We've been featured in:

University Of Manchester | Data Breach Compensation Claims

If you’ve been impacted by a University of Manchester cyber incident or data breach, this guide offers advice on your legal rights and options.

In some circumstances, it may be possible to claim compensation for a data breach. If that is a course of action you want to explore, we can help. We operate a 24-hour helpline which you can call to take advantage of a free case check.

  • You can speak with us now by calling 0800 073 8804
  • You can also write to us about your claim online
  • Or chat with us now using our live chat box

University of Manchester data breach cyber incident

University of Manchester data breach claims guide

Select A Section

The University Of Manchester Cyber Incident And Data Breach (June 2023)

In early June 2023, the University of Manchester confirmed in a statement on its website that it has been the victim of a cyber security incident. It’s suspected that a small amount of data relating to students and alumni may have been copied.

Manchester Uni has taken prompt steps to inform the affected individuals of the breach and is working hard to resolve the data breach. In particular, the organisation is working closely with the National Cyber Security Centre and the Information Commissioner’s Office (ICO) to fix the issue.

Students, staff and alumni have been urged to reset their passwords and to report any suspicious activity. The University of Manchester has also confirmed that it has made improvements to its email filtering system. They have also offered a 12-month Experian service to monitor credit scores.

If you have received a notification letter or email from Manchester University about the data breach and want advice on your position, you can call us today on the freephone number at the top of this page.

For more information, head here: https://www.manchester.ac.uk/cyber-incident/

How Could A Data Breach Happen At The University Of Manchester?

When you read about data breaches in the news, they are often caused by cybersecurity issues such as phishing emails, malware, ransomware, keyloggers and viruses. What you may not realise though, is that the GDPR covers non-digital information as well. As an example, in the same way that computers need to be kept locked if they contain personal data, filing cabinets in offices should be locked if they have any documents that could be used to identify a data subject.

The definition of a personal data breach, as listed in the GDPR, is when a security problem causes personal data to be disclosed, destroyed, altered, lost or accessed in an unauthorised manner.

The ICO may decide to investigate any type of breach whether it has been caused by an illegal, deliberate or accidental act. When any breach takes place, data controllers are obliged to investigate. If it becomes clear that there is a risk to a data subject, they must be told of the incident. They should be told what information was accessed and when the event occurred. The ICO also needs to be informed.

For details on how Legal Expert could help you start a claim for the harm caused by a university data breach, please contact our advice team today.

GDPR Breach Definition

If you wanted to read through the 88-pages of the GDPR, you’d find that it’s not too difficult to understand like some legislation. It clearly defines some roles and responsibilities relating to data protection. For example, where a university is registered as a data controller, they will need to show that they comply with the following principles listed in the GDPR. They must:

  • Use techniques which are legal, fair and transparent when processing personal data.
  • Explain to the data subject about why personal information is required.
  • Not collect any more personal information than is required to meet the data processing requirement.
  • Allow any personal details that are stored to be kept up to date.
  • Use processing techniques which are secure and confidential.
  • Only retain personal details for as long as they are required. There is no actual time limit defined though.

Any information that could help to identify a data subject is covered by the GDPR. That could include data like names, addresses, contact numbers, staff ID numbers or student enrolment numbers. Additionally, some information about certain protected characteristics like disabilities, sexual orientation, race or age is also covered.

ICO Action Taken Against Universities For Breaches In Data Protection

Now we’re going to look at a case study about a data breach that could’ve caused major problems for the University of Manchester as well as other universities. It happened when a software supplier, Blackbaud, was hacked.

The company sell database solutions to higher education establishments which many use to manage relationships with their alumni. Many use the company’s cloud-based solution. It was the backup servers of this solution which was affected by the breach.

After an investigation was conducted, and a ransom demand was made by the hackers, the company took steps to inform the customers who were at risk. In turn, the universities reported the incident to their alumni, staff and students where necessary.

However, in an unusual turn of events, Blackbaud decided that it would be best to pay the ransom. While this is not usually recommended, the company did receive assurances from the criminals that the data had been destroyed.

