NO WIN NO FEE
Data breaches have increased in terms of the number and the amount of people affected. Many big companies have been involved, resulting in some very large data breaches and payouts.
Our collective has dealt with over
Start your data breach claim with us today below or call 0330 828 1764
As featured in
£4,000 Average Claim
Customers, on average claim £4,000 from incidents of data breach
Free Expert Advice
Experts are ready and waiting to advise you in any way you need
No win, no fee
All solicitors work on a no win, no fee basis. 100% free, unless your claim is successful
60 second check
It only takes 60 seconds to begin your check for a potentially huge payout
No risk involved
There’s no risk in checking. It will not affect your credit score and it’s free
Alternatively, give one of our solicitors a call free on 0330 828 1764
Lines open 9am – 5pm Mon to Fri
Our collective has dealt with over
Data breaches have been increasing both in terms of number and the amount of people affected. Many big companies have been affected resulting in some very large scale breaches and compensation pay outs.
Alternatively, give one of our solicitors a call free on 0330 828 1764
GDPR Claim
Lovely supportive team! Sarah is brilliant, she helped me get through a tough period, always stayed in contact with me and referred me to the best of people resulting in an excellent outcome. Highly recommended!
Claire
A data breach is defined as the exposure of sensitive or confidential information to an unauthorised person, whether intentionally or unintentionally.
The person committing the breach can be a hacker, violating your private information for personal reasons or for the sake of a bigger entity. In some cases, the offender may not be a professional hacker at all, but rather just a grudging acquaintance of yours.
If a company that holds your data ends up giving it to an unauthorised party without your permission, this is also considered a data protection breach under GDPR.
As you can see, any one of us can be subjected to a GDPR breach. Thus, we must try our hardest to protect our information, starting by understanding why and how a data breach occurs in the first place.
The General Data Protection Regulation (GDPR) describes a personal data breach as a violation of secure or confidential personal information by an unauthorised party. The personal data may be lost, misused, stolen, or destroyed. This covers both accidental and deliberate breaches of data.
An example of a personal data breach is when an unauthorised third party like a hacker gains access to your data. Another data breach example is the loss of availability or alteration of your personal data without permission.
Alternatively, give one of our solicitors a call free on 0330 828 1764
Lines open 9am – 5pm Mon to Fri
Alternatively, give one of our solicitors a call free on 0330 828 1764
As featured in
Due to the need to protect people’s data, the EU General Data Protection Regulation (GDPR) came into place in 2018, and was later superceded following Brexit by UK GDPR. The Regulation aims at protecting individuals and giving them the right to redress in circumstances where their data has been mishandled by third party entrusted with it. The third party here applies to a range of organisations that operate both online and offline services where a person’s data need to be stored.
Under GDPR you can make a data breach claim if you believe that your data has been breached. In many circumstances you will have already been informed about the breach by the organisation which will have usually taken steps to minimise the impact of the breach and the potential risk.
When a breach has occurred, it is common practice for the Information Commissioner’s Office (ICO) to be informed. In some instances, the organisation may attempt to reach a settlement with you outside of the court process, but for the best chances of maximising your data breach compensation we would recommend your claim being properly represented.
For the best chance at a data protection claim, it’s important to act fast, as there are strict time limits in place. Missing the deadline could mean forfeiting your right to claim.
Alternatively, give one of our solicitors a call free on 0330 828 1764
Lines open 9am – 5pm Mon to Fri
Claims on data breach incidents are happening every day.
51%
Of consumers expect financial compensation if their information is lost or stolen
99%
Of UK citizens have had a data breach and can claim thousands of pounds in compensation
The UK has a population of nearly 70 million people
88%
Of data breaches in the UK are said to be due to human error and warrant compensation
A data breach claim is a claim you can make against an individual, an entity, or a number of defendants. In the claim, you state the defendant to be a responsible party for the exposure of your personal information, seeking financial compensation for the damages.
The current law allows you to make a claim for the material damage of the breach, like losing money, and the non-material damage, like suffering from any distress and anxiety caused by the data breach.
If data protection law is breached, GDPR gives you an opportunity to claim compensation from the organisation responsible for the breach that should have been properly protecting your data.
