Registration Breach Settled In 4 Days
Our Client instructed Angelus Law on 25 February 2021 to pursue a Data Breach Claim against the Defendant, who was a personalised number plate company (Number1Plates).
The Defendant sent our clients invoice to another customer of the Defendants. This was a breach of the clients personal and sensitive data, as the client’s data was unlawfully sent to a third party without the consent of the client. Therefore this third party had unlawful access to all of the sensitive and personal information of our client.
Not only does a data breach take note of the breach at hand, but it also focuses on how the breach affects the client too. This is taken into consideration and is put forward to the defendant highlighting the mental strains the breach has caused our client.
Our client who is located in Merseyside stated:
“As a result of the breach, I am worried and concerned that my personal details have been disclosed and may have been sent to other customers of the Defendants, who then may use this for fraudulent purposes. If it was not for the third-party contacting me directly then I may not have been any wiser to this breach.”
With our client being a software test analysis, she is aware of how data can be processed, she had already reported the breach incident to the ICO (Information Commissioners Office), as soon as she was made aware. With our client having full knowledge of GDPR she elaborated further:
“I am also concerned that my email address has been breached and may have been breached to other customers, this is linked to my PayPal and social media accounts and I am anxious that third parties may access these accounts using my details. Added to this, I am also concerned with the fact that my name and address has been breached (and may have been breached to other customers) and could potentially be used for accessing my bank account information and/or applying for credit. The data breach from the Defendants has left me feeling very anxious and I have been waking up in the middle of the night with anxiety thinking about the breach, and the potential of other third parties having access to my personal data without my authority.”
As a data controller and processor, the Defendant (Number1Plates) had an overriding duty to protect the personal data of our client pursuant to Article 5(1)(f) of the UK GDPR and are prohibited from processing the personal data and sensitive personal data of our client without their consent pursuant to Article 6(1)(a) and Article 9(2)(a) of the UK GDPR respectively.
Angelus Law therefore sent a formal Letter of Claim to the Defendants. 4 days later Angelus Law have settled the claim pre-issue, achieving compensation for our client in the sum of £750.00.
Angelus Law have also requested a declaration from the Defendant that they shall comply with the provisions of GDPR and the Data Protection Act 2018, should they continue to process and control our clients personal and private data.
If you have been in a similar situation and a victim of a data breach, please contact a member of our team today.