Equifax’s 2017 data breach – which affected an estimated 15 million UK customers – could come back to bite the data giant on the derrière following the launch of new legal action in the High Court, which is seeking £100m in compensation.
Hayes Connor Solicitors – which is also representing British Airways’ customers in their action – claims to be the first firm in the UK to serve a “representative data breach claim” in the High Court.
The action follows the Court of Appeal’s decision on the Lloyd v Google “iPhone tracking” case on October 2, which ruled that a law firm could bring a claim for compensation for just one affected individual following a data breach and be awarded compensation for the entire affected population.
Branded “the greatest security catastrophe of modern times”, the Equifax incident affected more than 147 million people worldwide and led to the “retirement” of then CEO Richard Smith as well as a raft of senior executives.
In July, Equifax agreed a $700m (£562m) settlement with the US Federal Trade Commission, on top of the $1.35bn (£1.1bn) the firm has already shelled out, bringing the total bill – so far – to over $2bn (£1.6bn), including compensation for affected American customers.
However, in the UK, Equifax has escaped relatively lightly, being fined “just” £500,000 by the Information Commissioner’s Office, the maximum permitted under the Data Protection Act 1998. Under GDPR, the maximum fine could have been over £102m, 4% of the firm’s £2.55bn global turnover.
Hayes Connor managing director Kingsley Hayes said: “We are delighted to be the first firm to issue proceedings following the Court of Appeal’s recent ground-breaking ruling which allows us to pursue the total amount of compensation due to Equifax’s 15 million affected UK customers.
“We estimate the total value of the claim to be £100 million which, if won, Hayes Connor would distribute to all affected individuals. Equifax was found by the ICO to have failed in its data protection obligations on multiple levels including failing to comply with how customers’ personal information can be processed and stored and how that private data should be secured.
“Following hackers successfully accessing its systems in America to steal the personal information of a reported 143 million individuals, the personal data of its UK customers was also exposed including email addresses, usernames, passwords, security questions, phone numbers and credit card details.
“This is the first time that a data breach claim has been issued in the UK on behalf of all affected parties. The Court of Appeal ruling has made it easier for all data breach victims to be fairly compensated.”
Here we go again: Google back in dock for data tracking
Google summoned to High Court to defend data tracking
BA case may open floodgates for psychological claims
Data breaches can hit mental health, legal firm claims
Ambulance chasing lawyers bolster attack against BA
$700m fine hikes Equifax data breach bill to over $2bn
Equifax first to be hit with maximum £500k data fine
Equifax CEO is ‘retired’ as company reels from breach
Equifax rocked as mega hack exposes 143m consumers