

Latest posts

What Constitutes a Data Breach?

Here at LawPlus, we deal with a significant volume of data breach enquiries each and every day. Included in that volume are enquiries for things that actually relate more to fraud. Now, we must recognise that a data breach incident could lead to fraud. But, unfortunately, you can't bring a data breach case against someone that defrauded you. However, you might be able to bring a data breach case against the organisation that put your privacy at risk and led to the fraud taking place. In addition, if you lost money due to the fraud, this may increase the data breach compensation you can claim, too. Let’s look at some of the different types of fraud, how you can identify it, and how to report it. What is phishing? Phishing is the act of impersonating a business, organisation, or individual to acquire your personal details, which they can then use fraudulently. Common phishing scams include emails claiming to be from HMRC or PayPal. The emails can look legitimate if you don’t know what you’re looking for and will often redirect you to a website that also mirrors the organisation in question. You will typically be asked to input some personal information. For PayPal, it will be your email address and password; for HMRC, it may be something like your bank details "to process your tax refund." In some cases, phishing is used as a gateway for other types of cybercrime, like deploying ransomware. Simply clicking on a link can allow your system to be infected, and you may be at risk even without sharing any details explicitly. How to identify a fake email There are several things to look out for ways to spot phishing scams, including: Emails claiming to be from banks where you don’t have an accountEmails about things that aren’t relevant to you – such as self-employment tax refundsEmails sent at unusual timesEmails not legitimately coming from the source – add the email address businesses like Amazon and PayPal would legitimately contact you from so you can easily spot it's a fraud.Emails that appear to have been sent by your friends asking for money – give them a call to check if it was really them. If your email address is involved in a data breach, cybercriminals may target you with phishing scams, but the phishing scam itself can't be explicitly addressed as a data breach claim. Ensure you’re aware of the warning signs of phishing so you can protect yourself as best as you can. What is smishing? Smishing is the same as phishing but uses SMS messaging rather than email as the vehicle for sending fraudulent communication. As with phishing, the purpose of a smishing scam may be to get you to share personal details or simply click a link so a file can download to your smartphone and steal your data. Some smishing scams, such as the Royal Mail and PayPal delivery scams that have done the rounds during the Covid-19 pandemic, just outright try and get you to pay money fraudulently, which may also lead to your payment card details being stolen to be used elsewhere. How to identify a fake text message There are several things you can do to identify fake text messages and avoid falling victim to smishing scams: Use an app like TrueCaller, which will flag potentially fraudulent text messages from unknown sourcesSave numbers from trusted sources if, for example, you give permission to be contacted by text messages for marketing purposes.Immediately delete text messages from unknown numbers. Call people back on the number you have for them if you get a text claiming to be from a parent or other loved one.Look out for “urgent requests” for payments or detailsWatch out for spelling errors or odd wording As a general rule, don't click any links from suspicious-looking messages. Not only may this lead to malware downloading onto your smartphone, but you may not be able to tell if a website is legitimate due to the way web addresses are sometimes presented on smartphones. As with phishing scams, websites used for smishing can be made to look like an exact mirror of the website of the organisation being impersonated. As with your email address, if your phone number is involved in a data breach, cybercriminals may target you with scam text messages, but the smishing scam itself can't be explicitly addressed as a data breach claim. Ensure you’re aware of the signs of smishing so you can protect yourself as best as you can. What is identity theft? Identity theft is when someone uses your personal identifying information without permission. Typically, this takes the form of acquiring credit in your name, leaving you with debts that aren’t yours, or using details obtained fraudulently to use your credit cards. Often, phishing and smishing scams are a gateway to identity theft. Once criminals have your details, they can spend money on your credit cards or acquire credit in your name. Identity theft is often difficult to prevent, but thankfully things like multi-factor authentication for online purchases is increasingly mandatory, helping to reduce instances of fraud. On top of this, all banks and credit card providers have sophisticated fraud prevention systems. At the same time, credit monitoring apps can also send you alerts when credit applications are made in your name. How to report fraud There are several ways to report fraud, depending on the nature of the incident: In the first instance, identity theft and other financial fraud should be reported to the relevant bank, lender, or credit referencing agency. This will enable them to block your card, cancel any credit that has been acquired in your name, and correct your credit file.All attempted or successful fraud can be reported to Action Fraud online or on the phone by calling 0330 123 2040.You can report suspicious text messages by forwarding them to 7726.Suspicious emails can usually be reported via your email provider as part of your junk email reporting options. Some, like Gmail, have a specific option for reporting phishing scams. How to tell if something is a data breach or fraud The difference between the two is often this: If your data is involved in a data breach, you usually won’t definitively know about it unless the company who was guilty or fell victim to a breach tells you about it.If you’re a victim of fraud, you know about it, because the evidence will be staring you in the face. While falling victim to fraud can be an aggravating factor that may increase the compensation due if your details were involved in a data breach, it’s vital to recognise that fraud and data breaches are two different things. If you’re a victim of fraud, report it! If you’re a victim of a data breach, contact us! If you're a victim of fraud, the best thing to do to prevent it from happening in future is to report it using the avenues above while ensuring you increase your own awareness around things like phishing, smishing, and other types of scams. If your details are involved in a data breach, that’s where we can help you. Contact LawPlus now for a free, no-obligation review of your data breach case.

