We've been featured in:

Aberystwyth University Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Aberystwyth University Data Breach

How To Make A Data Breach Claim Against The University Of Aberystwyth

Whether you’re a student, staff member, alumnus or benefactor of a university, the institution will likely hold a range of personal information on you that they’ve collected over time. From basic identifiable information like demographics to sensitive details such as extenuating circumstances, if any of this data is compromised without your permission, then this can be considered a security incident commonly referred to as a data breach.

Aberystwyth University data breach claims guide

Aberystwyth University data breach claims guide

If you’ve fallen victim to an Aberystwyth University data breach through no fault of your own and can prove that the institution’s failings were responsible for it, whether directly or indirectly, then you could be eligible for compensation. 

In this article, we’ll provide you with all the necessary information that you need to help you make a successful data breach compensation claim against Aberystwyth University. We’ll explain what your rights are in this situation and present you with our top tips on how you could proceed in the wake of your data breach, including how a No Win No Fee agreement could help you.

In attempts to walk you through the claims process from start to finish, we’ll cover everything from how you could be able to evidence the university’s liability to how much compensation you could be entitled to.

On the other hand, by speaking to one of our specialist advisors today and getting a free consultation, you could have everything included in this article explained to you. What’s more, you’ll be offered specialist legal advice tailored to your unique data breach case rather than generalised tips. 

If our advisors feel that your case has grounds for you to make a valid data breach claim, then they can refer you to one of our solicitors who can handle your claim on a No Win No Fee basis. In the rare case that they are unsuccessful in winning you the compensation that you deserve, then you’re under no obligation to pay them for their services. Therefore, you can claim with financial peace of mind.

So, whether you’d like to receive your free consultation or make an enquiry about the services our solicitors can offer you, please don’t hesitate to get in touch with our team at Legal Expert today and take the first step towards making a successful claim:

  • Call 0800 073 8804 to speak to one of our specialist advisors
  • Fill out one of our contact forms to receive a call back from our team
  • Email info@legalexpert.co.uk to make an inquiry
  • Chat to us using the window on the bottom right of your screen to get an instant reply

Select A Section

  1.  A Guide To Data Breach Claims Aberystwyth University
  2. What Is A Data Breach Against Aberystwyth University?
  3. Does The GDPR Apply To Universities?
  4. Examples The Data Breach Affecting Aberystwyth University
  5. University Data Breach And Cyber Security Statistics
  6. Criminal Hack And Data Attacks Against Universities
  7. How Could A Data Breach Victim Be Compensated
  8. Calculating Data Breach Compensation Claims Against Aberystwyth University
  9. Taking Civil Action Against A UK University
  10. No Win No Fee Data Breach Claims Aberystwyth University
  11. Contact Our Team Today
  12. Data Protection Insights

A Guide To Data Breach Claims Aberystwyth University

In attempts to provide you with all the necessary information that you need in relation to a data breach committed by Aberystwyth University, we’ll try to address some commonly asked questions that you may have on the subject. 

In terms of the claims process, we’ll explain the following:

  • How can the terms data and data breach be defined?
  • What could a data breach in a university setting be caused by?
  • How have some past university data breaches unfolded?
  • What data protection laws must UK universities comply with?

In addition, we’ll provide you with some of our top tips on how you could increase your claim’s chances of success, which include but aren’t limited to:

  • Contacting the university directly to raise your concerns with them
  • Reporting your data breach to the Information Commissioner’s Office (ICO)
  • Having a No Win No Fee solicitor handle your case

As previously mentioned, by speaking to one of our specialist advisors today and getting a free consultation, you could have everything included in this article explained to you. What’s more, you’ll be offered specialist legal advice tailored to your unique data breach case. 

If our advisors feel that your case has grounds for you to make a valid data breach claim, they can refer you to one of our solicitors to handle your claim on a No Win No Fee basis. 

So, whether you’d like to receive your free consultation or make an inquiry about the services our solicitors can offer you, please don’t hesitate to get in touch with our team at Legal Expert today.

Limitation Periods

In deciding whether to make an Aberystwyth University data breach claim, it’s important that you’re aware of the time limits that dictate your eligibility for compensation. 

For typical data breach cases, you have a maximum of 6 years within which you can claim compensation. However, for data breach cases that involve a breach in human rights, you have just 1 year within which you can claim compensation.

Although Article 33 of the General Data Protection Regulation (GDPR) means that organisations are legally required to inform you within a period of 72 hours if they’ve suffered a data breach that could impact your personal information, this may not happen for one reason or another. 

In some cases, a data breach could remain undiscovered long after it’s occurred, meaning significant damage has already been done before you’re informed. In other cases, even if you’re informed within this notification period, you may not get a proper grasp of the consequences immediately, as they often develop over time.  

Whether you’ve just learned of your data breach or you’re only recently grasping the consequences, if you’d like to make a claim for compensation, please get in touch with us at Legal Expert today to see how we could help you.

What Is A Data Breach Against Aberystwyth University?

