My Data Privacy Was Breached By Northumbria University, How Do I Make A Claim?
If a data breach causes an unauthorised person to access your personal information, it may cause financial expense, stress, anxiety or other psychological injuries. Consequently, you could make a data breach claim for compensation. But how do you know whether you’ve been a victim of a data breach? Moreover, how do you know whether you could be eligible to make such a claim? This guide about understanding a data breach claim against Northumbria University aims to give information to help you.
In the sections that follow, we explain more about what constitutes personal data and how a breach could happen. We offer examples of the threats that universities could face when it comes to data security, and we look at some examples of universities that have faced cyber attacks and other data breaches. Also, we cover one that affected Northumbria University.
Additionally, we provide information about the two types of compensation you could be eligible to claim if you suffer mentally or financially because of a data breach. And we explore how our lawyers could help you get started with a data breach claim without you needing to pay a penny in solicitor fees unless your claim is successful.
If you want to discuss your claim straight away or have any questions about the information contained in this guide, please feel free to call us at any time on 0800 073 8804.
Select A Section
- A Guide To Data Breach Claims Against Northumbria University
- What Is A Breach Of Data Protection By Northumbria University?
- GDPR Compliance For Universities
- Case Study: The Northumbria University Cyberattack
- University Data Protection Breach Statistics
- Serious And Criminal Cyberattacks
- Could University Staff, Students Or Alumni Be Compensated?
- How Compensation For Data Breach Claims Against Northumbria University Is Calculated
- How To Find A Lawyer To Handle Your Case
- No Win No Fee Data Breach Claims Against Northumbria University
- Talk To An Expert In Data Breach Cases
- Resources
A Guide To Data Breach Claims Against Northumbria University
Every university needs to collect and process a certain amount of information on its students, staff and alumni. Therefore, like other organisations that collect and process data, a university must adhere to data protection laws. This includes the General Data Protection Regulation, which was enacted into UK law under the Data Protection Act 2018.
It is the role of the Information Commissioner’s Office (ICO) to enforce these laws in the UK. Consequently, the ICO has powers to investigate data breaches and could fine those who have breached data protection laws.
These laws also provide victims of data breaches with the ability to seek compensation. Therefore, if you can prove that a data breach caused you to suffer harm financially or emotionally, you could claim.
But how do you go about reporting data breaches? Also, how do you know if you have a valid data breach claim against Northumbria University? We’ve created this guide to answer these questions and provide you with the information needed to see if you can start a claim for compensation.
What Is A Breach Of Data Protection By Northumbria University?
Before we explore data protection breaches, let us first explain what personal data is. According to the Information Commissioner’s Office, personal data could be:
- Information used alone to identify you.
- Information used in combination with other information to identify you.
Examples of personal information could include:
- Address
- Name
- Student identification number
- Date of birth
- Email address
What Is Sensitive Data?
Some data is considered more sensitive than other data. It’s known as special category data and could include:
- Political views
- Religious beliefs
- Sexual orientation
- Biometric data
- Medical information
- Race
These are just a few examples.
What Is A Breach Of Personal Data?
A breach of personal data, according to the ICO, is a breach of security that leads to data being:
- Accidentally or unlawfully destroyed, lost or altered
- Disclosed without authorisation
- Accessed without authorisation
Examples Of How A Northumbria University Data Breach Could Happen
A data breach claim against Northumbria University could be launched by victims who can prove their data has been breached and it’s caused them to suffer financial or psychological harm. The breach could be because of a malicious act, negligence or human error. Examples of causes of data breaches include:
- Cyberattacks
- Hacking
- Ransomware attacks
- Phishing attacks
Data breaches may also be accidental. They could include:
- Emails holding personal data that someone sends to an unauthorised recipient
- Devices that contain personal data being lost
How Victims Could Be Affected
There are several ways in which a data breach could impact a victim. They could experience:
- Financial loss. If a cybercriminal accesses a victim’s bank account details, they could steal funds. For example, if they hack credit card details, the criminal could use them to make purchases in the victim’s name.