The amount of data breach compensation varies according to the type of the breach and the court judgment.
These are some of the typical GDPR breach compensation ranges:
The lowest compensation goes for the mild breach of personal data, such as your name, date of birth, home address, and email address.
You get a bigger compensation for the breach of medical information, starting from £2,000 to £5,000. You can get from £3,000 to £8,600 if your financial information is breached, depending on the complications of the breach.
You can get from £8,600 to £25,700 for the more serious data protection breach cases that have led to serious consequences.
If the data breach has caused any sort of physical or mental diseases, your compensation can amount to £42,900. However, in such cases, you must provide evidence for your medical condition and your financial losses.
It’s important to note that these estimates aren’t fixed; it’s left for the court to decide your exact compensation award. In some cases, the court may deny your demand for compensation if it sees that you’ve not provided enough evidence for your case. It might even order that you pay for the defendant’s costs in such a case.
This is why we always recommend that you seek advice from an independent legal entity.
Under the DPA and GDPR, you are entitled to file a claim for data breach compensation if:
For your claim to be successful you will need to demonstrate that the company that held your data failed to take all appropriate steps to ensure the safety and security of your data and that, as a result of their negligence, your data was released or made available to other, third parties or organisations without your consent.
Any company that is holding your data has certain obligations with that data and a claim can be made if:
The average compensation for breaching the Data Protection Act varies according to the specific circumstances of each case, but compensation amounts usually fall between £1,000 and £42,900, depending on the seriousness of the data breach. In some cases, you might be able to claim more compensation for a personal data breach that has related to a leak of sensitive information which has caused you significant emotional distress.
The following figures can be used as a rough guide to how much compensation you could receive as a result of different types of data breach.
| Type of breach | Possible compensation amount |
| Breach of a person’s name, date of birth, home address, and email address | £1,000-£1,500 |
| Breach of medical records | £2,000-£5,000 |
| Breach of financial information | £3,000-£7,000 |
| Breach that leads to an illness or depression (medical evidence would be needed to support this alongside evidence to show any other losses e.g. earnings) | £25,700-£42,900 |
The amount of money that data breach claimants have received in compensation has increased over the years. Initial breaches of the Data Protection Act typically only won about £2,500 in damages related to the disclosure of personal information. However, as companies have been collecting more private data, more cases have been going to court and leading to more precedents and higher compensation amounts being set.
The majority of data breach claims are settled outside of court, but the amount of money that is agreed on is normally informed by cases that are similar in nature. Below are some data breach compensation examples.
| Company | What happened? | Average claim amount |
| Easyjet | A cyber-attack on Easyjet’s IT systems allowed hackers to access personal data of 9 million customers | £2,000 |
| 118 118 Money | Customer call recordings in which personal details could have been discussed were targeted by hackers | £1,500 |
| Blackbaud | Cyber-attack stole sensitive information at software giant Blackbaud that affected other companies linked to them including National Trust | £2,000-£3,000 |
| Bounty | Disclosed personal data of pregnant women and mums to third parties for marketing purposes, almost 35 million pieces of data revealed | £1,000 – £2,000 |
| Bristol City Council | An email error by council employee saw identities of hundreds of families with disabled children shared without their consent | £2,000-£3,000 |
| British Airways | A hack occurred in which 420,000 customers personal and financial details were stolen | Up to £6,000 |
| Claire’s Accessories | A hack via malicious code that obtained customer information during online checkout | £3,000 – £5,000 |
| Dixons | A hack that saw over 10 million customer records accessed by malicious software on tills in stores | £1,500 |
| Equifax | Cyber criminals accessed Equifax systems in USA and stole personal information of 146 million people worldwide | £1,000 – £2,000 |
| Equinti | Hundreds of annual benefit statements for Sussex police officers were sent to wrong addresses | £1,000 – £2,000 |
| Hockley Medical Practice | Medical data of thousands of patients accessed by hackers | £3,000 |
| Lloyds Pharmacy | Private medical documents were accidentally delivered by a courier company to a home in Scotland | £1,500 |
| LOQBOX | Hit by a cyber-attack that allowed hackers to access personal data and in some cases payment card data | £4,000 |
