A guide to making a Group Action claim 

Find out more about making a group action claim
with Keller Lenkner UK – Expert Data Breach Lawyers.

Group action data breach claims

If an organisation fails to protect your personal data as it is legally required to do, you have a right to claim compensation. However, where the privacy violation affects multiple people, you won’t be the only person making a claim. In such circumstances, it is often worth joining a data breach group action.

In this quick guide, you’ll find out:

  • What a group action is
  • The benefits of group actions
  • The process for making a group action
  • What a group action costs
  • And more!

What is a group action data breach claim? 

A group action claim arises when people – sometimes even thousands or millions of people – have been affected by the same data breach. A group action can be initiated even if the victims of the offence have experienced different levels of harm (e.g. if some people had their email addresses stolen, while others had their credit card details compromised).

Group action cases are sometimes called class actions, collective redress actions, multi-claimant or multi-party actions.

With a group action, the people affected by the breach (the claimants) collectively seek compensation from the defendant – either through settlement or an award in the High Court of Justice.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have all had their email addresses stolen.

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Keller Lenkner UK’s data breach solicitors will be appointed as the representative in many future actions.

In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group.

The benefits of group actions

Group action claims are becoming far more common in the UK. Here are just some of the reasons why:

Who can make a group action claim?


Anyone who has suffered damage, distress, or a loss of privacy caused by an organisation breaching any part of the Data Protection Act can join a group action claim.

At Keller Lenkner UK, our data breach solicitors regularly launch group actions to take on corporate giants and large organisations who have failed to meet their data protection responsibilities.


Our Group Actions

Man walking through hotel lobby with suitcase and looking at his phone

Chedi Hotel

Guests at the Chedi Muscat are at risk following a ransomware attack
You might not know that you are affected. But if you are, you could be due compensation.

Read More »


The Dixons Carphone Warehouse data breach resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores.

Read More »
Easyjet data breach


In 2020, EasyJet admitted that, as well as the personal details of nine million customers, over 2,000 passengers had their credit card details accessed by hackers.

Read More »


In 2017, poor security processes at Equifax led to a huge data breach. The ICO has since fined Equifax £500,000 and people who have been affected by the breach can register to make a compensation claim.

Read More »


In August 2019, over 750 annual benefit statements were sent to the wrong postal addresses. These statements were for police officers of Sussex Police.
Equiniti, a company that provides support, communications and technology platforms to help manage company pensions, was responsible for distributing these statements.

Read More »


In January 2021, London-based estate agent Foxtons discovered that it had experienced a huge data breach. But, despite an investigation finding 16,000 card details, addresses and correspondence related to this breach on the dark web, Foxtons did not tell its customers that criminals had accessed and exposed their data.

Read More »

Greater Manchester Police

The personal details of victims of crime in Greater Manchester have been put online by mistake.

The data breach affects victims of sexual abuse, witnesses and people reporting crime. According to the Force, no informant details were breached.

Thousands of people are thought to be affected.

Read More »

Hackney Council

Hackney Council was sit by a serious cyberattack that affected most of its services. If you think you may have lost data in this incident, contact Keller Lenkner and we will help you to investigate that loss.

Read More »

Hammersmith Medicines Research

The Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR) – a company which performs early clinical trials of drugs and vaccines. The criminal group had previously promised not to attack medical organisations during the coronavirus outbreak.

Read More »

Labour Party

The Labour Party has experienced a data breach. Keller Lenkner UK can help victims to claim compensation for this data protection failure.

Read More »


LinkedIn has suffered a massive data breach affecting 700 million people. In total, 92% of LinkedIn users are reportedly affected by this breach. The stolen data includes salary information.

Read More »


Fintech startup LOQBOX – a company that helps people to improve their credit ratings – suffered a cyber-attack in February 2020. As well as personal data, some financial information was also breached.

Read More »

National Trust

The National Trust has issued a data breach alert after a cyberattack on cloud computing company Blackbaud. Blackbaud provides software to the National Trust. The National Trust confirmed that data about its volunteering and fundraising communities has been compromised. Its 5.6 million members are not though to be at risk.

Read More »

Police Federation

In 2019, The Police Federation of England and Wales (PFEW) suffered a severe data breach following a ransomware cyber-attack hit the PFEW headquarters. Around 120,000 current and former officers are affected.