- Identity theft. If someone exposes your data and it falls into the wrong hands, a criminal could attempt to steal your identity. For example, they may use the stolen identity to apply for loans or credit cards in your name.
- Psychological injury. You could suffer anxiety, stress and depression as a result of the breach.
Data protection legislation allows victims of a university data breach to make a valid claim for the financial or psychological damage caused by the breach. So if you’d like us to assess your case for you to see if you could be eligible, we’d be glad to help. We could conduct a free, no-obligation eligibility check over the phone.
GDPR Compliance For Universities
GDPR came into force in 2018 and was enacted into UK law under the Data Protection Act 2018. The Act requires data controllers and processors to make sure that they:
- Process data in a fair and lawful manner.
- Collect data in a way that is specified, explicit and legitimate.
- Process data in an adequate and relevant way.
- Ensure that data is accurate and keep it up-to-date.
- Ensure data storage is secure and only store it for as long as is necessary.
Accordingly, a breach of these requirements could leave a university open to investigation and enforcement action by the ICO. It could also leave them liable to claims from victims of a data breach, who, under GDPR, could claim university data breach compensation for both the financial loss and the mental harm suffered as the consequence of the breach.
For information about what constitutes a valid data breach claim against Northumbria University, please call our advisors today.
Case Study: The Northumbria University Cyberattack
In September 2020, it was reported that Northumbria University had fallen victim to a serious cyberattack. Consequently, the university had to reschedule important examinations and close its Newcastle-Upon-Tyne campus for a number of days.
The cyber incident was said to have caused significant operational disruption, and some IT services needed to be restored as a result of the attack. Access to the student portal and other platforms was removed for students while the university attempted to deal with the aftermath of the attack.
The Northumbria University cyberattack also meant they were also unable to deal with calls regarding clearing, which is an important part of the academic calendar.
It was believed that the cyber attack on Northumbria University bore the hallmarks of a ransomware attack, an attack where the perpetrator demands a ransom for systems or data they have accessed.
Source: https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed
Not An Isolated Incident
The Northumbria University cyber hack was not the only attack that affected UK universities in 2020. A cloud-based computing provider called Blackbaud fell victim to a cyberattack earlier on in 2020. Criminals accessed and ransomed the personal data of alumni, staff and students of universities. The breach also affected charities and organisations around the world.
Source: https://www.bbc.co.uk/news/technology-53528329
Can An ICO Data Protection Breach Happen Accidentally?
While the above incidents all involve cyberattacks, it could be possible for a Northumbria University data breach to happen due to human error or negligence. Some examples of such breaches that have affected universities are below.
- In 2017, the University of East Anglia paid victims of a university data breach just over £140,000 when their sensitive information was sent in error to almost 300 people. Source: https://www.bbc.co.uk/news/uk-england-norfolk-41934027
- In 2018, the ICO fined the University of Greenwich £120,000 due to their failure to protect a microsite from unauthorised access. Almost 20,000 people’s data was breached in the incident.
To find out if you have a valid data breach claim against Northumbria University, get in touch with our advisors. They’re available any time of any day. Moreover, you’ll be under no pressure to proceed with our services after calling.
University Data Protection Breach Statistics
In 2020, research was carried out regarding university data breaches and cybersecurity. Findings included:
- 54% of universities that responded to an FoI request revealed they had reported a data breach to the ICO in the 12 months leading up to July 2020.
- Additionally, the majority of respondents admitted serious shortcomings in their ability to prevent data breaches.
- Just over half of the university staff had been given security training (54%).
- Around half of the universities offered security training to their students (51%).
