Data Breach Compensation
Find out about data breaches and claim your compensation
Not sure? You could be owed an average of £4,000 in compensation and it only takes 60 seconds to check using our online form
We will put you in touch with the UK’s top data breach solicitors to help you claim the GDPR breach compensation you deserve from guilty companies, strictly no win, no fee and it’s completely free to check
As featured in
£4,000 average claim
Customers, on average claim £4,000 from incidents of data breach
Free expert advice
Experts are ready and waiting to advise you in any way you need
No win, no fee
All solicitors work on a no win, no fee basis. 100% free, unless your claim is successful
60 second check
It only takes 60 seconds to begin your check for a potentially huge payout
No risk involved
There's no risk in checking. It will not affect your credit score and it's free
The biggest data breachesData breaches have been increasing both in terms of number and the amount of people affected. Many big companies have been affected resulting in some very large scale breaches and compensation pay outs.
Click a company to view more information about their breaches
Ticketmaster
Number of records compromised
40,000
Date
Between February and June 2018
What happened?
A hack occurred in which the personal and financial details of Ticketmaster customers were stolen by cyber criminals. The information stolen by the hackers was all information that, in the wrong hands, could be misused for fraudulent purposes.
Think this applies to you? We'll check for free
Start My FREE Data Breach Claim 100% Safe secure, no win no fee checkAlternatively, give us a call free on 0333 444 0325
Virqin media
Number of records compromised
900,000
Date
Between April 2019 – 28 February 2020
What happened?
A Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months.
Think this applies to you? We'll check for free
Start My FREE Data Breach Claim 100% Safe secure, no win no fee checkAlternatively, give us a call free on 0333 444 0325
EasyJet
Number of records compromised
100,000+
Date
2020
What happened?
You could claim compensation worth thousands if your data was affected by the EasyJet hack that occurred in 2020.
Think this applies to you? We'll check for free
Start My FREE Data Breach Claim 100% Safe secure, no win no fee checkAlternatively, give us a call free on 0333 444 0325
A data breach is defined as the exposure of sensitive or confidential information to an unauthorised person, whether intentionally or unintentionally.
The person committing the breach can be a hacker, violating your private information for personal reasons or for the sake of a bigger entity. In some cases, the offender may not be a professional hacker at all, but rather just a grudging acquaintance of yours.
If a company that holds your data ends up giving it to an unauthorised party without your permission, this is also considered a data protection breach under GDPR.
As you can see, any one of us can be subjected to a GDPR breach. Thus, we must try our hardest to protect our information, starting by understanding why and how a data breach occurs in the first place.
Alternatively, give us a call free on 0333 444 0325 Lines open 9am - 5pm Mon to Fri
Due to the high frequency of data breaches, the General Data Protection Regulation (GDPR) came into place in 2018. The GDPR aims at protecting individuals and giving them control over their data in case a third party holds it. The third party here applies to social media platforms, online services, or offline retailer.
The GDPR’s laws state that you can make a data breach claim if you believe that your data has been breached. However, you must first attempt to reach an amicable agreement with the defendant, aka the third party, outside the court.
If the defendant declines your demand or you can’t settle things outside court, you have the right to take the matter to the court and make a legal claim. But bear in mind that you have to let the defendant know that you intend to take the claim to court.
Alternatively, give us a call free on 0333 444 0325 Lines open 9am - 5pm Mon to Fri
Data breach in figuresClaims on data breach incidents are happening every day
51%
Of consumers expect financial compensation if their information is lost or stolen
99%
Of UK citizens have had a data breach and can claim thousands of pounds in compensation
The UK has a population of nearly 70 million people
Start My Claim 100% Safe & secure, no win no fee check88%
Of data breaches in the UK are said to be due to human error and warrant compensation
A data breach claim is a claim you can make against an individual, an entity, or a number of defendants. In the claim, you state the defendant to be a responsible party for the exposure of your sensitive information, demanding financial compensation for the damages.
The current law allows you to make a claim for the material damage of the breach, like losing money, and the non-material damage, like suffering from distress and anxiety.
The amount of data breach compensation varies according to the type of the breach and the court judgment.
These are some of the typical compensation ranges:
The lowest compensation goes for the mild breach of personal data, such as your name, date of birth, home address, and email address.
You get a bigger compensation for the breach of medical information, starting from £2,000 to £5,000. You can get from £3,000 to £8,600 if your financial information is breached, depending on the complications of the breach.
