How To Make A Data Breach Claim Against The University Of Aberystwyth
Whether you’re a student, staff member, alumnus or benefactor of a university, the institution will likely hold a range of personal information on you that they’ve collected over time. From basic identifiable information like demographics to sensitive details such as extenuating circumstances, if any of this data is compromised without your permission, then this can be considered a security incident commonly referred to as a data breach.
If you’ve fallen victim to an Aberystwyth University data breach through no fault of your own and can prove that the institution’s failings were responsible for it, whether directly or indirectly, then you could be eligible for compensation.
In this article, we’ll provide you with all the necessary information that you need to help you make a successful data breach compensation claim against Aberystwyth University. We’ll explain what your rights are in this situation and present you with our top tips on how you could proceed in the wake of your data breach, including how a No Win No Fee agreement could help you.
In attempts to walk you through the claims process from start to finish, we’ll cover everything from how you could be able to evidence the university’s liability to how much compensation you could be entitled to.
On the other hand, by speaking to one of our specialist advisors today and getting a free consultation, you could have everything included in this article explained to you. What’s more, you’ll be offered specialist legal advice tailored to your unique data breach case rather than generalised tips.
If our advisors feel that your case has grounds for you to make a valid data breach claim, then they can refer you to one of our solicitors who can handle your claim on a No Win No Fee basis. In the rare case that they are unsuccessful in winning you the compensation that you deserve, then you’re under no obligation to pay them for their services. Therefore, you can claim with financial peace of mind.
So, whether you’d like to receive your free consultation or make an enquiry about the services our solicitors can offer you, please don’t hesitate to get in touch with our team at Legal Expert today and take the first step towards making a successful claim:
- Call 0800 073 8804 to speak to one of our specialist advisors
- Fill out one of our contact forms to receive a call back from our team
- Email info@legalexpert.co.uk to make an inquiry
- Chat to us using the window on the bottom right of your screen to get an instant reply
Select A Section
- A Guide To Data Breach Claims Aberystwyth University
- What Is A Data Breach Against Aberystwyth University?
- Does The GDPR Apply To Universities?
- Examples The Data Breach Affecting Aberystwyth University
- University Data Breach And Cyber Security Statistics
- Criminal Hack And Data Attacks Against Universities
- How Could A Data Breach Victim Be Compensated
- Calculating Data Breach Compensation Claims Against Aberystwyth University
- Taking Civil Action Against A UK University
- No Win No Fee Data Breach Claims Aberystwyth University
- Contact Our Team Today
- Data Protection Insights
A Guide To Data Breach Claims Aberystwyth University
In attempts to provide you with all the necessary information that you need in relation to a data breach committed by Aberystwyth University, we’ll try to address some commonly asked questions that you may have on the subject.
In terms of the claims process, we’ll explain the following:
- How can the terms data and data breach be defined?
- What could a data breach in a university setting be caused by?
- How have some past university data breaches unfolded?
- What data protection laws must UK universities comply with?
In addition, we’ll provide you with some of our top tips on how you could increase your claim’s chances of success, which include but aren’t limited to:
- Contacting the university directly to raise your concerns with them
- Reporting your data breach to the Information Commissioner’s Office (ICO)
- Having a No Win No Fee solicitor handle your case
As previously mentioned, by speaking to one of our specialist advisors today and getting a free consultation, you could have everything included in this article explained to you. What’s more, you’ll be offered specialist legal advice tailored to your unique data breach case.
If our advisors feel that your case has grounds for you to make a valid data breach claim, they can refer you to one of our solicitors to handle your claim on a No Win No Fee basis.
So, whether you’d like to receive your free consultation or make an inquiry about the services our solicitors can offer you, please don’t hesitate to get in touch with our team at Legal Expert today.
Limitation Periods
In deciding whether to make an Aberystwyth University data breach claim, it’s important that you’re aware of the time limits that dictate your eligibility for compensation.
For typical data breach cases, you have a maximum of 6 years within which you can claim compensation. However, for data breach cases that involve a breach in human rights, you have just 1 year within which you can claim compensation.
