We've been featured in:

University Of Cambridge Data Breach Compensation Claims Guide

Welcome to our guide to making a claim following a University of Cambridge data breach.

Are you a staff member, student, alumnus or supporter of the University of Cambridge? Has your private data been breached? If you can prove that the university’s failings were responsible for your breach, then you may be eligible to bring legal proceedings in relation to the mental or financial damage that you’ve incurred.

University Of Cambridge data breach claims guide

University Of Cambridge data breach claims guide

This article will help guide you towards securing the compensation that you deserve for your suffering by making a University of Cambridge data breach claim. Here, we’ll cover everything including what your rights are as a data subject, how you could hold the university liable and even the potential data breach compensation award you may receive.

By getting in touch with one of our specialist advisors at Legal Expert, you could receive free legal advice on your data breach and access all of this information and more. If you have grounds to make a claim, they could connect you with one of our solicitors to handle your case for you on a No Win No Fee basis, eliminating the sense of financial risk that many claimants feel.

So, whether you’d like more information on anything included in this guide or you’re interested in receiving a free consultation to get a better understanding of your situation, reach out to us today:

Limitation Periods on Data Breach Claims

Please be aware that you have a time limit of 6 years to make a claim. What’s more, the time limit on your claim is reduced to just 1 year if your case involves a human rights breach.

If you wait too long before taking legal action, you could risk losing the compensation that you deserve. Please speak to one of our advisors today to get free legal advice on your situation and see whether you could be eligible for a payout.

Choose A Section

  1. A Guide To Claims For Data Breaches By Cambridge University
  2. What Is A Data Breach By Cambridge University?
  3. GDPR FAQs For Universities
  4. How Many Higher Education Institutions Have Breached Data Privacy Rules?
  5. How Cambridge University Has Been Affected By A Breach Of Data Protection
  6. Criminal Attacks And Thefts Of Physical Or Digital Data
  7. How Could I Be Compensated For A Breach Of My Data Privacy?
  8. Calculating Data Breach Claims Against Cambridge University
  9. What Should I Do If My Data Privacy Has Been Breached?
  10. No Win No Fee Data Breach Claims Against The University Of Cambridge
  11. Discuss Your Case
  12. Extra Resources

A Guide To Claims For Data Breaches By Cambridge University

Over the course of this article, we’ll address some questions that you may have regarding how to make a University of Cambridge data breach claim, including:

  • How are data and data breaches defined?
  • What are university data breaches caused by?
  • What are some cases of past university data breaches?
  • What data protection legislation must universities follow?

Furthermore, we’ll give you our team’s top tips on how you could boost the chances of your claim’s success, such as:

  • Reaching out to the university to voice your concerns
  • Making a complaint with the Information Commissioner’s Office (ICO) for liability to be investigated
  • Using a No Win No Fee solicitor to handle your case

However, as mentioned earlier, by getting in touch with our team, you could receive free legal advice on your data breach and access all of this information and more. If you have grounds to make a claim, they could connect you with one of our solicitors to handle your case on a No Win No Fee basis.

So, whether you’d like more information on anything included in this guide or you’re interested in receiving a free consultation, reach out to us today.

What Is A Data Breach By Cambridge University?

In this section, we’ll discuss the definitions of data and data breach to give you an insight into the technicalities of your situation.

Generally, the term data can be used to describe any piece of your private data that could be used to identify you. This could include but is not limited to; your name, date of birth, gender, contact details and student number.

Organisations like the University of Cambridge are required to obtain your consent before they interact with any of this personal information, meaning you can allow or deny their purposes for collecting your data.

However, in the unfortunate event that any of your data is compromised, meaning it’s interacted with in a way that you did not consent to, then this type of security incident is defined as a data breach.

There are many factors that could contribute to a data breach occurring, ranging from poorly trained staff to weak security systems. Some common instances of data breaches include:

  • Cyberattacks, such as a ransomware hack
  • Unauthorised access, alteration, disclosure or destruction of physical data
  • Human error

Recently, you may have heard that the financial and administrative providers, Blackbaud, suffered a ransomware attack that subsequently impacted 8 universities in the UK, including the University of Cambridge.

Although Blackbaud paid the hackers’ ransom to release the data that they’d stolen, personal information of staff, students, alumni and supporters of the affected universities was still compromised, including:

  • Personal details, such as names and dates of birth
  • Contact details, such as telephone numbers and email addresses
  • Professional details, such as employment information and job titles

To add insult to injury, Blackbaud reportedly took weeks to notify those whose data had been impacted as part of the breach, despite Article 33 of the Data Protection Act 2018 requiring organisations to inform affected subjects within 72 hours of the breach.

Please see the next section of our guide to learn more about data protection laws in the UK and how the University of Cambridge could be liable for your breach if they failed to comply with relevant legislation. Alternatively, contact our team today for free legal advice on your situation.