| Marriott | Cyber-attack occurred in 2014 but wasn’t discovered until 2018 affected 7 million guest records in UK | £2,500 |
| National Trust | Breach originated at Blackbaud, but National Trust fundraisers and volunteers were affected as personal data exposed | £2,000-£3,000 |
| OnePlus | Information hacked through online store; personal data accessed by cyber criminals | £1,500 – £2,000 |
| T-Mobile | Breach affected over 1.2 million of prepaid customers, hackers accessed personal information | £1,500 – £2,000 |
| TeamSport | Accidental release of hundreds of personal and financial details of former employees to an individual | £4,000 |
| Ticketmaster | 40,000 customers personal and financial information stolen by cyber criminals | £5,000 |
| A bug inside Twitter led to the private tweets of 88,726 users being made public | £1,000 | |
| Virgin Media | An unsecured database meant personal information of existing and potential customers was accessed without permission | £5,000 |
| Watford Community Housing | Error by staff member meant email was sent out with information about 3,545 tenants containing personal data | £2,000 |
| Zoom | Targeted by a hack that led to around 500,000 user accounts appearing for sale on the dark web | £2,500 |
All compensation amounts are estimates/averages and are dependent on the degree to which the individual has been affected by the data breach.
While there are a number of specific companies that have been affected by sizeable data breaches (as outlined above), there are some sectors where data breaches are common, and the impact in many cases could be significant because of the often highly sensitive nature of the data involved.
Some of the types of data breaches where you could have a claim include: Government Data Breaches, School Data Breaches, Credit Card Data Breaches, Bank Data Breaches, NHS Data Breaches, Charity Data Breaches, App & Website Data Breaches, and Private Company Data Breaches. We are able to assist you if you have been a victim of a data breach in any of these specific areas, as well as others.
Data leaks happen when an organisation provides confidential information to an untrusted recipient. This includes any form of unapproved transmission of data to an external party, electronically or physically.
This criminal act, however, isn’t always intentional. In fact, just under a fifth of all data leak cases happen by accident and are often due to human error. Examples include sending confidential information to the wrong email address and mishandling a file containing private info and misplacing it.
Essentially, any event that exposes private information to unauthorised persons in an unwanted or harmful way is considered a data leak. A few common examples are as follows:
If any of the below apply to you, you should check for compensation online right away.
Alternatively, give one of our solicitors a call free on 0330 828 1764
Free Consultation
We offer a free data breach consultation to anyone who is looking to make a claim
No win, no fee
If your case or cases have no financial payout to you, you don’t pay a single penny
Data breach experts
We use dedicated data breach solicitors who have handled thousands of data breach claims
First, you’ll need to find out what kind of data has been affected, and what steps the organisation plans on taking to help you. If the association fails to repair the damage or to give you GDPR compensation for the damage done, then, you can reach out to Data Breach Claims.
Data Breach Claims will connect you with the kind of expertise the situation calls for. It’ll put you in contact with claims experts who will act as an intermediary between you and the company being claimed against.
You can also report your case to the ICO who will investigate the matter and potentially fine the organisation. If the organisation is found to have broken data protection laws, the Information Commissioner’s Office (ICO) won’t give you compensation, but their findings will help the matter greatly.
If your data is breached, that means that your personal information has been accessed, altered, lost, destroyed, or shared with an unauthorised person without your consent. It’s basically a failure of the system that is intended to protect. That could happen to individuals, companies, or even the government itself.
If you suffer any damage whether it’s material, or emotional because of a data protection breach, then you have a right to make a claim for data protection breach compensation.
Whereas businesses based in or outside the UK had previously been following EU GDPR for processing UK users’ personal data, this is now governed by a new domestic law called UK GDPR. This effectively provides the EU equivalent level of data protection. Those business offering goods and service to EU user should continue to follow EU GDPR.
UK Claims that relate to period up to Dec 31, 2020 would be under EU GDPR, and any after that, the new UK GDPR would apply. In practical terms this won’t make much difference to your ability to claim as the data protection principles are largely the same.