Although Article 33 of the General Data Protection Regulation (GDPR) means that organisations are legally required to inform you within a period of 72 hours if they’ve suffered a data breach that could impact your personal information, this may not happen for one reason or another.
In some cases, a data breach could remain undiscovered long after it’s occurred, meaning significant damage has already been done before you’re informed. In other cases, even if you’re informed within this notification period, you may not get a proper grasp of the consequences immediately, as they often develop over time.
Whether you’ve just learned of your data breach or you’re only recently grasping the consequences, if you’d like to make a claim for compensation, please get in touch with us at Legal Expert today to see how we could help you.
What Is A Data Breach Against Aberystwyth University?
Data is typically used to describe your personal information if it has the potential to be able to identify you, either directly or indirectly. Whether this is your name, date of birth, contact details or demographics, organisations must have your permission on whether or not they can use it and what they can use it for.
If an organisation like Aberystwyth University handles your data in a way that you haven’t granted permission for, then this is a security incident typically referred to as a data breach. Some common causes include:
- Human error
- Cyberattack
- Ransomware attack
- Theft of physical documentation
- Unauthorised access
A recent university data breach that you may be familiar with is the Blackbaud ransomware case, which affected UK universities in 2020, including Aberystwyth University. Despite the company paying the hackers, data of staff, students, alumni and supporters was stolen as part of the breach, which included personal details such as telephone numbers.
The company then took weeks to inform those whose data had been compromised, breaching Article 33 of the Data Protection Act 2018, which requires organisations to alert those affected within 72 hours of the incident.
If your data is compromised as part of a data breach, you could be able to make a claim provided you can prove that the controller or processor acted in breach of data protection laws.
To learn more about data protection laws in the UK or see some more examples of past university data breaches, please see the sections below.
Source: https://www.bbc.co.uk/news/technology-53528329
Does The GDPR Apply To Universities?
The Data Protection Act 2018 is the UK’s primary piece of data protection legislation that organisations like universities are required to follow. It enacted into law the EU’s General Data Protection Regulation (GDPR), which established the following standards for data handling in order to give data subjects more control over their information:
- Data subjects must consent to an organisation interacting with their data and specify how they are allowed to do so
- Data can be retained for only as long as is completely necessary
- Organisations must have secure data protection systems in place before collection
- Data must be regularly updated to avoid becoming inaccurate
Examples The Data Breach Affecting Aberystwyth University
As mentioned earlier, Aberystwyth University was one of the UK institutions impacted as part of the Blackbaud data breach.
The university reported that their alumni web portal was affected but that no financial information, such as bank account details or card details, was compromised. Since Blackbaud paid the ransom for the stolen data, it is therefore thought that any compromised information has now been destroyed and is, therefore, no cause for concern.
Source: https://www.aberystwyth-today.co.uk/article.cfm?id=133528&headline=Aberystwyth%20University%20to%20investigate%20data%20breach§ionIs=news&searchyear=2020
A data breach with more serious consequences was the cyberattack on the University of Greenwich in 2016.
When hackers took advantage of weaknesses in the university’s servers, they were able to infiltrate their databases and steal data of over 19,000 staff, students and alumni. Personal information compromised included names, addresses and phone numbers. In addition, sensitive details such as extenuating circumstances were leaked by the hackers.
To penalise the university’s failure to adequately protect this data, the Information Commissioner’s Office (ICO) issued them a £120,000 fine. If you’d like to learn more about this organisation and how you could report a data breach to them, please continue reading.
Source: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/the-university-of-greenwich-fined-120-000-by-information-commissioner-for-serious-security-breach
University Data Breach And Cyber Security Statistics
If you’ve fallen victim to a data breach and believe a university to be at fault for it, you’re not alone. According to a recent study, around 54% of universities in the UK reported suffering a data breach to the Information Commissioner’s Office (ICO) between 2019 and 2020 alone.