News article: https://www.theregister.com/2020/07/24/blackbaud_uk_universities_data_breaches/

If you have suffered following a university data breach involving your personal information, why not speak with Legal Expert today to find out if you have a valid compensation claim?

Rates Of Breaches In Data Protection By Universities

While we have demonstrated that data breaches in universities do happen, we haven’t really discussed how often they occur. To demonstrate this, we’re going to provide some statistics from a recent study. It was conducted by an IT security company who questioned 86 UK universities. They found that:

  • The average staff training budget (for data safety guidance) was only £7,529 per university each year.
  • Almost half of the universities who responded said that no proactive security training was offered to students (49%).
  • 46% of employees had not been given data security training within the previous 12-months.
  • Over half of the universities (54%) had contacted the ICO (within the last 12-months) to report a data breach.
  • Over one-quarter of universities said they’d not hired an external firm to assess the security systems in place to protect their IT equipment.

Report URL: https://www.redscan.com/media/The-state-of-cyber-security-across-UK-universities-Redscan-report.pdf

Criminal Cyber Attacks And Breaches

There has been a lot of information supplied in this guide about how data breaches take place and what harm they can cause. Many are caused by criminal activity, but what can be done to stop them? Well, we are not IT experts by any means, but there are some good practice guidelines that could help. They include:

  • Offering proper data security training to all students, staff and contractors.
  • Using encryption software so any data held on portable devices cannot be accessed if stolen or lost.
  • Ensuring data protection policies are adhered to and reviewed regularly.
  • Hiring a cybersecurity expert to test the security of the university’s IT infrastructure to allow any vulnerabilities to be fixed before criminals exploit them.
  • Only allowing devices to use the network if they have been patched with the latest security updates.

Educational budgets are often stretched so these steps might be difficult to implement. However, based on the amount of sensitive data held by universities, the investment could prevent a lot of harm in the future. Furthermore, it may help prevent an ICO fine.

How Could The Victim Of A Breach In Data Protection Be Compensated?

Wouldn’t it be nice if you could tell a defendant how much compensation you would like to be paid and that was the end of it? Unfortunately, things aren’t that easy as you will need to explain every element of your claim and supply evidence to support it. Also, as settled claims can’t be resubmitted, you need to review what harm could be caused as well as any that has already resulted from the data breach.

You’ll usually start by looking at the money that has been lost and any expenses you’ve incurred. This part of the claim is called material damages. It’s probably easiest to start by calculating the amount you have already lost. After that, you may need to work out if more money could be lost in the future. While you might not think that’s possible, just imagine what could happen if your personal information has been sold on the dark web to criminals who carry out identity thefts.

The second part of your claim is called non-material damages. This is claimed for any pain, suffering or loss of amenity that a personal data breach has caused you. Again, it’s often easiest to start with the suffering that has already occurred. Therefore, you’d usually claim for any conditions which have already been diagnosed medically. After that, your claim could include any future suffering that an independent medical specialist diagnoses. For example, Post-Traumatic Stress Disorder (PTSD) might cause problems with your ability to function properly, return to work or manage personal relationships.

Due to the complexity of these claims, our advice is to let a specialist represent you. If your case is taken on by Legal Expert, we will provide a solicitor who will assess all elements of your case before a claim is submitted.

Compensation Payouts For University Data Breaches

In this section, we are going to explain what amounts of compensation could be paid for injuries caused by a university data breach. Of course, we can only provide you with a personalised compensation estimate after your claim has been reviewed by a lawyer, but this information should help.

In a case heard at the Court of Appeal (Vidal-Hall and others v Google Inc [2015]), it was decided that claims for psychiatric injuries that result from a personal data breach could be made whether you have lost money or not. Furthermore, the court stated that payments should be awarded using the same amounts paid in personal injury cases. Therefore, we have supplied some relevant figures in the table below that are taken from the Judicial College Guidelines (JCG). Lawyers, courts and legal professionals will often lookup figures in the JCG when settling compensation cases.