Crypto.com accounts hacked after data breach

Crypto.com, one of the world’s most-used cryptocurrency exchanges, has been the victim of a significant data breach. Kris Marszalek, the CEO of Crypto.com, confirmed to Bloomberg that the breach had led to funds being stolen from approximately 400 user accounts. At the time of writing, the total sum of stolen monies was unknown. However, Bloomberg reported an estimate of “in the millions.” While the data breach was a significant incident, Marszalek said that all losses were reimbursed to affected users and that Crypto.com had barely felt the hit due to its size. Source and cause of hack unknown as Crypto.com investigates Marszalek told Bloomberg: “Obviously, it’s a great lesson and we are continuously strengthening our infrastructure. Given the scale of the business, these numbers are not particularly material and customer funds were not at risk.” Specific technical details of the breach have not yet been publicised. However, Marszalek promised a detailed breakdown of what happened will be made public in due course. Technical vulnerabilities unusual for cryptocurrency exchanges Cryptocurrency exchanges, and other crypto technologies like virtual wallets, are generally considered to be secure. Typically, security incidents affecting these platforms happen due to fraud or identity theft. It is highly unusual for hackers to identify and exploit technical vulnerabilities, which appears to have been the case here. That said, cryptocurrency, which runs on blockchain technology, allowing a degree of anonymity and making it virtually impossible to retrieve stolen funds, remains an attractive target for cybercriminals. Huge rise in crypto crime in 2021 This notion is backed up by industry figures. According to Chainalysis, crypto crime rose 80% in 2021. Cryptocurrency totalling $14 billion (£10.3 billion) found its way to “illicit addresses” in 2021, up from $7.8 billion (£5.75 million) in 2020. While these figures are vast, only around 0.15% of all cryptocurrency transactions were thought to be fraudulent. Chainalysis said that total transactions across all cryptocurrencies grew a massive 567% against 2020's then-record volume. The company put the value of these transactions at $15.8 trillion (£11.66 trillion) in 2021.