The study also found that a total of 86 universities admitted to demonstrating serious failures in preventing data breaches from happening, such as:
- Insufficiently funding cybersecurity awareness training
- 46% of university staff received insufficient training
- 51% of students received insufficient training
- Insufficient ‘penetration testing’ (cybersecurity professionals sourcing weaknesses in universities’ security systems by performing controlled cyberattacks)
- 27% of universities didn’t conduct a penetration test
Given the wide range of sensitive information that universities hold, ranging from personal details to intellectual property and research material, this makes them vulnerable to cyberattacks.
In this sense, it seems obvious that universities’ IT systems would require large scale security measures in place to ensure that they meet data protection laws. However, as demonstrated by this study, it appears that many universities are failing to comply with the standards established by the law, providing an explanation as to why data breaches within the higher education sector are currently at a high.
If you’d like to learn more about cyberattacks that have affected universities in the UK, with examples of cybersecurity incidents involving consequences such as criminal theft, please see the next section below for some recent case studies.
For free legal advice, please get in touch with our team.
Source: http://www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year
Criminal Hack And Data Attacks Against Universities
As mentioned in the section above, given the wide range of sensitive information that universities hold, from personal details to intellectual property and research material, this makes them particularly vulnerable to cyberattacks.
In 2020, the race to find a coronavirus vaccine has been at the forefront of research efforts across the globe. Given the demand surrounding this, reports of cybercriminals attempting to hack into universities’ security systems in attempts to acquire their biomedical research materials surfaced.
It’s believed that the hacks were part of competitive efforts from multiple hostile states to be the first country to combat coronavirus, with perpetrators including Iran, Russia and China. However, it’s understood that none of these attempts were successful.
Source: https://www.theguardian.com/world/2020/may/03/hostile-states-trying-to-steal-coronavirus-research-says-uk-agency
In 2019, Jisc conducted a series of controlled data breach tests, which targeted UK universities’ cybersecurity systems.
As part of these tests, ethical hackers gained access to staff and students’ personal information, as well as administrative databases and research materials. This was primarily achieved through a hacking method known as phishing, which uses fraudulent emails to scam recipients into clicking links or downloading attachments that contain malware.
As a result, Jisc was able to successfully infiltrate over 50 UK universities’ cyber defence systems in less than 2 hours, exposing a worrying lack of appropriate cybersecurity within the higher education sector.
Source: https://www.itgovernance.co.uk/blog/security-testers-breach-university-cyber-defences-in-two-hours
How Could A Data Breach Victim Be Compensated
There are two types of compensation that you could claim for if you’ve fallen victim to an Aberystwyth University data breach:
- You could claim material damage to attempt to recover any financial shortfall that your data breach has resulted in.
- You could claim non-material damage to compensate for any mental suffering that your data breach has caused you.
To learn more about how compensation for non-material damage is calculated for data breach claims, please see the section below for some examples. Alternatively, please get in touch today for a free consultation with our specialist advisory team.
Calculating Data Breach Compensation Claims Against Aberystwyth University
Since the Court of Appeal ruled that the claimants of the Vidal-Hall and others v Google Inc case could be compensated for their mental suffering alone, compensation for data breach victims can now be awarded for non-material damage regardless of whether or not there is any material damage.
Like personal injury claims, compensation for non-material damage is valued using the Judicial College Guidelines (JCG) as a framework. Some example compensation brackets are presented in the table below, with reference to the extent of the victim’s suffering:
Suffering | Severity | Compensation bracket | Details |
---|---|---|---|
Post-Traumatic Stress Disorder (PTSD) | Severe | £56,180 to £94,470 | Disabling trauma that persists long after the incident |
Post-Traumatic Stress Disorder (PTSD) | Moderate | £7,680 to £21,730 | Persisting trauma but a good prognosis |
Psychiatric damage | Less severe | Up to £5,500 | Struggles with daily tasks but a good prognosis |
For a more precise estimate, we’d need to know more about your case. So why not get in touch with our team today and discuss it with them?
Taking Civil Action Against A UK University
If you’d like to evidence your Aberystwyth University data breach claim, you could contact the university directly to explain the damage that their failings have caused you.
In some cases, they may respond by offering an apology. If this contains an admission of their failures that led to your data breach, then their response could be used against them to support your claim.
