The situation

The Head of our Data Breach department, Mr Matthew McConville has successfully represented a male against a company whom were subject to a criminal cyber-attack a few months ago. The details of Mr McConville’s client and the company have to remain confidential due to the entering of a Settlement Agreement particularly as a criminal investigation is still ongoing.

The resolution

What is interesting about this case is that although it has later transpired that the Claimant’s data was confirmed to have not been specifically breached/obtained by the attackers, Mr McConville has still managed to obtain a handsome settlement for his client. Mr McConville was able to do this because he argued that although the criminals accessed servers where the Claimant’s data was not held, this did not mean that the company’s IT systems were completely safe a secure to hold personal data.

The reasoning

Mr McConville argued that the criminals could have accessed the server upon which his client’s data was stored if they wanted to do so. As such, this was a breach of the Data Protection Act 2018/General Data Protection Regulations 2018, a breach of Article 8 of the Human Rights Act 1998, a breach of confidence and a misuse of private information. After argument, a settlement was agreed between the parties, of which, details have to remain confidential for the above reasons.