Source: https://www.trin.cam.ac.uk/alumni/information/blackbaud-data-breach/

GDPR FAQs For Universities

In this section, we’ll outline some key points from relevant data protection laws that you ought to be familiar with—the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).

The DPA is the UK’s primary piece of data protection legislation that outlines how organisations, like the University of Cambridge, are and are not permitted to interact with subjects’ data. It was introduced in attempts to give subjects a better sense of control over how their personal information is collected, protected and used.

The DPA enacted into UK law the EU’s GDPR, which provides a framework for standards of data handling practices. Some key regulations include:

  • Organisations are not permitted to interact with subjects’ data unless their consent is actively given
  • Organisations are not permitted to retain subject’ data for longer than is absolutely necessary
  • Organisations are not permitted to interact with subjects’ data unless they have a reliable system of data security in place to protect it

If you’ve suffered a University of Cambridge data breach and can prove the institution to be in breach of data protection laws, then you could be able to hold them liable as part of your claim.

To get free legal advice, chat with one of our friendly advisors today for free legal help on your situation. Alternatively, please continue reading to see how universities could be in breach of data privacy rules.

How Many Higher Education Institutions Have Breached Data Privacy Rules?

Have you suffered a data breach that you believe a university to be responsible for? If so, recent statistics suggest that you’re not alone, with more than 54% of UK universities reportedly experiencing data breaches between 2019 and 2020.

According to a recent survey, 86 universities admitted to suffering failures in their data protection practices, which was attributed to the following:

  • Lack of cybersecurity awareness training
    • 46% of universities failed to provide staff with sufficient training
    • 51% of university students were provided with insufficient training
  • Lack of ‘penetration tests’ (cybersecurity experts undertaking controlled hacks on security systems to source weaknesses in the network)
    • 27% of universities conducted no penetration tests at all

The fact that universities hold a range of confidential and often sensitive information means that they have a heightened responsibility to ensure that it is protected. However, as the findings of this survey show, a large proportion of UK universities are failing to meet the required standards of data security as established in data protection legislation, which may explain the number of breaches in recent times.

If you can prove that the University of Cambridge data breach that you suffered was caused by the institution’s own failings, then you could be able to make a claim against them. To see some examples of past data breaches suffered by the university or to learn more, please read on or speak to our team today.

Source: www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

How Cambridge University Has Been Affected By A Breach Of Data Protection

In this section, we’ll present you with a case study of a University of Cambridge data breach that impacted more than 300 medical students. The sensitive nature of some of the information leaked was particularly distressing for victims, as it included details about their extenuating circumstances, mental health problems and disabilities.

In June 2017, Cambridge University suffered a data breach when personal information of over 300 medical students was mistakenly leaked to the entire class. When a spreadsheet containing the students’ details was accidentally attached to a welcome email by administrative staff, it was then sent to all medics embarking upon their fourth year at the Clinical School.

Though a follow-up email was sent 18 minutes later asking students to disregard the accidental attachment, there was no way of ensuring that students data included in the spreadsheet was not compromised, such as:

  • Names
  • Dates of birth
  • Student numbers
  • Genders
  • College

In addition to these identifiable details, sensitive and confidential information regarding students’ personal issues were also exposed without consent, such as:

  • Reasons for deferral or withdrawal from the course
  • Extenuating circumstances for extension
  • Details about mental health, disabilities and whether they were fit to become doctors

The data breach was reported to the Information Commissioner’s Office (ICO) by the Clinical School responsible. The University of Cambridge also made a statement assuring students that they had implemented new measures to try and prevent any future data breaches of this nature from occurring.

Source: https://www.varsity.co.uk/news/19486

Criminal Attacks And Thefts Of Physical Or Digital Data

As mentioned earlier in this article, the fact that universities hold a range of confidential and often sensitive information means that they are a target of cyberattacks. From research materials to personal details, this information is often a lucrative find for criminals wishing to use it for financial gain, whether it’s sold on the dark web or used as part of an identity fraud crime.

With the demand to find a coronavirus vaccine dominating the world’s research efforts in 2020, universities reported spikes in attempted cyberattacks on their security systems. With biomedical research departments specifically impacted, it’s believed that these hacks were made by countries including China and Russia, to obtain research materials for the vaccine.

However, the universities affected reported that these attempts were all unsuccessful.

Source: https://www.theguardian.com/world/2020/may/03/hostile-states-trying-to-steal-coronavirus-research-says-uk-agency

Another case of a criminal cyber attack involves digital solutions company, Jisc, that conducted a series of penetration tests on UK universities to assess their cybersecurity capabilities.

As mentioned earlier, penetration tests is the term used to describe a method for sourcing security weaknesses by having cybersecurity experts undertake controlled hacks.

