M&S, the Co-op, Harrods and other retailers have had a torrid old time as hackers gained access to their systems
In the last few weeks we’ve had some vivid reminders about what can happen when businesses are hacked, systems are unavailable or the power goes off.
M&S, the Co-op, Harrods and other retailers have had a torrid old time as hackers gained access to their systems. This led to the first two retailers struggling to fill their shelves, staff were unable to take payments other than cash and online orders went out of the window. It’s now emerged that some customer data has been compromised too.
Over in Spain and Portugal, a massive power cut had a huge impact on both nations. This left most of the infrastructure – from transport networks to restaurants and retailers – unable to operate. Tourists arrived in the country and unless they’d packed some cash, they were unable to escape the airport. Plastic cards were, of course, useless.
Oh, and it’s just been confirmed that over 1.2 million people struggled to get their hands on their cash on a glitch that hit a number of banks over the February payday period. This is on top of the numerous banking system meltdowns of late that have left people without access to vital sources of money, including benefit and pension payments.
So what are your rights if you are locked out of your banking system? Or if your food delivery fails due to a hacked supermarket? Here’s my guide.
Hacker attackers
Even though not being able to access goods or services that we need or rely on is frustrating, not all technical problems are the fault of businesses. In fact, in many cases, you won’t have lost money, just the ability to use a service you need.
Computer hacking is, of course, illegal, as is extortion – and all businesses face a relentless campaign from the hackers to break in to their systems. The fact that some of the world ’s biggest brands have fallen victim to hacks and data leaks indicates how widespread the problem is.
Businesses have to tell us if our data – from personal data to passwords and emails – have been compromised. But many stall for long periods of time while they ‘investigate’ the matter. Often bigger firms, particularly ones based abroad, are rubbish at personally notifying us about data breaches, slipping out vague news releases on to their websites instead.
According to the GDPR rules, a business must tell you personally about a data breach if it “is likely to result in a high risk of adversely affecting individuals’ rights and freedoms”. But that’s pretty subjective, isn’t it?!
So while you can seek compensation for your data being breached, proving that it has been compromised as a result of the business being hacked – and complacent – is often tricky.
In practice, it’s a case of keeping an eye on the news for any reports of data hacks. Hats off to M&S and Co-op for coming forward relatively quickly to admit that some data had been compromised in their recent hacking incidents, but bear in mind that you probably won’t get an email telling you exactly what data has been compromised.
If you are worried, then don’t delay, change your passwords today! You can use a password manager service if, like me, you struggle to remember passwords. You can also set up ‘two-stage authentication’ which adds an extra step in the process of logging in, like sending a text to your phone, which makes it harder to access your data. Finally, you can use biometric data, like face or fingerprint recognition options.
Services not provided
From weather catastrophes to power cuts, sometimes the services that we need are not available for reasons far outside of the control of individual businesses.
Take the recent power cuts in Spain and Portugal. You are not entitled to flight delay compensation as this isn’t the fault of the airline. However, the law does say the airline has to get you on the next available flight, even if that’s with another airline. In practice, if lots of people are affected, this could take days. The airline must also find accommodation if you are stranded overnight, along with basic costs for food and transportation.
When it comes to refunds, it all depends on what you were not able to do. If a gig is cancelled due to an unexpected event, then you are usually given the option of a refund as the service you paid for has not been provided. This principle generally applies to most (but not all) things.
If you’ve paid for an ongoing service, you might be able to ask for a proportional refund to reflect the period you couldn’t use it. So if a power cut to your caravan site meant it was out of operation for two months, you could ask for a proportion of your annual service payments to reflect that you could not use the caravan park.
With online orders from retailers, if the money has been taken, you can ask for a full refund. The same goes for cancelling orders without paying a penalty if they were time-specific. However, you aren’t entitled to compensation for simply not being able to do a weekly shop due to stock issues, or because you couldn’t pay by card.
What can I do if my bank has a technical problem?
Of all the technical problems, not being able to access your bank is by far the most serious. This can have a direct impact on all aspects of your life, including missed direct debit payments, inability to transfer money or receive it and even not being able to withdraw cash from an ATM.
There are two main types of bank problem that you can claim compensation for:
- Things you’ve directly lost or that have had a direct impact on you (like having no money, not being able to pay for essential services, being left stranded).
- Things that have resulted in a loss as a consequence of the problem (like missing a wedding because you couldn’t pay for a train or petrol).
When seeking compensation for a direct loss, you need to explain the impact on you as well as the money that you have lost. For example, if you were left stranded in an unsafe situation, like being stuck abroad, then it’s not just the costs you incurred for things like borrowing money or having to spend cash to ensure you were safe and accommodated. It’s also about the impact on you personally. This is referred to as a payment for ‘distress and/or inconvenience’.
‘Consequential loss’ is not usually the direct fault of the business. But you can argue that some things you’ve lost as a consequence of the bank systems failing should be paid for. So if you didn’t get to a job interview or your mortgage fell through, they aren’t going to compensate you for lost wages or for a new house.
But you could seek compensation for additional charges you had to pay because you had to get a cab to the job interview, or you incurred further solicitors charges. Consequential loss is not guaranteed though and depends on the individual circumstances.
If you are unable to resolve the matter, you can always make a complaint to the Financial Ombudsman Service (FOS). The ombudsman is a free and impartial service that has the power to compel any regulated financial business to pay compensation if it finds that you have been treated unfairly.
My top tip… Have more than one bank account. Use one for day-to-day spending and one for things like bill payment. Make sure they are with different banking groups though. If one goes down, you can ask for key organisations like your pension provider or employer to switch their payment details to the other account. Often they can recall payments made to a bank that’s having a systems error if they have not been processed.
- Martyn James is a leading consumer rights campaigner, TV and radio broadcaster and journalist
