Guides & articles What data breach risks do social media platforms pose?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.
What data breach risks do social media platforms pose?

There has been an increase in recent years in social media users’ concern about their privacy. Data breach incidents have alarmed many users and encouraged them to rethink not only their relationship with social media but also the security of their personal information. The many examples of data breaches that are tied to social media have steadily corroded public trust and led to a lot of users questioning whether they have lost control over their own data.

A recent study revealed that 80% of social media users are concerned about businesses and advertisers accessing and using their social media posts and details. Growing privacy concerns have prompted advocacy for tighter regulations and have made companies responsible for safeguarding personal data under more scrutiny.


What are the possible threats and risks to privacy on social media?

Cyber criminals are well versed in tricking social media users to hand over their sensitive information, stealing personal data, and gaining unauthorised access to users’ private accounts. Some typical threats that can be a risk to social media users are:

Data Mining

Everyone leaves a data trail behind them on the internet. Each time a person creates a social media account they provide their personal details which can include their name, date of birth, geographical location, and interests. Also, companies actively collect data on user behaviours i.e., when, where, and how users interact with their platform. This data is then stored and leveraged to better target advertising to their users. In some cases, companies will share their users’ data with third party entities, often this is done without the users knowledge or permission.

Phishing Attacks

Phishing is one of the most common ways for criminals to get sensitive information from you. Typically, they will contact you by an email, text message, or phone call and present themselves as a legitimate organisation. They then trick you into sending your personal data to them, including passwords, bank details, and credit card information. Phishing attacks can often pose as social media platforms. An example of this is in August 2019, a huge phishing attack targeted Instagram users by pretending to be a two-factor authentication system and pushed users to log in to a false Instagram page.

Malware Sharing

Malware is designed to gain access to computers and the data they contain and will be used to steal sensitive information, extort money, or profit from forced advertising once it has infiltrated the system. Social media platforms are an ideal delivery system for malware distributors. As soon as an account has been compromised, cybercriminals can take over and distribute malware to all of the user’s friends and contacts on the social media platform.

Bot Attacks

Social media bots are automatic accounts that create posts or follow new people whenever a specific term is mentioned. A large group of bots can form a network called a botnet. Bots and botnets are prevalent on social media platforms and are used to steal data, send spam, and launch DDoS (distributed denial of service) attacks that will allow hackers to gain access to people’s devices and networks.  


How can you protect your data on social media?

Millions of people around the world use social media everyday and with that there will always be the risk of your personal information falling into the wrong hands. However, there are things you can do to mitigate the risk of this happening as much as possible.

1) Close down accounts you don’t need and don’t open new accounts unless it is completely necessary

If you find yourself not using a social network, consider deleting both the account and the application from your devices, so there is no chance of any inadvertent data sharing: social media networks could in theory access all information and activity on your phone. Also, try to limit the number of social media networks you use so that your data isn’t spread out all over the internet.

2) Know your friends

On certain social networks like Twitter this is difficult, on Facebook, however, make sure you are only friends with people you know and trust and regularly review your friends list to limit who sees what you’re sharing.


3) Pay attention to your privacy settings

In the past privacy settings on social media have been lacking and difficult to navigate but companies like Facebook have slowly been making it easier to limit who sees your personal data to trusted friends, and Twitter and Instagram as well as other platforms give you the option to limit who can see your posts and who can follow you. You should also check your privacy settings regularly as there have been incidents of them suddenly and inexplicably changing.


4) Share as few identifying details about yourself as possible

Professionals like to use their name and place of employment to build a reputation on LinkedIn and other social platforms but if you can avoid doing this you should. Cybercriminals can guess your work email address or even your personal one with this information and launch targeted phishing attacks that will seem all the more credible with a description of your job that you likely provide on your profile. You should always make sure that your privacy settings are at a level that you feel comfortable with and only connect with people you have a professional relationship with.


5) Don’t use your social profiles to log into other websites

Even though it might be more convenient to click the “log in with Facebook” option instead of creating a new account, this exposes you to possible security risks that become more serious when you consider that every time you share your data across platforms you are pooling more and more into a single location. Be mindful that all of the Facebook data and any other data you have shared on other accounts using your Facebook credentials may be accessed by cybercriminals if the third-party site is hacked.