Source: https://www.redscan.com/news/state-of-cybersecurity-uk-universities-foi-report/
Serious And Criminal Cyberattacks
There are a variety of cyberattacks that could pose a risk to universities. Because cybercrime is a pressing problem, universities should try to mitigate the risk of them falling victim to them. Cybercrimes can be:
- Data theft. Research and personal data could be at risk of being breached in such incidents. In 2020, the National Cyber Security Centre (NCSC) allegedly believed coronavirus vaccine research organisations had been targeted in cyber attacks. (Source: https://www.bbc.co.uk/news/technology-53429506)
- Password attacks and keystroke recorders. A cybercriminal could use these to gain an authorised user’s login credentials, giving them access to university systems.
- Phishing. Phishing is a dangerous threat to universities. Therefore, proper security and training should be in place.
- Ransomware/viruses/malware. These could lead to data becoming lost, stolen, transmitted, leaked or accessed without authorisation.
Whether you’re looking to make a data breach claim against a university because of an IT system hack, or an accidental privacy breach, our team would be happy to assess your case to see if you could claim university data breach compensation.
Could University Staff, Students Or Alumni Be Compensated?
Whether you’re looking to make a data breach claim as a member of staff, student or someone who has previously studied there, the type of compensation you could claim would depend on how you’ve suffered. Under GDPR, you could claim compensation for:
- Non-material damages. This could include the psychological harm the breach has caused you such as stress or anxiety.
- Material damages. This could include financial losses such as money stolen from you or purchases made using your details.
Claiming for psychological suffering is possible due to Vidal-Hall and others v Google Inc [2015] – Court of Appeal. During the course of the case, compensation for psychiatric injuries for data breaches was considered.
The court heard that victims of data breaches could be eligible to claim for the mental harm they suffer if it directly arose from the breach, regardless of whether they also suffered financially or not. Before this case, you would’ve had to also suffer financial loss in order to be compensated.
Because of this case, compensation for non-material damages for data breaches is valued within the same parameters used in personal injury law.
How Compensation For Data Breach Claims Against Northumbria University Is Calculated
In order to calculate an appropriate compensation payout for a data breach claim against Northumbria University, the evidence, facts and circumstances of the case must be carefully examined.
When claiming compensation for financial harm, you could retain bank statements and bills to show how much you’ve lost. When calculating personal injury compensation for the mental harm suffered due to a university data breach in the UK, this would involve some input from a medical professional.
The Role Of Medical Evidence In Data Breach Claims
In order to claim compensation for a psychological injury, you would need to have an assessment by an independent professional. They’d review any relevant medical notes and speak to you about your symptoms. Finally, they would create a medical report that you could use to evidence your condition.
You could also use this report to prove that the breach worsened your condition or caused it. Additionally, your solicitor (if you choose to use the services of one) could use the report to value your condition.
How Much Could I Receive?
No two cases are the same, so we would not be able to estimate how much compensation a data breach claim could bring you unless we know the facts first. However, we can provide you with insight into what the Judicial College Guidelines (JCG) deem appropriate for various levels of psychiatric harm.
The JCG is a publication that solicitors may use to help them value injuries. You can find the figures they provide in our compensation table below. Please note, however, these are approximate guidelines.
Injury type | Compensation Bracket According to the Judicial College Guidelines | Severity level |
---|---|---|
PTSD | Up to £7,680 | Less severe |
Psychological injury (General) | Up to £5,500 | Less severe |
PTSD | £7,680 to £21,730 | Moderate |
Psychological injury (General) | £5,500 to £17,900 | Moderate |
PTSD | £21,730 to £56,180 | Moderately severe |
Psychological injury (General) | £17,900 to £51,460 | Moderately severe |
PTSD | £56,180 to £94,470 | Severe |
Psychological injury (General) | £51,460 to £108,620 | Severe |
If you’d like a free valuation of your condition, get in touch today. And for more information about what constitutes a valid data breach claim against Northumbria University, please call our advisors.
How To Find A Lawyer To Handle Your Case
If you’re considering making a data breach claim, it may surprise you to learn that it is not a legal requirement for you to have a lawyer acting on your behalf. However, many claimants choose to use the services of a lawyer. This could be because they:
- Do not want the stress of making a claim alone.