You can get from £8,600 to £25,700 for the more serious data protection breach cases that have led to serious consequences.
If the data breach has caused any sort of physical or mental diseases, your compensation can amount to £42,900. However, in such cases, you must provide evidence for your medical condition and your financial losses.
It’s important to note that these estimates aren’t fixed; it’s left for the court to decide your exact compensation award. In some cases, the court may deny your demand for compensation if it sees that you’ve not provided enough evidence for your case. It might even order that you pay for the defendant’s costs in such a case.
This is why we always recommend that you seek advice from an independent legal entity.
Under the DPA and GDPR, you are entitled to file a data breach claim for up to £2,000 or more in compensation if:
For your claim to be successful you will need to demonstrate that the company that held your data failed to take all appropriate steps to ensure the safety and security of your data and that, as a result of their negligence, your data was released or made available to other, third parties or organisations without your consent. Any company that is holding your data has certain obligations with that data and a claim can be made if:
The average compensation for breaching the Data Protection Act is between £1,000 and £42,900. In some cases, you might be able to claim more compensation for a personal data breach that causes you significant emotional distress. The following figures can be used as a rough guide to how much compensation you could receive as a result of different types of breaches.
Type of breach | Possible compensation amount |
Breach of a person’s name, date of birth, home address, and email address | £1,000-£1,500 |
Breach of medical records | £2,000-£5,000 |
Breach of financial information | £3,000-£7,000 |
Breach that leads to an illness or depression (medical evidence would be needed to support this alongside evidence to show any other losses e.g., earnings) | £25,700-£42,900 |
The amount of money that data breach claimants have received in compensation has increased over the years. Initial breaches of the Data Protection Act typically only won about £2,500 in damages related to the disclosure of personal information. However, as companies have been collecting more private data, more cases have been going to court and leading to more precedents being set.
The majority of data breach claims are settled outside of court, but the amount of money that is agreed on is normally informed by cases that are similar in nature.
Company | What happened? | Average claim amount |
Easyjet | A cyber-attack on Easyjet’s IT systems allowed hackers to access personal data of 9 million customers | £2,000 |
118 118 Money | Customer call recordings in which personal details could have been discussed were targeted by hackers | £1,500 |
Blackbaud | Cyber-attack stole sensitive information at software giant Blackbaud that affected other companies linked to them including National Trust | £2,000-£3,000 |
Bounty | Disclosed personal data of pregnant women and mums to third parties for marketing purposes, almost 35 million pieces of data revealed | £1,000 – £2,000 |
Bristol City Council | An email error by council employee saw identities of hundreds of families with disabled children shared without their consent | £2,000-£3,000 |
British Airways | A hack occurred in which 420,000 customers personal and financial details were stolen | Up to £6,000 |
Claire’s Accessories | A hack via malicious code that obtained customer information during online checkout | £3,000 – £5,000 |
Dixons | A hack that saw over 10 million customer records accessed by malicious software on tills in stores | £1,500 |
Equifax | Cyber criminals accessed Equifax systems in USA and stole personal information of 146 million people worldwide | £1,000 – £2,000 |
Equinti | Hundreds of annual benefit statements for Sussex police officers were sent to wrong addresses | £1,000 – £2,000 |
Hockley Medical Practice | Medical data of thousands of patients accessed by hackers | £3,000 |
Lloyds Pharmacy | Private medical documents were accidentally delivered by a courier company to a home in Scotland | £1,500 |
LOQBOX | Hit by a cyber-attack that allowed hackers to access personal data and in some cases payment card data | £4,000 |
Marriott | Cyber-attack occurred in 2014 but wasn’t discovered until 2018 affected 7 million guest records in UK | £2,500 |
National Trust | Breach originated at Blackbaud, but National Trust fundraisers and volunteers were affected as personal data exposed | £2,000-£3,000 |
OnePlus | Information hacked through online store; personal data accessed by cyber criminals | £1,500 – £2,000 |
T-Mobile | Breach affected over 1.2 million of prepaid customers, hackers accessed personal information | £1,500 – £2,000 |
TeamSport | Accidental release of hundreds of personal and financial details of former employees to an individual | £4,000 |
Ticketmaster | 40,000 customers personal and financial information stolen by cyber criminals | £5,000 |
A bug inside Twitter led to the private tweets of 88,726 users being made public | £1,000 | |
Virgin Media | An unsecured database meant personal information of existing and potential customers was accessed without permission | £5,000 |
Watford Community Housing | Error by staff member meant email was sent out with information about 3,545 tenants containing personal data | £2,000 |
Zoom | Targeted by a hack that led to around 500,000 user accounts appearing for sale on the dark web | £2,500 |
All compensation amounts are estimates/averages and are dependent on the degree to which the individual has been affected by the data breach.