Edit
Injury Type Severity Compensation Bracket Supplementary Information
Psychiatric Injury Severe £51,460 to £108,620 The claimant will remain vulnerable as treatment is not likely to help. A very poor prognosis and there will be a very serious impact on relationships, work and coping with everyday life.
Psychiatric Injury Moderately Severe £17,900 to £51,460 The claimant will be given a more optimistic prognosis but will suffer very similar problems to those detailed above.
Psychiatric Injury Less Severe Up to £5,500 Minor symptoms that fully resolve in a short space of time.
PTSD Severe £56,180 to £94,570 The claimant won’t be able to function at anywhere near pre-trauma levels a permanent symptoms will prevent a return to work.
PTSD Moderately Severe £21,730 to £56,180 In the immediate future, the symptoms will be just as serious as above. However, there will be some hope of improvements with professional support.

To help prove how severe your injuries are (which is an important factor used to set compensation levels), you will be required to attend a local medical assessment as part of your claim. An independent medical expert will ask you a series of questions to try and understand the effect the data breach has had on you. When your meeting is over, the specialist will document their findings and send a copy of their report to your solicitor. As this report provides valuable information which could help to substantiate your allegations, medical assessments are required in all cases.

Why Work With Our Data Breach Solicitors?

So, if you’ve decided that you’d like to start legal proceedings now that you’ve read this article on data breach claims against the University of Manchester, your next step may be to locate a suitable solicitor. While you might do so by asking for recommendations, looking locally or reading online reviews, we can offer an easier solution.

Simply call the Legal Expert advice line today and we could partner you with a specialist data breach solicitor. We offer free advice and an assessment of any claim without obligation. If your case is accepted, your solicitor will be available to answer any queries during your claim. Furthermore, they’ll update you regularly and explain any complexities that crop up in the claims process. Our solicitors will always work hard to try and make sure you are compensated fully for your suffering.

Please get in touch today if you’d like to know more about how we could help you claim.

No Win No Fee Data Breach Claims Against The University Of Manchester

We realise that many people worry about how stressful data breach claims might be. The biggest worry is usually connected with the legal fees involved. However, to reduce that worry, and your financial risk, our team of solicitors provide a No Win No Fee service if your claim is accepted.

To begin with, a solicitor will need to verify that your case appears feasible. If they decide to take the claim on, you’ll receive a Conditional Fee Agreement (CFA), which is another name for a No Win No Fee agreement, that will explain how your claim will be handled. The CFA will also show you that:

  • No fees or charges need to be paid for your case to begin.
  • You won’t be billed any solicitor’s fees while the case is processed.
  • Should the case fail, you will not be liable to pay solicitor’s fees at all.

When there is a positive outcome to the claim, your solicitor’s fees will be covered by a small ‘success fee’. This is listed in your CFA as a percentage of your compensation so you will know how much you’ll pay before you sign up. To put your mind at ease, we should explain that success fees are legally capped.

Would you like to check if you’re able to claim on a No Win No Fee basis? If so, please call the advice line today.

Make A Data Breach Claim Today

We would like to thank you for reading this article about claiming for a university data breach. If we have helped you decide to start a claim, and you would like to be represented by one of Legal Expert’s solicitors, you can start the ball rolling by:

So that we don’t offer false hope regarding your chances of receiving compensation, our advisors will always be open and honest with you. They will happily review any case on a no-obligation basis and offer free claims advice. Should your case appear to have a reasonable chance of success, you could be partnered with one of our data breach lawyers. Any claims taken on by Legal Expert will be conducted on a No Win No Fee basis.

Resources To Help Data Breach Claimants

Now that we have shown you all of the information about making data breach claims against the University of Manchester, it’s time to look at what other resources you may need to refer to if you go on to start a claim.

Also, to demonstrate how Legal Expert could help you with different types of claims, we have provided some links to more of our guides here too. Please do let us know if you need any additional information.

Other Useful Compensation Guides

If you need any more guidance on the University of Manchester cyber incident and data breach, please get in touch.