- Know the solicitor understands the time limitations relevant to the case. (It could be 1 year from the date you obtained knowledge of the breach for breaches of human rights, and 6 years for data breaches.)
- Are confident that a solicitor would interpret legal jargon for them.
Finding The Right Lawyer
Choosing a lawyer for a data breach claim is a big decision. However, we believe we could make that decision easier by showing you how our solicitors could be a great choice. Additionally, if you use the services of our lawyers, you could benefit from:
- Years of knowledge and experience
- Great communication
- Expert advice just a phone call away
- A No Win No Fee agreement
Our solicitors have a record of helping claimants access the compensation they deserve, as you can see from our reviews. We’d be glad to offer you expert guidance and help.
So why not give us a call to discuss your claim? All calls are free, and you are under no obligation to proceed with our services.
No Win No Fee Data Breach Claims Against Northumbria University
All of our solicitors work under No Win No Fee terms. This allows you to begin a claim without paying any solicitor fees. Additionally, you wouldn’t pay them until your compensation payout has been arranged. The process is fairly simple too:
- Your solicitor would send you a Conditional Fee Agreement (the formal term for a No Win No Fee agreement). This is a document that sets out the success fee you’d pay your lawyer in the event of a successful claim. Moreover, it is legally capped and only represents a small proportion of your eventual payout.
- Once your solicitor receives your signed Conditional Fee Agreement, they would put together your claim and negotiate for a payout for you.
- Once the compensation comes through, the success fee is deducted.
What Happens If My Case Fails?
If your case did not end with a compensation payout, you would not have to pay your lawyer the success fee nor any other fees. If you’d like to find out more, read our guide about No Win No Fee agreements. Otherwise, you could always call our team to discuss this in more detail.
Talk To An Expert In Data Breach Cases
You have just about finished this guide to making a valid data breach claim against Northumbria University. Consequently, if you’d like us to check your eligibility or answer your questions about making a claim, it’s easy to get in touch. Therefore, simply:
- Call us on 0800 073 8804
- E-mail: info@legalexpert.co.uk
- Use our live chat to talk to our team
- Complete the contact form and we’ll get in touch with you.
For your convenience, our advisors are available 24/7. And when you call, you won’t be under any obligation to proceed with our services. Additionally, we offer free legal advice.
Resources
Protection In The Cloud: The ICO offers guidance to organisations that use cloud computing.
Mental Health Help: The NHS offers useful guidance on how to seek help if your mental health is suffering.
Your Information Rights: Data protection rights after Brexit are covered on this page.
Claiming After Data Has Been Lost: In this guide, we cover data breaches that involve lost data.
Data Breaches And Stress: This guide covers stress caused by a data breach in more detail.
Solicitors Data Breach Compensation Claims: Read our guide to see if you could claim.
Other Useful Compensation Guides
- Luton Borough Council Data Breach
- Malaysia Airlines Data Breach
- Mansfield District Council Data Breach
- Middlesborough Council Data Breach
- Middlesex University Data Breach
- Morrisons Data Breach Compensation Claims
- Morrisons Pharmacy Data Breach
- Newcastle-under-Lyme Borough Council Data Breach
- Newman University Data Breach
- NHS Surrey Data Breach
- North Lincolnshire Council Data Breach
- Northampton Borough Council Data Breach
- GP Data Breach Compensation Claims
- Norwich University Data Breach
- Npower Data Breach Compensation Claims
- Nuffield Health Data Breach
- Nuneaton and Bedworth Council Data Breach
- Queen Margaret University Data Breach
- Ravensbourne University London Data Breach
- Reading Borough Council Data Breach
- NHS Data Breach Compensation Claims
Thank you for reading this guide exploring what justifies a data breach claim against Northumbria University.
Written by Jeffries
Edited by Victorine