Social media platforms are a popular and common way to stay up to date with friends and family, but they do pose risks when it comes to data breach. Therefore, it is important to be aware of the risks and what you can do to minimise them as much as possible, so you can enjoy social media in the safest way possible. 

Guides & articles How Can You Protect Yourself From Further Harm Following a Data Breach?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.

Being a victim of a data breach can often mean you are more vulnerable to fraudulent attacks by cybercriminals. However, if your personal data has been compromised in a breach there are things you can do to protect yourself from further incidents. Knowing the steps to take when you have been part of a breach could mean you don’t have to face any further repercussions or stress after already having your information taken.

Protecting your finances

If you know your financial details have been accessed during a data breach the first thing you should do is contact your bank and or credit card provider. Alerting them to the situation will mean you can stop your transactions and possibly change your details quickly and easily should there be any purchases made with your details.

This leads into the next step you should take, checking all your bills and emails for goods or services you know you have not ordered and check your bank account for unfamiliar transactions. Naturally, if you do see any transactions or orders you don’t recognise you should contact your bank or credit card provider straight away.

It is also important to keep an eye on your credit score, as if a cybercriminal takes out credit in your name without you noticing another way, there could be a noticeable dip in your credit score. You can contact credit reference agencies like Experian or Equifax to check credit has not been taken out in your name that wasn’t you.

Extracting further financial information can be a significant threat when it comes to the aftermath of a data breach, so it is important to know what to look out for to avoid them. You should never provide your PIN, full password, or any other information that someone asks you for, even if they claim to be from your bank. Also, you shouldn’t feel pressured into moving money into another account for fraud reasons.

Your real bank would not ask you for these details or complete a transaction of this nature. It is vital that you don’t reveal any personal details until you have confirmed the person’s true identity and they are from the company they say they are.

Phishing attacks and further attempts to get your information

Even if your financial details were not accessed during the data breach, criminals can use the personal information they do have to try and pose as a company you know to get more information from you to potentially commit fraud. Below are some steps and key points to keep in mind when your data has been breached.

  •       If the organisation that breached your data provides security instructions you should follow them
  •       Don’t click on any links or downloads from emails or text messages that look suspicious, and you don’t know
  •       Delete any old accounts that you don’t use anymore to limit your data exposure
  •       Never assume an email or phone call is authentic just because the person has your contact details
  •       Stay alert and be careful who you trust, criminals can often use scare tactics in an attempt to trick you into revealing your security details
  •       Even if you recognise a name or number from someone contacting you it might not be genuine
  •       Don’t feel rushed or pressured into a making a decision, a trustworthy organisation would not force you to make a financial transaction straight away
  •       Trust you gut instincts and question anything that does not feel right to you
  •       Contact your bank on a number you know and trust to check if a communication was genuine
  •       Be cautious of communications that refer you to a web page asking you to input personal data
  •       Review your online privacy and security settings


Secure data protection practices to prevent further threats

There are ways in which you can keep your data more secure following a data breach to stop the situation escalating and more threats of cyber attacks being able to occur. These include:

  •       Changing your passwords regularly and using a strong, different password for every account (a password manager can you help with this)
  •       Keeping your internet security software up to date to protect your devices
  •       Registering with the Cifas protective registration service to slow down credit applications that could have been made in your name


If you think your data has been involved in a breach and you want to make a claim for compensation contact us today. We can put you in touch with expert solicitors that can confirm whether you have a valid claim that is worth pursuing. Even if the breach has not led to any direct financial losses you are still entitled to make a claim for any distress having your data breached has caused you. 

Guides & articles Can I sue for data protection breach?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.
can I sue for data protection breach?

The short answer to this question is yes. The GDPR was introduced in May 2018 to ensure personal data is not misused, destroyed, disclosed, or lost. So, if you think your data has been treated in this way and not fully protected you have the right to sue a company and receive compensation for the data breach.