Has any of the following ever happened to you? Read carefully as we don't want you to miss out
If any of the above apply to you, you should check for compensation online right away
Alternatively, give us a call free on 0333 444 0325 Lines open 9am - 5pm Mon to Fri
First, you’ll need to find out what kind of data has been affected, and what steps the organisation plans on taking to help you. If the association fails to repair the damage or to give you compensation for the damage done, then, you can reach out to Data Breach Claims.
Data Breach Claims will connect you with the kind of expertise the situation calls for. It’ll put you in contact with claims experts who will act as an intermediary between you and the company being claimed against.
You can also report your case to the ICO who will investigate the matter and potentially fine the organisation. They won’t give you compensation, but their findings and assertions will help the matter greatly.
If your data is breached, that means that your personal information has been accessed, altered, lost, destroyed, or shared with an unauthorised person without your consent. It’s basically a failure of the system that is intended to protect. That could happen to individuals, companies, or even the government itself.
If you suffer any damage whether it’s material, or emotional because of a data protection breach, then you have a right to make a claim for data protection breach compensation.
The General Data Protection Regulation (GDPR) describes a personal data breach as a violation of secure or confidential personal information by an unauthorised party. The personal data may be lost, misused, stolen, or destroyed. This covers both accidental and deliberate breaches of data.
An example of a personal data breach is when an unauthorised third party like a hacker gains access to your data. Another data breach example is the loss of availability or alteration of your personal data without permission.
Suppose you’ve been victim to a security violation, meaning your personal information has been violated, copied, stolen, destroyed, or transmitted by an organisation. You have the right to claim compensation for a data protection breach.
Under the GDPR, notifications are generated when the breach of personal information is believed to result in a high risk to the rights and freedoms of individuals. However, this process is optional and not mandatory. Therefore, not all data breaches need to be notified to the authorities.
Under the GDPR, there are some points to be included in the notification. When reporting a personal data breach, you must describe the nature of the breach, including, if possible, the categories and the approximate number of data subjects and data records concerned.
If there’s a data breach affecting your personal information, an organisation is obligated to inform both you and the ICO.
The organisation should clarify in plain language:
If you think that your personal information has been violated due to a data breach but haven’t been notified by the organisation involved, contact them straight away.
If you have been part of a data breach you might think that you can only claim compensation if you have suffered a financial loss, but this is not the case. For many people, a breach of their data can result in a significant level of emotional distress depending on what information was compromised. You are entitled to make a claim for data breach distress compensation even if you have not had any financial loss and we can help.
Our team can put you in touch with expert data breach solicitors who can investigate your claim and determine if it is worth pursuing. So, even if you think a breach you have experienced is not very serious it is still worth contacting us and checking as you could experience repercussions from it further down the line. You might not even know for sure that your data has been breached but if you suspect it has and are feeling stressed or anxious our experts can confirm whether or not you have been a victim of a breach.
When pursuing GDPR compensation for distress there are some key things to be aware of. These include:
In 2020 a member of staff made an error at Watford Community Housing Trust that led to the sharing of thousands of tenants sensitive personal data. The information was leaked in an email sent out to all tenants that was intended to inform them of changes in their services during the coronavirus pandemic. This was a serious error which, due to the nature of the company in providing housing, potentially to people in vulnerable situations, could have had significant repercussions for the residents.
For example, if a resident is part of the housing trust due to being placed in a witness protection programme or similar to avoid an abusive ex-partner, the leaking of their sensitive data could put them in danger. This is an extreme example, but it could have occurred and there would be a lot of stress and worry for the residents on that data being breached. Also, the tenants sexual orientation and religion were revealed which could lead to negative prejudice and mistreatment and again cause severe negative emotions and affect their day-to-day life.
During a hacking incident at Hockley Medical Practice the medical data of thousands of patients could have been accessed by cybercriminals. After the breach, some patients reported that they were contacted by fraudulent criminals through fake emails pretending to be the NHS attempting to gain more personal information with suspicious links. This in itself could cause distress for patients as if the emails looked legitimately from the NHS they may have thought something was wrong and followed the links.
