Data hacking victims should have help claiming compensation, report finds

A parliamentary report into last year's TalkTalk hack has called for more to be done to help people who have suffered at the hands of cyber criminals.
A range of recommendations have been outlined in the final report of the Culture, Media and Sport Select Committee's inquiry into cyber security, which was launched on the back of the TalkTalk hack that hit about 157,000 of its customers last October.
In terms of how this could impact you, the report is not only calling for it to be easier to claim compensation if your personal info is hacked. It's also putting pressure on companies to clearly spell out to potential customers whether they'd be able to terminate a contract early if they lost money following a data breach.
When MoneySavingExpert.com first reported news of the TalkTalk cyber breach – and what the ramifications for customers were – the telecoms company said it wasn't in a position to discuss the prospect of paying compensation to those affected by the hack. Its official line was that customers could escape contracts penalty-free only if they'd had money stolen as a direct result of the breach.
However, the publication of today's report has now put the issues of data breach compensation and contract cancellation firmly under the spotlight.
Check out our guide for tips on how to haggle with mobile, TV and broadband providers for a better deal.
What did the Select Committee report recommend?
The list of 17 conclusions and recommendations in the 'Cyber Security: Protection of Personal Data Online' report included:
-
Making advice on claiming compo more readily available. The committee says there are a number of groups and organisations (eg, Citizens Advice, the Information Commissioner's Office and police victim support units) that could, in principle, provide further advice to consumers on seeking redress through the small claims process.
-
Solicitors to provide advice to data breach victims. The Law Society, the representative body for solicitors in England and Wales, has been encouraged to provide guidance to its members on helping people seek compensation following a data breach.
-
Checking if existing measures are adequate. The Information Commissioner's Office (ICO) has been told it should assess if adequate redress is being provided by the small claims process in relation to data breach victims.
-
Clearer upfront info on cancelling contracts in the event of a data breach. Telecoms companies have been told they should clarify, in simple language for consumers, if financial losses as a result of a data breach would be sufficient grounds to terminate a contract early – so potential customers can make an informed choice when choosing a service or product.
-
Launching a consumer awareness campaign. The committee says the Government should initiate a public awareness-raising campaign focusing on online and telephone scams. It says all relevant companies should provide well-publicised guidance to existing and new customers on how they will contact customers and how to make contact to verify that communications from the company are genuine.
-
Fines for companies that fail to guard against cyber hacks. The ICO has been told it should introduce a series of escalating fines for companies, based on the lack of attention paid to threats and vulnerabilities which have led to previous breaches.
What happened with the TalkTalk hack?
When TalkTalk, which has around four million customers, was hacked in October last year the financial information – banking sort codes and account numbers – of 15,000 people were stolen. Around 28,000 people had obscured versions of their debit and credit card details taken, while in total nearly 157,000 customers' personal details were accessed.
At the time of the hack, TalkTalk said only customers who'd had money stolen as a direct result of the hack could cancel the contract penalty-free, which meant some people who weren't directly impacted but who wanted to terminate their deal because of concerns about TalkTalk's security measures could've had to pay £100s to quit their contract.
In response to this we provided a step-by-step guide on how customers could get round TalkTalk's contract cancellation policy.
What happens next?
Whether or not the Select Committee's recommendations are followed depend on various organisations and bodies, such as the Government and the ICO.
Meanwhile, the ICO is conducting its own investigation into the TalkTalk data breach. In its findings published today, the Select Committee complained about the eight-month-and-counting wait for the ICO's report and suggested it was understaffed.