A judge has given permission for around 15,000 Scottish drivers to pursue a US-style class motion compensation claim against AM100 dealership group Arnold Clark over a dark web data breach in 2023.
Lord Sandison has allowed 1000’s of consumers to bring group proceedings on the Court of Session, Scotland’s highest civil court, after hearing evidence earlier this 12 months over how the Scottish automotive dealership had did not protect customers’ personal information.
Court backs Scottish claims route
In the newest case, a person called Robert Adamson applied to the Court of Session to boost the motion for himself and the opposite drivers following the cyber attack on Arnold Clark’s IT systems in December 2022. The small print held by the firm are believed to incorporate copies of passports and drivers’ licences. Names, dates of birth, vehicle details, contact details and National Insurance numbers could even have been taken.
Arnold Clark’s lawyer, Roddy Dunlop KC, had asked for permission to not be granted to the drivers to proceed, telling Lord Sandison that an analogous motion was being heard on the High Court in London involving other customers. He argued that it might be more appropriate for the Scottish drivers to affix within the English motion.
Nonetheless, in a written judgment published by the court on April 16, Lord Sandison rejected the arguments made to him by Arnold Clark’s legal team.
“The appliance of those legal principles as a way to determine the natural forum for the ventilation and determination of the case which the applicant wishes to bring before this case could be very straightforward,” he wrote.
“Over 95% of the group members within the proposed litigation are domiciled in Scotland. They entered right into a contractual relationship in Scotland with an organization registered here, which was governed by Scots law.
“As a consequence of their domicile, the loss and damage for which they seek compensation was suffered, on the hypothesis upon which their case proceeds, in Scotland. Nothing about their situation has any nexus by any means with England. The forum with probably the most real and substantial connection to the dispute, and that which is clearly more appropriate to take care of it, is that this court.”
Scale of breach raises concerns
Data protection laws state that individuals can claim compensation from any organisation that breaches those laws, including for any damage or distress caused.
Solicitors Thompsons told The Sunday Post newspaper it had been approached by greater than 5,000 individuals who had received a letter from Arnold Clark advising them that their personal data had been compromised.
Patrick McGuire, a partner on the firm, told the newspaper: “I feel that is the tip of the iceberg. Probably the most financially sensitive data has been posted on the dark web and positively includes data that will allow criminals to steal people’s identities and open fraudulent bank accounts. Our clients are understandably very fearful.”
Solicitors Jones Whyte, which has its headquarters in Glasgow, said it had also been contacted by greater than 1,000 individuals who can have been affected and that this number was “continuing to rise by the day”.
Customers were emailed in late January concerning the UK-wide hack that happened on December 23 which forced the business to shut down its entire computer network on Christmas Eve.
Ensure you mostly receive AM insights. Make us a preferred source of reports on Google
This Article First Appeared At www.am-online.com
