Guides & articles How Can You Protect Yourself From Further Harm Following a Data Breach?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.

Being a victim of a data breach can often mean you are more vulnerable to fraudulent attacks by cybercriminals. However, if your personal data has been compromised in a breach there are things you can do to protect yourself from further incidents. Knowing the steps to take when you have been part of a breach could mean you don’t have to face any further repercussions or stress after already having your information taken.

Protecting your finances

If you know your financial details have been accessed during a data breach the first thing you should do is contact your bank and or credit card provider. Alerting them to the situation will mean you can stop your transactions and possibly change your details quickly and easily should there be any purchases made with your details.

This leads into the next step you should take, checking all your bills and emails for goods or services you know you have not ordered and check your bank account for unfamiliar transactions. Naturally, if you do see any transactions or orders you don’t recognise you should contact your bank or credit card provider straight away.

It is also important to keep an eye on your credit score, as if a cybercriminal takes out credit in your name without you noticing another way, there could be a noticeable dip in your credit score. You can contact credit reference agencies like Experian or Equifax to check credit has not been taken out in your name that wasn’t you.

Extracting further financial information can be a significant threat when it comes to the aftermath of a data breach, so it is important to know what to look out for to avoid them. You should never provide your PIN, full password, or any other information that someone asks you for, even if they claim to be from your bank. Also, you shouldn’t feel pressured into moving money into another account for fraud reasons.

Your real bank would not ask you for these details or complete a transaction of this nature. It is vital that you don’t reveal any personal details until you have confirmed the person’s true identity and they are from the company they say they are.

Phishing attacks and further attempts to get your information

Even if your financial details were not accessed during the data breach, criminals can use the personal information they do have to try and pose as a company you know to get more information from you to potentially commit fraud. Below are some steps and key points to keep in mind when your data has been breached.

  •       If the organisation that breached your data provides security instructions you should follow them
  •       Don’t click on any links or downloads from emails or text messages that look suspicious, and you don’t know
  •       Delete any old accounts that you don’t use anymore to limit your data exposure
  •       Never assume an email or phone call is authentic just because the person has your contact details
  •       Stay alert and be careful who you trust, criminals can often use scare tactics in an attempt to trick you into revealing your security details
  •       Even if you recognise a name or number from someone contacting you it might not be genuine
  •       Don’t feel rushed or pressured into a making a decision, a trustworthy organisation would not force you to make a financial transaction straight away
  •       Trust you gut instincts and question anything that does not feel right to you
  •       Contact your bank on a number you know and trust to check if a communication was genuine
  •       Be cautious of communications that refer you to a web page asking you to input personal data
  •       Review your online privacy and security settings


Secure data protection practices to prevent further threats

There are ways in which you can keep your data more secure following a data breach to stop the situation escalating and more threats of cyber attacks being able to occur. These include:

  •       Changing your passwords regularly and using a strong, different password for every account (a password manager can you help with this)
  •       Keeping your internet security software up to date to protect your devices
  •       Registering with the Cifas protective registration service to slow down credit applications that could have been made in your name


If you think your data has been involved in a breach and you want to make a claim for compensation contact us today. We can put you in touch with expert solicitors that can confirm whether you have a valid claim that is worth pursuing. Even if the breach has not led to any direct financial losses you are still entitled to make a claim for any distress having your data breached has caused you. 

Guides & articles How much is the average claim for a breach of the data protection act?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.

If you are the victim of a personal data breach in the UK you should be entitled to financial compensation, not only for any financial losses you incur but also for the emotional distress you experience. The exact amount of data breach compensation you are entitled to will depend on a range of factors. Below is an estimation of compensation amounts based on previous data breach claim awards.

  •       From £750 to £2,000- for a low-risk data breach where the information accessed was not sensitive and no financial harm was suffered, the compensation is for distress.
  •       From £3,000 to £8,000- where sensitive information was compromised (medical or financial data breach) but the breach has not caused severe losses or has not been intentional.

The courts have not yet decided on exact compensation brackets. In some cases where sensitive information was leaked, a celebrity was involved, or the data breach had a significant effect on the person, the courts upon careful assessment of the data breach damages can award greater pay-outs which can reach £30,000-£50,000. 

What personal information is protected under the DPA?

Personal data has a broad definition under the DPA to effectively deal with different types of data that can directly or indirectly reference or identify an individual and such information should be protected from unauthorised disclosures, leaks, or breaches.

What about sensitive personal information?

According to the DPA sensitive personal information includes data relating to:

  •       Biometrics, e.g., fingerprints, voice recognition, face recognition, eye scan etc
  •       Physical or mental health
  •       Ethnicity and race
  •       Religious beliefs
  •       Political preferences and opinions
  •       Trade union membership
  •       Genetic information
  •       Sexual orientation and activities
  •       Criminal offences or history

How much can you claim for a sensitive information data breach?

In situations where banks have been hacked, bank details were leaked, or credit card information was compromised, the bank will usually notify customers and freeze the account or card then issue a new one alongside credit score monitoring. That does not necessarily mean you will experience any financial loss, discrimination or distress in the future which happens to roughly 30% of data breach victims according to recent surveys.