Data is typically used to describe your personal information if it has the potential to be able to identify you, either directly or indirectly. Whether this is your name, date of birth, contact details or demographics, organisations must have your permission on whether or not they can use it and what they can use it for.

If an organisation like Aberystwyth University handles your data in a way that you haven’t granted permission for, then this is a security incident typically referred to as a data breach. Some common causes include:

  • Human error
  • Cyberattack
  • Ransomware attack
  • Theft of physical documentation
  • Unauthorised access 

A recent university data breach that you may be familiar with is the Blackbaud ransomware case, which affected UK universities in 2020, including Aberystwyth University. Despite the company paying the hackers, data of staff, students, alumni and supporters was stolen as part of the breach, which included personal details such as telephone numbers. 

The company then took weeks to inform those whose data had been compromised, breaching Article 33 of the Data Protection Act 2018, which requires organisations to alert those affected within 72 hours of the incident.

If your data is compromised as part of a data breach, you could be able to make a claim provided you can prove that the controller or processor acted in breach of data protection laws. 

To learn more about data protection laws in the UK or see some more examples of past university data breaches, please see the sections below.

Source: https://www.bbc.co.uk/news/technology-53528329

Does The GDPR Apply To Universities?

The Data Protection Act 2018 is the UK’s primary piece of data protection legislation that organisations like universities are required to follow. It enacted into law the EU’s General Data Protection Regulation (GDPR), which established the following standards for data handling in order to give data subjects more control over their information:

  • Data subjects must consent to an organisation interacting with their data and specify how they are allowed to do so
  • Data can be retained for only as long as is completely necessary
  • Organisations must have secure data protection systems in place before collection
  • Data must be regularly updated to avoid becoming inaccurate

Examples The Data Breach Affecting Aberystwyth University

As mentioned earlier, Aberystwyth University was one of the UK institutions impacted as part of the Blackbaud data breach. 

The university reported that their alumni web portal was affected but that no financial information, such as bank account details or card details, was compromised. Since Blackbaud paid the ransom for the stolen data, it is therefore thought that any compromised information has now been destroyed and is, therefore, no cause for concern.

Source: https://www.aberystwyth-today.co.uk/article.cfm?id=133528&headline=Aberystwyth%20University%20to%20investigate%20data%20breach&sectionIs=news&searchyear=2020

A data breach with more serious consequences was the cyberattack on the University of Greenwich in 2016. 

When hackers took advantage of weaknesses in the university’s servers, they were able to infiltrate their databases and steal data of over 19,000 staff, students and alumni. Personal information compromised included names, addresses and phone numbers. In addition, sensitive details such as extenuating circumstances were leaked by the hackers.

To penalise the university’s failure to adequately protect this data, the Information Commissioner’s Office (ICO) issued them a £120,000 fine. If you’d like to learn more about this organisation and how you could report a data breach to them, please continue reading.

Source: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/the-university-of-greenwich-fined-120-000-by-information-commissioner-for-serious-security-breach

University Data Breach And Cyber Security Statistics

If you’ve fallen victim to a data breach and believe a university to be at fault for it, you’re not alone. According to a recent study, around 54% of universities in the UK reported suffering a data breach to the Information Commissioner’s Office (ICO) between 2019 and 2020 alone. 

The study also found that a total of 86 universities admitted to demonstrating serious failures in preventing data breaches from happening, such as:

  • Insufficiently funding cybersecurity awareness training
    • 46% of university staff received insufficient training
    • 51% of students received insufficient training
  • Insufficient ‘penetration testing’ (cybersecurity professionals sourcing weaknesses in universities’ security systems by performing controlled cyberattacks)
    • 27% of universities didn’t conduct a penetration test 

Given the wide range of sensitive information that universities hold, ranging from personal details to intellectual property and research material, this makes them vulnerable to cyberattacks. 

In this sense, it seems obvious that universities’ IT systems would require large scale security measures in place to ensure that they meet data protection laws. However, as demonstrated by this study, it appears that many universities are failing to comply with the standards established by the law, providing an explanation as to why data breaches within the higher education sector are currently at a high.

If you’d like to learn more about cyberattacks that have affected universities in the UK, with examples of cybersecurity incidents involving consequences such as criminal theft, please see the next section below for some recent case studies. 

For free legal advice, please get in touch with our team.

Source: http://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

Criminal Hack And Data Attacks Against Universities

As mentioned in the section above, given the wide range of sensitive information that universities hold, from personal details to intellectual property and research material, this makes them particularly vulnerable to cyberattacks.

In 2020, the race to find a coronavirus vaccine has been at the forefront of research efforts across the globe. Given the demand surrounding this, reports of cybercriminals attempting to hack into universities’ security systems in attempts to acquire their biomedical research materials surfaced. 

It’s believed that the hacks were part of competitive efforts from multiple hostile states to be the first country to combat coronavirus, with perpetrators including Iran, Russia and China. However, it’s understood that none of these attempts were successful.

Source: https://www.theguardian.com/world/2020/may/03/hostile-states-trying-to-steal-coronavirus-research-says-uk-agency 

In 2019, Jisc conducted a series of controlled data breach tests, which targeted UK universities’ cybersecurity systems. 

