The situation
The Data Breach department at Irvings Law has successfully represented a male against a company whom were subject to a criminal cyber-attack a few months ago. The details of our client and the company have to remain confidential due to the entering of a Settlement Agreement particularly as a criminal investigation is still ongoing.
The resolution
What is interesting about this case is that although it has later transpired that the Claimant’s data was confirmed to have not been specifically breached/obtained by the attackers, Irvings Law has still managed to obtain a handsome settlement for his client. We were able to do this because he argued that although the criminals accessed servers where the Claimant’s data was not held, this did not mean that the company’s IT systems were completely safe a secure to hold personal data.
The reasoning
We argued that the criminals could have accessed the server upon which his client’s data was stored if they wanted to do so. As such, this was a breach of the Data Protection Act 2018/General Data Protection Regulations 2018, a breach of Article 8 of the Human Rights Act 1998, a breach of confidence and a misuse of private information. After argument, a settlement was agreed between the parties, of which, details have to remain confidential for the above reasons.