Data breach compensation

Under GDPR law if a company that is holding your data suffers a data breach, you could be entitled to claim data breach compensation if you have experienced some form of a loss as a result. Or if you have suffered with mental health symptoms like anxiety or emotional distress because of your data being breached.

It can be difficult to know if your personal data has been breached sometimes as every situation is different. You will know it is a data breach if your personal data is lost, destroyed, accessed, or disclosed in an unauthorised way whether that is deliberate or by accident by someone inside or outside the organisation. Data breaches can involve:

  •       Personal health information
  •       Medical documents
  •       Social services documents
  •       Financial information
  •       Sensitive, protected, or confidential information


Who can you claim against for a breach of data protection?

You can make a claim for a data breach against an individual or an organisation either in the public sector, private sector, or charitable sector. In some cases, there can be more than one defendant. Usually, GDPR claims and data breach claims are settled out of court, but each situation is different.


How much can you claim in data breach compensation?

The amount of compensation you can get will depend on the type of data breach and how it has impacted your life both financially and mentally. The law in this area is currently under development and the courts are yet to provide any specific guidelines on what will be awarded to data breach claimants. However, damages awarded in employment discrimination cases can offer some guidance on the subject and is divided into three bands.

  •       £900-£8,600 for less serious cases where the incident was just a one off, for example:

        Disclosure of an individual’s name, date of birth, home address, and email address, £1,000-£1,500

        Disclosure of information linked to a medical data breach, £2,000-£5,000

        Disclosure of financial information, £3,000-£7,000 depending on the effect of the breach


  •       £8,600-£25,700 for a breach that is more serious than the first band.
  •       £25,700-£42,900 if there has been a protected pattern of default, which has caused depression or other illnesses. Medical evidence would be required to support this alongside evidence to back up any other losses such as earnings.


What happens if the organisation doesn’t pay the compensation?

If you have a strong case against an organisation for a data protection breach and they are refusing to pay the compensation you next step would be to make a claim in court. The court would decide your case and if it agreed with you it would decide whether or not and how much if applicable it would have to pay you in compensation. It is strongly recommended that you take independent legal advice on the strength of your case prior to taking any claim to court. We can help put you in contact with experienced data breach solicitors who can discuss with you whether your case is worth pursuing. Get in touch with us today to find out more.


Who should you inform of a possible data breach?

Data breach cases are not always straightforward and can require a bit more digging to get all the key details. If you suspect a data breach has occurred it is recommended that you contact the Information Commissioner’s Office (ICO), the UK’s data protection regulator and supervisory authority for GDPR compliance. The ICO can investigate the incident and determine if an organisation is at fault for the breach. This can be quite a slow process, but it can lead to an increased chance of a successful compensation claim. The ICO does not award compensation, to get compensation you need to make a claim against the organisation who breached your data.

However, a significant fine or a factual report from the ICO that the organisation in question is responsible for the data breach will be extremely valuable in your claim. You are not required to contact the ICO or wait for its investigation to end before you make a claim, you can bring a case against a company directly without involvement from the ICO. It will be more beneficial however to go through the ICO first to help strengthen your case.


What should you do if you are notified that your data has been breached?

  •       Change your passwords

If your data has been breached and you use similar log in information like usernames and passwords for other websites or online accounts, you should change those details straight away.

  •       Keep an eye on your bank accounts and credit report

You might want to watch your bank accounts and other online accounts closely over the next few months, particularly if you think or know that the breach involved financial details or other details the hacker could use to commit identity fraud. If you see anything unusual you should contact your bank immediately and explain that you have been a victim of fraud. Also, it is important to check your credit report to ensure credit isn’t taken out in your name.

  •       Be aware of scams

If you are contacted over the phone asking for personal details or passwords you should take steps to check their true identity. Ask them to give you details that only the company they claim to be calling from would know. For example, details of your service contract or how much you pay per month. Keep in mind that scammers could have access to more of your personal information than seems normal. So, if you are suspicious of the caller, hang up the phone, look up the company’s phone number, and ring them for yourself.

Check free if you're owed an average £4,000 refund

Start My FREE Data Breach Claim 100% Safe & secure, no win no fee check