As part of these tests, ethical hackers gained access to staff and students’ personal information, as well as administrative databases and research materials. This was primarily achieved through a hacking method known as phishing, which uses fraudulent emails to scam recipients into clicking links or downloading attachments that contain malware.

As a result, Jisc was able to successfully infiltrate over 50 UK universities’ cyber defence systems in less than 2 hours, exposing a worrying lack of appropriate cybersecurity within the higher education sector.

Source: https://www.itgovernance.co.uk/blog/security-testers-breach-university-cyber-defences-in-two-hours

How Could A Data Breach Victim Be Compensated

There are two types of compensation that you could claim for if you’ve fallen victim to an Aberystwyth University data breach:

  • You could claim material damage to attempt to recover any financial shortfall that your data breach has resulted in.
  • You could claim non-material damage to compensate for any mental suffering that your data breach has caused you.

To learn more about how compensation for non-material damage is calculated for data breach claims, please see the section below for some examples. Alternatively, please get in touch today for a free consultation with our specialist advisory team.

Calculating Data Breach Compensation Claims Against Aberystwyth University

Since the Court of Appeal ruled that the claimants of the Vidal-Hall and others v Google Inc case could be compensated for their mental suffering alone, compensation for data breach victims can now be awarded for non-material damage regardless of whether or not there is any material damage.

Like personal injury claims, compensation for non-material damage is valued using the Judicial College Guidelines (JCG) as a framework. Some example compensation brackets are presented in the table below, with reference to the extent of the victim’s suffering:

Edit
Suffering Severity Compensation bracket Details
Post-Traumatic Stress Disorder (PTSD) Severe £56,180 to £94,470 Disabling trauma that persists long after the incident
Post-Traumatic Stress Disorder (PTSD) Moderate £7,680 to £21,730 Persisting trauma but a good prognosis
Psychiatric damage Less severe Up to £5,500 Struggles with daily tasks but a good prognosis

For a more precise estimate, we’d need to know more about your case. So why not get in touch with our team today and discuss it with them?

Taking Civil Action Against A UK University

If you’d like to evidence your Aberystwyth University data breach claim, you could contact the university directly to explain the damage that their failings have caused you.

In some cases, they may respond by offering an apology. If this contains an admission of their failures that led to your data breach, then their response could be used against them to support your claim.

Alternatively, by reporting the data breach to the Information Commissioner’s Office (ICO), you could have the incident investigated. If the ICO find Aberystwyth University to have breached data protection laws, they could penalise them, evidencing their liability and supporting your claim. 

If you run into any difficulties, please don’t hesitate to get in touch with us at Legal Expert today to see how we can help.

No Win No Fee Data Breach Claims Aberystwyth University

At Legal Expert, our solicitors always handle claims on a No Win No Fee basis. In the event that they are unsuccessful in winning you the compensation that you deserve, then you’re under no obligation to pay them for their services. Therefore, you can claim with financial peace of mind.

No Win No Fee agreements stand out from the crowd due to their lack of upfront and hidden fees, making the agreement as transparent as possible. If your solicitor is successful in winning your claim on your behalf, then they’ll take a ‘success fee’ from your compensation payout. In addition to this fee being capped by law, the exact percentage required will be outlined in your agreement in further attempts to maximise transparency, meaning you know how much of your payout will be allocated to them before you sign anything. 

If you’d like to learn more about how our solicitors could handle your potential Aberystwyth University data breach claim on a No Win No Fee basis, please get in touch with one of our specialist advisors today by referring to the section below.

Contact Our Team Today

By speaking to one of our specialist advisors today and getting a free consultation, you could have everything in this article explained to you. What’s more, you’ll be offered specialist legal advice tailored to your unique data breach case rather than generalised tips. 

If our advisors feel that your case has solid grounds for you to make a data breach claim, then they can refer you to one of our solicitors to handle your claim on a No Win No Fee basis. In the rare case that they are unsuccessful in winning you the compensation that you deserve, then you’re under no obligation to pay them for their services. Therefore, you can claim with financial peace of mind.

So, whether you’d like to receive your free consultation or make an enquiry about the services our solicitors can offer you, please don’t hesitate to get in touch with our team at Legal Expert today and take the first step towards making a successful claim:

  • Call 0800 073 8804 to speak to one of our specialist advisors
  • Fill out one of our contact forms to receive a call back from our team
  • Email info@legalexpert.co.uk to make an inquiry
  • Chat to us using the window on the bottom right of your screen to get an instant reply

Data Protection Insights

As we conclude our Aberystwyth University data breach claims guide, we’d like to thank you for reading and we’ll leave you with some extra resources that may be additionally informative. 

Once again, we’d like to emphasise that if you would like any more legal advice or help in making your claim, please don’t hesitate to get in touch with us today where one of our specialist advisors can give you a free consultation.

In the meantime, please follow the links below to learn more about your rights after suffering a data breach and some steps that you could take in the wake of one. 

Other Compensation Guides

Guide by Mavers

Edited by Billing