Medical and health data breaches are also considered to be serious data breaches of sensitive information that equally have a significant and lasting impact on personal or professional life, to a similar extent of a financial breach. If your sensitive data was breached you could be entitled to:

  •       Medical data breach– £3,000-£5,000
  •       Bank or financial breach- £3,000-£7,000
  •       Any of the above with evidence proven severe impact- £8,000- £30,000

Don’t ignore even small data breaches

If you are in doubt about whether your information has been breached you should always double check and not ignore the situation. Ignoring even a small personal data breach could not only mean you will miss out on compensation you are entitled to, but it can also lead to serious effects to your life further in the future. Recent surveys have shown that one in three people who had their personal data leaked had later experienced one of the following.

  •       Identity theft or other fraudulent activity
  •       Financial loss or bad credit
  •       Discrimination on different grounds
  •       Damage to their reputation
  •       Inconvenience, economic or social distress
  •       Loss of confidentiality and trust in businesses in the future with their data


Any breach of your personal data is important as organisations should have sufficient security systems and processes in place to ensure all information is protected and it is their failure when data is breached. Contact us today and we will put you in touch with expert data breach solicitors who can help you get started on your claim and get the compensation you deserve.

Guides & articles Can I sue for data protection breach?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.
can I sue for data protection breach?

The short answer to this question is yes. The GDPR was introduced in May 2018 to ensure personal data is not misused, destroyed, disclosed, or lost. So, if you think your data has been treated in this way and not fully protected you have the right to sue a company and receive compensation for the data breach.


Data breach compensation

Under GDPR law if a company that is holding your data suffers a data breach, you could be entitled to claim data breach compensation if you have experienced some form of a loss as a result. Or if you have suffered with mental health symptoms like anxiety or emotional distress because of your data being breached.

It can be difficult to know if your personal data has been breached sometimes as every situation is different. You will know it is a data breach if your personal data is lost, destroyed, accessed, or disclosed in an unauthorised way whether that is deliberate or by accident by someone inside or outside the organisation. Data breaches can involve:

  •       Personal health information
  •       Medical documents
  •       Social services documents
  •       Financial information
  •       Sensitive, protected, or confidential information


Who can you claim against for a breach of data protection?

You can make a claim for a data breach against an individual or an organisation either in the public sector, private sector, or charitable sector. In some cases, there can be more than one defendant. Usually, GDPR claims and data breach claims are settled out of court, but each situation is different.


How much can you claim in data breach compensation?

The amount of compensation you can get will depend on the type of data breach and how it has impacted your life both financially and mentally. The law in this area is currently under development and the courts are yet to provide any specific guidelines on what will be awarded to data breach claimants. However, damages awarded in employment discrimination cases can offer some guidance on the subject and is divided into three bands.

  •       £900-£8,600 for less serious cases where the incident was just a one off, for example:

        Disclosure of an individual’s name, date of birth, home address, and email address, £1,000-£1,500

        Disclosure of information linked to a medical data breach, £2,000-£5,000

        Disclosure of financial information, £3,000-£7,000 depending on the effect of the breach


  •       £8,600-£25,700 for a breach that is more serious than the first band.
  •       £25,700-£42,900 if there has been a protected pattern of default, which has caused depression or other illnesses. Medical evidence would be required to support this alongside evidence to back up any other losses such as earnings.


What happens if the organisation doesn’t pay the compensation?

If you have a strong case against an organisation for a data protection breach and they are refusing to pay the compensation you next step would be to make a claim in court. The court would decide your case and if it agreed with you it would decide whether or not and how much if applicable it would have to pay you in compensation. It is strongly recommended that you take independent legal advice on the strength of your case prior to taking any claim to court. We can help put you in contact with experienced data breach solicitors who can discuss with you whether your case is worth pursuing. Get in touch with us today to find out more.


Who should you inform of a possible data breach?

Data breach cases are not always straightforward and can require a bit more digging to get all the key details. If you suspect a data breach has occurred it is recommended that you contact the Information Commissioner’s Office (ICO), the UK’s data protection regulator and supervisory authority for GDPR compliance. The ICO can investigate the incident and determine if an organisation is at fault for the breach. This can be quite a slow process, but it can lead to an increased chance of a successful compensation claim. The ICO does not award compensation, to get compensation you need to make a claim against the organisation who breached your data.

However, a significant fine or a factual report from the ICO that the organisation in question is responsible for the data breach will be extremely valuable in your claim. You are not required to contact the ICO or wait for its investigation to end before you make a claim, you can bring a case against a company directly without involvement from the ICO. It will be more beneficial however to go through the ICO first to help strengthen your case.


What should you do if you are notified that your data has been breached?

  •       Change your passwords

If your data has been breached and you use similar log in information like usernames and passwords for other websites or online accounts, you should change those details straight away.

  •       Keep an eye on your bank accounts and credit report

You might want to watch your bank accounts and other online accounts closely over the next few months, particularly if you think or know that the breach involved financial details or other details the hacker could use to commit identity fraud. If you see anything unusual you should contact your bank immediately and explain that you have been a victim of fraud. Also, it is important to check your credit report to ensure credit isn’t taken out in your name.

  •       Be aware of scams

If you are contacted over the phone asking for personal details or passwords you should take steps to check their true identity. Ask them to give you details that only the company they claim to be calling from would know. For example, details of your service contract or how much you pay per month. Keep in mind that scammers could have access to more of your personal information than seems normal. So, if you are suspicious of the caller, hang up the phone, look up the company’s phone number, and ring them for yourself.

Check free if you're owed an average £4,000 refund

Start My FREE Data Breach Claim 100% Safe & secure, no win no fee check