Another concern if the cybercriminals had seen the patient’s medical records they could become aware of which patients were more vulnerable for further crimes such as a burglary of their home. There would be a lot of worry and anxiety when it comes to medical details being compromised, even if nothing does occur there is a chance that it could and someone you don’t know has seen your most sensitive information relating to your health which alone is extremely unsettling.
When making a claim for data breach distress compensation it can be more difficult to demonstrate than proving a financial loss where you can show what has been taken from your account. If your experience of distress from a data breach is serious and you want to make a claim some evidence that could help your chances of it being successful include, medical evidence such as doctors appointments and medication prescribed for sleeping or to reduce anxiety, a written note from your doctor, documented time off work and sick pay, and any other documentation that could show the impact the breach has had in your life.
Data breaches have become more and more frequent as companies regularly hold personal data about you. Having that data breached can be highly stress inducing and you should be able to hold the organisation accountable and claim the compensation you deserve. Contact us today and we will put you in touch with specialist data breach solicitors who can help validate and pursue your GDPR compensation for distress.
Data leaks happen when an organisation provides confidential information to an untrusted recipient. This includes any form of unapproved transmission of data to an external party, electronically or physically.
This criminal act, however, isn’t always intentional. In fact, just under a fifth of all data leak cases happen by accident. Examples include sending confidential information to the wrong email address and mishandling a file containing private info and carelessly placing it.
Essentially, any event that exposes private information in an unwanted or harmful way is considered a data leak. A few common examples are as follows:
The ICO is the Information Commissioner’s Office, a UK independent body of authority designated for protecting privacy rights and the implementation of data protection regulation.
The ICO offers filing complaints about data breaches by individuals and organisations. Your case is then assessed, and they get back to you with their judgement on whether a real violation of data protection regulation has been made or not.
The ICO investigates your claim and gives you credible evidence to present to the offender organisation for a compensation settlement. Their feedback on your case also poses as an official statement of the data breach to the court. This solidifies your compensation claim.
When filing a complaint to the ICO, according to the GDPR, you must submit the following:
Please note that it’s in the ICO’s ability to charge the offender organisation with a fine for the violation. Still, they don’t have the authority to provide you with legal advice or compensation.
Moreover, the ICO has the right to receive a commission to investigate your case upon your compensation receipt.
When something like that happens, it has the capacity to tarnish the image of the company. That’s because the word gets out quickly when it comes to data breaches. That’s especially the case if a large number of users has been affected.
A recent example is the infamous 2019 Dubsmash data breach, in which 163 million users’ data was stolen and sold on the dark web. In this case, the website was hacked, but there are other incidents wherein the business owner himself is the culprit.
That’s why a lot of companies try to settle the case out of court, so as to avoid bad publicity. That’ll happen as long as you have a strong case, of course. But how to know that?
These are the claims you file when you believe your data has been mishandled in some way. In this case, you could end up with sizeable GDPR compensation.
Courts haven’t reached a consensus yet about fixed amounts of compensation. There are many factors that go into determining the compensation. The only clue we have about the exact amount of compensations awarded is previous winning claims.
One of the factors the amount will depend on is how sensitive the information that has been breached. If it isn’t that sensitive, and you haven’t endured a financial loss, the compensation may be up to £2,000.
On the other hand, if it’s sensitive information that has been breached, the compensation will be up to £8,000 and sometimes greater, especially if it concerns particularly sensitive information like your medical data. However, these amounts are awarded if the breach wasn’t intentional, or haven’t caused substantial financial loss.
So, if the damage you’ve sustained is more severe, the amounts can sky-rocket to £30,000 and £50,000. Now, let’s give you a glimpse of what the first steps in your GDPR compensation pursuit might look like
Your initial action should be to protect the rest of your data to ensure no further data breach is made. The next step should be looking into how your data has been breached, then seeking help on your case for compensation.
Here are detailed steps you should take once you’re aware of the data breach.
If an organisation has failed to protect your data, you are entitled to claim compensation regardless of whether you have suffered any losses or not. We can make a claim on your behalf for anguish or anxiety caused by a data breach, but if you have suffered financial harm as a direct result of the breach, the amount of compensation you might be able to claim would likely be far greater.
We’ve seen multiple high-profile cases over the years. The results of these were enormous. Let’s talk about some of the biggest data breaches that have occurred:
Back in 2012, the popular social media platform, LinkedIn, was hit by a huge computer data breach. As if this wasn’t scandalous enough, LinkedIn, at the time, reported that 6.5 million accounts have been compromised. In 2016, however, the hackers admitted to breaching 167 million accounts, exposing their credentials.