Alternatively, by reporting the data breach to the Information Commissioner’s Office (ICO), you could have the incident investigated. If the ICO find Aberystwyth University to have breached data protection laws, they could penalise them, evidencing their liability and supporting your claim.
If you run into any difficulties, please don’t hesitate to get in touch with us at Legal Expert today to see how we can help.
No Win No Fee Data Breach Claims Aberystwyth University
At Legal Expert, our solicitors always handle claims on a No Win No Fee basis. In the event that they are unsuccessful in winning you the compensation that you deserve, then you’re under no obligation to pay them for their services. Therefore, you can claim with financial peace of mind.
No Win No Fee agreements stand out from the crowd due to their lack of upfront and hidden fees, making the agreement as transparent as possible. If your solicitor is successful in winning your claim on your behalf, then they’ll take a ‘success fee’ from your compensation payout. In addition to this fee being capped by law, the exact percentage required will be outlined in your agreement in further attempts to maximise transparency, meaning you know how much of your payout will be allocated to them before you sign anything.
If you’d like to learn more about how our solicitors could handle your potential Aberystwyth University data breach claim on a No Win No Fee basis, please get in touch with one of our specialist advisors today by referring to the section below.
Contact Our Team Today
By speaking to one of our specialist advisors today and getting a free consultation, you could have everything in this article explained to you. What’s more, you’ll be offered specialist legal advice tailored to your unique data breach case rather than generalised tips.
If our advisors feel that your case has solid grounds for you to make a data breach claim, then they can refer you to one of our solicitors to handle your claim on a No Win No Fee basis. In the rare case that they are unsuccessful in winning you the compensation that you deserve, then you’re under no obligation to pay them for their services. Therefore, you can claim with financial peace of mind.
So, whether you’d like to receive your free consultation or make an enquiry about the services our solicitors can offer you, please don’t hesitate to get in touch with our team at Legal Expert today and take the first step towards making a successful claim:
- Call 0800 073 8804 to speak to one of our specialist advisors
- Fill out one of our contact forms to receive a call back from our team
- Email info@legalexpert.co.uk to make an inquiry
- Chat to us using the window on the bottom right of your screen to get an instant reply
Data Protection Insights
As we conclude our Aberystwyth University data breach claims guide, we’d like to thank you for reading and we’ll leave you with some extra resources that may be additionally informative.
Once again, we’d like to emphasise that if you would like any more legal advice or help in making your claim, please don’t hesitate to get in touch with us today where one of our specialist advisors can give you a free consultation.
In the meantime, please follow the links below to learn more about your rights after suffering a data breach and some steps that you could take in the wake of one.
- What data does Aberystwyth University hold on me? – the government’s guide to making an access request for information.
- Aberystwyth University data breach guidance – the institution’s official procedures on what to do if you believe that you’ve suffered a data breach.
- Claiming compensation for non-material damage – some FAQs on how much you could be entitled to for mental distress caused by your data breach.
- Claiming compensation for a data breach – some FAQs on how you could get the compensation that you deserve after suffering a data breach.
- What are my rights after suffering a data breach? – some FAQs on your rights after falling victim to a data breach through no fault of your own.
Other Compensation Guides
- University of Nottingham Data Breach
- Capital One Data Breach Compensation Claims
- St George’s Healthcare NHS Trust Data Breach
- Sunderland City Council Data Breach
- Abertay University Data Breach
- Can I Get Compensation For Loss of Medical Records?
- Ashford Borough Council Data Breach
- Bangor University Data Breach
- Bath Spa University Data Breach
- Bedford Borough Council Data Breach
- Birmingham Council Data Breach
- Bishop Grosseteste University Data Breach
- Boots Advantage Card Data Breach
- Bournemouth Borough Council Data Breach
- Bradford Council Data Breach
- Brighton and Sussex University Hospitals NHS Trust Data Breach
- Brunel University Data Breach
- Buckinghamshire Council Data Breach
- Butlins Data Breach Compensation Claims
- Canterbury Christchurch University Data Breach
- Easyjet Data Breach Compensation Claims
Guide by Mavers
Edited by Billing