As part of their findings, Jisc reported that they were able to infiltrate databases containing personal information of students and staff through phishing emails. This method involves hackers sending recipients scam messages, typically posing as a legitimate contact, to encourage them to download an attachment that actually contains malware.

Overall, Jisc successfully infiltrated cybersecurity systems of over 50 universities in the UK in a period of under 2 hours. These results reinforce the vulnerabilities within the higher education sector’s ability to protect the data of its subjects.

Whatever the circumstances of your University of Cambridge data breach, if you can prove they were at fault, please see the next section of this guide to learn how you could be compensated for the damage that it’s caused you or speak to one of our specialist advisors today.

Source: www.itgovernance.co.uk/blog/54-of-universities-reported-a-data-breach-in-the-past-year

How Could I Be Compensated For A Breach Of My Data Privacy?

If you’ve been affected by a University of Cambridge data breach and wish to make a claim against the institution responsible for it, there are typically two types of compensation that you could claim for.

  • Material damage could be claimed if you wish to recover financial losses that your data breach has caused you to experience
  • Non-material damage could be claimed if you wish to be compensated for mental distress that your data breach has caused you to experience

Please see the next section of this article to gain an insight into how much compensation you could be entitled to. Alternatively, contact one of our specialist advisors for free legal advice on your situation and get an estimate of your payout today.

Calculating Data Breach Claims Against Cambridge University

After suffering a University of Cambridge data breach, you may be wondering how much compensation you could be entitled to for the damage that you’ve incurred. At this point in our guide, we’ll explain how data breach claims are valued and provide you with some estimated figures taken from the Judicial College Guidelines.

Once the claimants of the Vidal-Hall and others v Google Inc case were awarded compensation for non-material damage alone in 2015, the nature of data breach claims was changed for the better.

Whereas financial damage was previously required in order for compensation to be given in data breach cases, this now meant that material damage was not necessary in order for a payout to be awarded.

As a result, compensation for non-material damage is now valued as personal injury claims are, using the severity of the claimant’s suffering and compensation brackets from the Judicial College Guidelines as a framework. For some examples of estimated settlement figures, please see the table below:

Edit
Type of Injury Severity Level Compensation Additional Details
Psychiatric Damage Severe £51,460 to £108,620 In this category, the victim will be vulnerable in the future. There will be a very poor prognosis.
Psychiatric Damage Moderately Severe £17,900 to £51,460 Significant problems will exist but a more optimistic prognosis will be offered.
Psychiatric Damage Less Severe Up to £5,500 The amount awarded in this category will assess how long daily activities were affected and how long the injury lasted.
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £21,730 to £56,180 In this category, PTSD will cause significant problems for the foreseeable future but there will be hope of some recover with professional support.
Post-Traumatic Stress Disorder (PTSD) Less Severe Up to £7,680 This category covers cases where all major symptoms of PTSD have been resolved with one or two years.

What Should I Do If My Data Privacy Has Been Breached?

If you’re wondering how you could evidence your University of Cambridge data breach claim, one step you could take is contacting the university to raise your concerns about the damage that they’ve caused. Any response that they offer you could be used against them, providing that they include some sort of admission of wrongdoing that led to your breach.

Alternatively, you could report the data breach to the Information Commissioner’s Office (ICO). If you do so within 3 days of the incident, the ICO could investigate the situation for you and evaluate whether the university was liable for your breach.

If the ICO establishes liability, then this could be used to evidence your claim against the university. In addition, the ICO could issue them a fine or limit their future data interactions.

No Win No Fee Data Breach Claims Against The University Of Cambridge

Our solicitors always handle claims on a No Win No Fee basis, eliminating the sense of financial risk that many claimants feel.

If you’re not familiar with these agreements, they simply mean you don’t have to pay your solicitors’ fees if they don’t win your claim for you. In addition, there are no upfront costs or hidden fees that accrue in the background.

If your solicitor is successful and wins your claim for you, then a ‘success fee’ will be allocated to them as a small percentage taken from your payout. However, as this is legally capped and outlined in your agreement, you can rest assured that you won’t be losing a significant portion of your compensation.

Discuss Your Case

By getting in touch with one of our specialist advisors at Legal Expert, you could receive a free consultation on your data breach and access all of this information and more. If you have grounds to make a claim, they could connect you with one of our solicitors to handle your case for you on a No Win No Fee basis.

So, whether you’d like more information on anything included in this guide or you’re interested in receiving a free consultation to get a better understanding of your situation, reach out to us today:

Extra Resources

Thank you for reading our University of Cambridge data breach guide. To bring this article to a close, we’ll leave you with some helpful resources that could be of additional help in securing you the compensation that you deserve.

Please take a look through the links below to learn more about the different steps that you could take after falling victim to a data breach.

Other Useful Compensation Guides

Thank you for reading our guide to making a claim for a University of Cambridge data breach.

 

Guide by Mavers

Edited by Billing