Suppose you’ve been victim to a security violation, meaning your personal information has been violated, copied, stolen, destroyed, or transmitted by an organisation. Then you have the right to claim personal data breach compensation for a breach.
If there’s a data breach affecting your personal information, an organisation is obligated to inform both you and the ICO.
The organisation should clarify in plain language:
If you think that your personal information has been violated due to a data breach but haven’t been notified by the organisation involved, contact them straight away.
Under the GDPR, notifications are generated when the breach of personal information is believed to result in a high risk to the rights and freedoms of individuals. However, this process is optional and not mandatory. Therefore, not all data breaches need to be notified to the authorities.
Under the GDPR, there are some points to be included in the notification. When reporting a personal data breach, you must describe the nature of the breach, including, if possible, the categories and the approximate number of data subjects and data records concerned.
When making a claim for data breach compensation for distress, it can be more difficult to demonstrate than proving a financial loss where you can show what has been taken from your account. If your experience of distress from a data breach is serious and you want to make a claim some evidence that could help your chances of it being successful include, medical evidence such as doctors appointments and medication prescribed for sleeping or to reduce anxiety, a written note from your doctor, documented time off work and sick pay, and any other documentation that could show the impact the breach has had in your life.
Data breaches have become more and more frequent as companies regularly hold personal data about you. Having that data breached can be highly stress inducing and you should be able to hold the organisation accountable and claim the money you deserve. Contact us today and we will put you in touch with specialist data breach solicitors who can help validate and pursue your GDPR compensation for distress.
Your initial action should be to protect the rest of your data to ensure no further data breach is made. The next step should be looking into how your data has been breached, then seeking help on your case for compensation.
Here are detailed steps you should take once you’re aware of the data breach.
If an organisation has failed to protect your data, you are entitled to claim compensation regardless of whether you have suffered any losses or not. We can make a claim on your behalf for anguish or anxiety caused by a data breach, but if you have suffered financial harm as a direct result of the breach, the amount of compensation you might be able to claim would likely be far greater.
At Data Breach Claims we work on a No Win, No Fee basis. We only take on cases we believe we are able to win.
If your case is successful we will take a percentage of your compensation as our management fee or legal costs, if your case does happen to be unsuccessful, you pay nothing. This way there is absolutely no risk involved for you in making a data breach compensation claim.
When you contact us, we’ll put you in touch with an expert data breach solicitor who will be able to contact the company in question and use any information you have provides plus that available from the ICO to establish whether your data has indeed been breached.
If you’re determined on going to court, you should have legal support. At Data Breach Claims, we’ll help you determine whether you have a strong case or not. If it’s a yes, our team will introduce you to the best and most suitable solicitors and claims management companies for you.
The experts will give you solid legal advice and help present your claim to the court to guarantee you get the compensation that truly makes up for the hardships you had to go through.
Click one to see more
As featured in the national press.
Alternatively, give one of our solicitors a call free on 0330 828 1764
Lines open 9am – 5pm Mon to Fri
As featured in
Click one to see more.
The GDPR is a set of strict rules that must be adhered to when processing the personal data of EU citizens. Failure to comply with
You could be in line for data breach compensation worth thousands if your child’s data has been affected by a company’s data breach Parents know
If a company or organisation is storing your personal data and fails to keep it secure which has ultimately resulted in a breach, you have
Alternatively, give one of our solicitors a call free on 0330 828 1764
Lines open 9am – 5pm Mon to Fri
Our collective has dealt with over 14,000 data breach cases
Lines open 9pm – 5pm Mon to Fri
Egerton House, 2 Tower Road, G5D, Birkenhead CH41 1FN
© DataBreach Claims 2023. Data Breach Claims is a trading name of Evans Hughes Ltd company number 12573301. Authorised and regulated by the Financial Conduct Authority 927014. Evans Hughes Ltd is registered with the Information Commissioner’s Office under registration reference ZA754708. This website is operating in accordance to the privacy policy. ICO reg no. ZA473694. Data Breach Claims connects clients to regulated solicitors who deal with data breaches. We do not perform any legal services but simply connect you to a legal representative.
