As growing numbers of cyberattacks plague the UK and the rest of the world, more and more people are suffering due to passwords found on the dark web.
The dark web consists of areas of the world wide web that are usually accessible with the use of specific software or authorisations. It is where hackers can sell information that has been hacked, and where criminals can go to find information to exploit.
If one or more of your passwords has been found to have been breached, what can you do about it?
Safety first
Before we go into what people can do from a legal perspective for passwords found on the dark web, let’s address what steps you should take to protect yourself.
Firstly:
- Secure your accounts by changing your passwords immediately;
- Make sure you use strong, complex passwords that are a combination of letters, numbers, upper cases, and special characters;
- Do not re-use passwords for more than one account;
- Consider applying two-factor authentication to accounts or at least automatic notifications of login events;
- Keep a very close eye out for suspicious activity and check any login audit logs;
- Speak to companies that are involved and take heed of their advice too.
The last thing you want is for your login credentials to be abused – do the immediate and necessary things to keep yourself safe.
Legal rights for passwords found on the dark web
For passwords found on the dark web, where your credentials have been subject to a cyberattack or data breach involving an organisation, you have rights. What we mean by this is that, if the loss of control of your personal details was caused by your data being stolen from someone else, you may have a claim.
Some easy examples based on some of the dozens of group action cases we represent thousands of clients for:
- The British Airways data event;
- The Ticketmaster cyberattack;
- The Equifax data breach;
- The TalkTalk hack;
- LOQBOX hack.
In these scenarios, information (not necessarily passwords, this is just for example purposes) was stolen from those companies. As a result of the data theft, we believe that the above companies could – and should – have done more to have prevented the attacks from being successful. For example, Equifax failed to patch a known security vulnerability that was then exploited by hackers. British Airways has been issued with a provisional intention to fine in the sum of £183m as the ICO (Information Commissioner’s Office) confirmed that they could have taken more steps to prevent the attack taking place.
So, when someone else is at fault in cases of passwords found on the dark web, that is when you could be eligible to claim compensation. The GDPR can allow you to receive damages for the distress caused by the loss of control of your personal information, so it is not a case of only being able to claim when money is lost or stolen. On the contrary, most legal cases are for the distress alone, and this can be so substantial that data breach compensation pay-outs are often in the thousands of pounds area.
Legal advice now
You could be entitled to make a No Win, No Fee data breach compensation claim with us today.
As a leading firm of data breach lawyers, we are always happy to provide people with free, no-obligation advice about their options for justice.
Speak to the team here today and we will see if we can support you in any way that we can.