While the hackers were caught and imprisoned, the data they stole still remains on the dark web; they had sold it to a Russian forum. As a result, LinkedIn advised its users to change their passwords if they haven’t already since 2012.
If you were active on social media between 2017 and 2018, you probably know how the video-messaging app, Dubsmash, was one of the hottest trends. Well, in 2018, a data breach compromised the data of 162 million Dubsmash users.
The hackers were able to get hold of users’ email addresses, usernames, dates of birth, and passwords, then sold them to Dream Market, a dark web market. Later, the information was sold to other websites.
Dubsmash hasn’t confirmed the number of the breached accounts or how the breach occurred, but it still advised users to change their passwords.
Dixons Carphone is a British electrical and telecommunications retailer. In 2018, it was hit by what would be announced as the biggest online data breach in the UK. The data breach affected 10.2 million customers and compromised their personal data.
As a result of this huge breach, Dixons Carphone was fined £500.000, which is the maximum fine for such cases.
The UK government has suffered from thousands of data breaches from August 2019 to July 2020, according to Freedom of Information (FOI) requests. The breaches hit several governmental institutions.
These institutions include the NHS Digital, where the data of 38 people, including employees and patients, was breached. The Driver and Vehicle Licensing Agency (DVLA) also presented 181 notifications of data breaches throughout that period.
If you have suffered loss or distress due to your data being compromised, the first thing you should do is contact the company you think is responsible if they have not already contacted you about a breach. You should outline what distress and/or loss you have experienced and how you expect to be compensated.
You can also take your concerns about how the organisation has stored and processed your data to the ICO. The ICO cannot give advice on the amount of compensation that should be due, even if they determine that the organisation did breach the GDPR. However, as previously mentioned its opinion can be very influential and useful in your claim against an organisation that has breached your data.
If you can’t reach an agreement with the organisation that breached your data regarding whether you are due compensation and the amount, you can make a claim through the small claims court. If you do opt to go down this route a good piece of evidence to take to the court is the ICO’s agreement with you that the GDPR was breached by that organisation.
We work on a No Win, No Fee basis, so this means that if your claim is not successful, you will not owe us a thing. Only in the event of a successful compensation claim would you be required to pay us a percentage of your settlement, so there is absolutely no risk involved in making a data breach claim.
When you contact us, we’ll put you in touch with an expert data breach solicitor who will be able to contact the company in question and use any information you have provides plus that available from the ICO to establish whether your data has indeed been breached.
It’s not just financial losses that are taken into consideration when it comes to data breach compensation. If an organisation has failed to securely store your data, your data breach solicitor can claim for any distress that has been caused to you as a result of the data breach.
If you’re determined on going to court, you should have legal support. At Data Breach Claims, we’ll help you determine whether you have a strong case or not. If it’s a yes, our team will introduce you to the best and most suitable solicitors and claims management companies for you.
The experts will give you solid legal advice and help present your claim to the court to guarantee you get the compensation that truly makes up for the hardships you had to go through.
If you've seen all that you need to see, we ask Why use us?
Free consultation
We offer a free consultation to anyone looking to make a data breach compensation claim
No win, no fee
If your case or cases have no financial payout to you, you don't pay a single penny
Data breach experts
We use dedicated data breach solicitors who have handled thousands of data breach claims
As featured in the national press
We only work with the highest rated solicitors
Useful links Click one to see more
Data Breach Compensation
Find out about data breaches and claim your compensation
Zynga Data Breach
Find out everything you need to know about the Zynga data breach
Dubsmash Data Breach
Find out everything you need to know about the Dubsmash data breach
Marriot Data Breach
Find out everything you need to know about the Marriott data breach
Police Federation Data Breach
Find out everything you need to know about the Police Federation data breach
Marriott Data Breach
Find out everything you need to know about the Marriott data breach
EasyJet Data Breach
Find out everything you need to know about the EasyJet data breach
British Airways Data Breach
Find out everything you need to know about the British Airways data breach
Guides & articles Click one to see more
Our collective has dealt with over 14,000 data breach cases
Check free if you're owed an average £4,000 refund
Start My FREE Data Breach Claim 100% Safe & secure, no win no fee checkFull list of companies that were found guilty of data breach and you could be owed thousands from in compensation