Simplify Group customers are planning legal action to sue after their property transactions were halted for longer than one month because of a data breach.
After what appeared to be a cyber-security incident on the firm’s computers, some customers were unable to move, exchange or complete their orders.
Now, a law firm is working with customers of the group – whose brands include Premier Property Lawyers, JS Law, DC Law and Advantage Property Lawyers – with a view to bringing a compensation claim against Simplify.
Hayes Connor is a specialist in data breach investigations and said that it was contacted by a few customers concerned about what the breach might mean for them.
Customers of Simplify Group have had delays in house sales and purchases due to a November security incident. It is not clear if their data has been safe.
Initial concerns among customers were that the money they transferred to their solicitor might have been stolen.
Simplify Group, along with the Council for Licensed Conveyancers (the regulator that has been watching the situation), have stated since then that all customer funds remain safe.
There are concerns still about security of customer data. Many customers have given bank information, addresses, and copies of driving licenses to others in order buy/sell their houses.
These details can be used to fraudulently apply for credit on customers’ behalf by fraudsters.
Hayes Connor has begun collecting evidence from customers in order to bring a class action against Simplify. This is Money understands.
‘Buying or selling a home is one of the most stressful times for anyone at the best of times, so to be facing extra worry is something none of these people want – especially just before Christmas,’ said Richard Forrest, Legal Director at Hayes Connor.
Simplify Group conveyancing firms are recommended to home buyers by the likes of estate agents Purplebricks, Strike, Yopa and Fine & Country, among others
“To add insult to injury, we don’t know what happened or what data was accessed.
Simplify understands that home moves are a significant amount of personal data, which can prove very valuable to some people. Therefore, they have an obligation to customers to tell them what’s happened, how it affected them, and when to notify others.
“Any delay in addressing the problem will only increase people’s anxiety at a time when it is least needed.”
If the claim is granted, customers could receive compensation depending on what information was disclosed.
They will also be affected by how much distress they have experienced from the situation. These can vary between people.
Hayes Connor wants Simplify’s safety update. She claims that customers have not been treated well so far by the ‘walls of silence’.
Simplify stated that they are now at “close to business as usual” capacity. But some customers informed This is Money that transactions still have not been completed.
The typical time it takes to sell or buy a property is around 12 weeks.
While the exact nature of the security breaches has not yet been disclosed, Simplify told This is Money that they are the subject of an ongoing criminal investigation.
Security incident
Although the Hayes Connor case would likely fall under data breach legislations, This is Money knows that Simplify could be subject to a professional negligence lawsuit.
Every contract provides for the possibility of delays to completion. In these cases, customers may have the right to claim for the cost of some items. These cases would normally be resolved by their lawyer’s professional indemnity coverage.
Simplify firms are recommended to home buyers by the likes of estate agents Purplebricks, Strike, Yopa and Fine & Country, among others.
Together, it is estimated that they are involved in around five per cent of property transactions – spelling disruption for those who are in chains with Simplify Group customers, as well as the customers themselves.
Clients were unable to exchange or complete their purchase, and some clients were on the verge of completion. Some said they were on the edge of finishing their orders when the incident occurred. They found out that all their belongings had been moved to a van. There was nowhere for them to go.
One of the men even said that he’d been forced to sleep inside his car.
Websites were down, phone lines jammed when the breach occurred, so many people couldn’t contact their conveyancer in order to check the status of their purchase or sale. Others are still waiting long to hear from them.
This is Money has received complaints from buyers that transactions fell through due to the fact that other participants in the transaction were unwilling to delay and pulled out.
Simplify has stated that customers who switch conveyancers will not have to pay Simplify for their previous work. However, it is not clear whether the company will offer any compensation to those customers whose house purchase was canceled.
Late November saw the Council for Licensed Conveyancers tell those with un-exchanged addresses to switch to another conveyancing company to allow them to move forward.
Simplify spokesperson told This is Money, “We are aware that some clients experienced delays in their transactions during this period. But, starting at the beginning of the New Year, things should feel more normal for all clients.
Simplify will continue to work hard to reduce any adverse impact on its customers, and to prioritise the needs of our customers.
“This is a criminal investigation. We have limited information at this point, but we are able to confirm that the investigation is progressing.
“We are expanding our security to guard against cyber attacks that are growing and which all sectors (and others) are currently exposed to.
Forrest explained that while the law does NOT set a deadline for Simplify to inform its customers of the nature and safety of their data, the Information Commissioners’ Office encourages companies to do so as quickly as possible.
Forrest admitted that Simplify might not have all the details.
He said, “It bears all the signs of an attack externally on their systems.” “I cannot think of any other way it would be,” he said.
Ransomware attacks are a type of security breach that involves fraudsters gaining access to company systems in order to decrypt their data.
Then they demand payment. Upon receipt, access will be restored to the data.
Kronos is a payroll system firm that logs staff hours at Sainsbury’s and other large companies. Spar was also forced to shut down some of its stores earlier in the month due to ransomware attacks.