Luxury fashion brand Moncler hit by ransomware attack and subsequent data breach

Luxury fashion brand Moncler has confirmed it was the victim of a ransomware attack in late December 2021, which subsequently led to data being leaked onto the dark web. In a press release confirming the incident, Moncler said it had rejected a ransom demand, which subsequently led to stolen data being leaked onto the dark web. Moncler also published a statement on its website. What data was stolen? Included in the data breach and leak was information from: Current and former Moncler employeesSome suppliers, consultants and business partnersSome customers Moncler said it doesn’t store payment data, so no details of this nature were compromised. However, the company didn’t provide any additional details on the stolen data, nor did it say whether the variety of data stolen was enough to enable criminals to commit identity theft. It is claimed that the AlphV/BlackCat cybercrime group was behind the attack. The group is fairly new to cybercrime and only launched its so-called “Ransomware-as-a-Service” (RaaS) operation in early December 2021. Attackers data leak site highlights ransom demand The attackers established a data leak site, which sheds further light on what was stolen and highlighted the ransom demand of $3 million (£2.2 million). Based on what has been published, the stolen data includes: Moncler earning statementsSpreadsheets containing customer detailsInvoices According to reports, the hackers are apparently holding onto another trove of data relating to Moncler’s “rich customers” and are looking to sell this to a willing buyer. Moncler apologises but doesn’t say how the attack happened Moncler has apologised to affected customers and others impacted by this ransomware attack and subsequent data breach. It also said it had notified the relevant law enforcement agencies and all affected individuals as soon as it became aware of the data breach. Moncler provided no further information about what led to the attack, how it happened, or whether any endpoints or other parts of its operation were compromised with malware. Moncler’s press release also warned potential buyers of the stolen data that they too would be committing a criminal offence – although it’s questionable if that would prove a true deterrent to any individual or group determined to commit fraud. The warning read: "Moncler reminds that all information in the possession of cybercriminals is the result of illegal activities and that consequently, the acquisition, use and dissemination of the same constitutes a criminal offense.”

Who were the worst password offenders of 2021?

Popular password management app Dashlane has named and shamed the worst password offenders of 2021. How many of these stories do you remember from throughout the past 12 months? And the “winners” are… Dashlane gave this dubious "honour" to SolarWinds for 2021 after one of its interns used the password solarwinds123, which was subsequently leaked online. An unfortunate incident for a company that develops software for network, system, and IT infrastructure management! Right behind SolarWinds was “COMB” – Combination of Many Breaches. In effect, this puts most of the global population in second place, as it refers to a breach that saw nearly three billion email and password combinations previously stolen from a range of online services posted onto a hacking forum. Completing the podium places was another company involved in security, this time Verkada. Unfortunately, its username and password to its backend were found online, with cybercriminals subsequently able to spy on Verkada customers through the cameras they’d sold to them! Verkada cameras are used in many locations, including Tesla factories, hospitals, and prisons, all of which were compromised in the breach. More focus needed on security in 2022 and beyond While Dashlane called these three incidents the worst, they’re the tiniest point on the tip of the iceberg when it comes to data breaches throughout the year. Other notable data breaches in 2021 involved Facebook, GoDaddy, and WordPress, while local authorities in the UK also continued to suffer breaches, often through their own negligence. In announcing its worst password offenders of 2021, Dashlane said it was more critical than ever for businesses to protect themselves and their customers from phishing and other fraud types. The company also put the current average cost of data breaches at nearly $4.25 million (£3.15 million) and said that 80% of breaches happen due to weak, reused, or stolen employee passwords. Dashlane wants businesses to create a “culture of security,” in which employees better understand and are better equipped to protect data and IT systems. The company says all businesses should: Train employees how to identify and report suspicious activityAdopt cybersecurity tech solutions like endpoint security, email security, and password managersMake it mandatory for employees to use two-factor (2FA) or multi-factor authentication (MFA)Measure how effective the measures they take to mitigate cybersecurity risks are and identify opportunities for improvement Dashlane’s call for action comes shortly after Experian’s 2022 data breach forecast warned of the dangers facing businesses and individuals in the coming 12 months. Dashlane CEO JD Sherman told TechRadar: “If companies don’t start implementing positive password practice across their organization, the breaches are only going to get bigger and more dreadful. If your company were a car, you wouldn’t step away without rolling up the windows and locking the doors. Yet, computer users seem to be leaving cars running and keys in the ignition. Much of the nuisance associated with good password hygiene is taken care of by a password manager.” How to stay safe online in 2022 While you can’t control if a business suffers a data breach and loses your data, there is plenty you can do to mitigate the potential affects of your details being found by cybercriminals. Use hard to guess passwords for all your online accountsUse a dedicated password manager or a tool like Google’s built-in Chrome solution to choose and store your passwordsUse 2FA and MFA if it’s availableNever use the same password twiceKnow how to spot phishing and other types of fraud If you’re a victim of a data breach, LawPlus is here for you If you do everything you can to protect yourself online but a business or another organisation is negligent with your data, you could be entitled to compensation. If your data is involved in a breach in 2022, you can contact LawPlus here for a free, no-obligation assessment of your potential claim.