Read More »

Simplify Group

Home movers across the UK were left unable to exchange, complete or move home due to a severe cyber failure. The incident happened when Simplify Group, a company that provides conveyancing services to several leading agencies, experienced a ‘major security breach’.

Read More »

Special Forces

In June 2021 it was revealed that over 100 special forces troops were publicly identified in an email security breach. Given that the names of those in special forces units are strictly protected, this is a severe breach that could have serious repercussions on UK intelligence and those whose data has been revealed.

Read More »


In November 2019, T-Mobile suffered a severe data breach. Over a million pre-paid customers are believed to be affected. T-Mobile was very unforthcoming about the data hack and did not provide additional information at the time of the breach.

Read More »


In June 2018, Ticketmaster admitted to a huge data breach. The breach happened after a supplier to Ticketmaster was infected with malicious software while having access to the Ticketmaster website. The Ticketmaster data breach affects up to 40,000 people.

Read More »

Transform Hospital Group

In December 2020, UK cosmetic surgery provider Transform Hospital Group Ltd., also known as The Hospital Group, admitted that it had been hit by a ransomware data security attack. This incident resulted in the theft of extremely sensitive customer data.

Read More »

The process for making a data breach group action claim

Inform the ICO
You have the right to ask the ICO to assess an organisation if you think it is guilty of a data protection breach. You can then use any evidence the ICO uncovers to support a data breach compensation claim.
Contact Keller Lenkner UK
At Keller Lenkner UK, our initial consultation is always free. We’ll talk through what’s happened to you, advise you on whether you have a winnable case, and go through your options without charging you a penny.
We’ll start the claims process
Once we have established that your data has been breached, the extent of the breach, and whether other people have also been affected, we’ll confirm if we can take on your case on a no-win, no-fee basis. We’ll then investigate your case, gather together the relevant paperwork and evidence, and make sure all the necessary court forms are filled in on time.
We will try to reach a settlement
Before taking your claim to court, the judge will want to know what steps you have taken to settle the claim. So, we’ll write to the offending company offering a settlement.
We will progress to court
If the other party does not agree to our terms, and we fail to reach an agreement, we will write to tell them that we intend to take the matter to court. In many cases, especially where the ICO has already fined the company, this threat is taken seriously. So there is usually a willingness to pay a reduced amount rather than face larger costs and bad publicity.

What does a group action cost?

At Keller Lenkner UK, our data breach solicitors believe that data privacy rights should be protected. And that everyone should be able to claim if they have been let down. Cost should not be a barrier to justice. That’s why we offer no-win, no-fee agreements to help our clients.

No-win, no-fee means that, if your claim is not successful, you won’t have to pay a penny towards your case. There are no hidden charges or other administration fees. Before appointing any data breach solicitor, you must ask how much you will pay if you don’t win your case.

If your claim is successful, you usually have to contribute towards your solicitor’s costs. This is called a ‘success fee’. It is taken from the compensation awarded to you, and it can be much higher than you expected.

At Keller Lenkner UK, our fees are reasonable and we always explain what you will have to pay if you win up-front. There are no hidden charges or other administration fees. We always make sure you are fully informed about any potential costs before we proceed.

Does everyone in a group action claim get the same amount of compensation?


No. Just because your case is part of a group action doesn’t mean that you will receive the same amount of compensation as everyone else.

All claims within a group action are settled based on their merits, and, as with any case, the value of your claim depends on the extent of your suffering. So if your claim is successful, you will receive what you are owed.

What can you claim for?


While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach or cybercrime:

Financial losses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts


Cybercrime can have a significant impact on you, both mentally and physically. It can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy.

Because we understand that the full impact of a data breach is often not felt until months after the initial violation, we take a long-term view when it comes to claiming compensation on your behalf.

There are no guidelines about how much compensation you can be awarded for a claim under the Data Protection Act. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.

There is strength in our numbers


Keller Lenkner UK Limited is a formidable multi-claimant law firm. Combining technical expertise with experience in handling large volume cases, we represent our clients with passion, experience and diligence.

Having opened a new data breach division in 2020, Keller Lenkner UK is also gaining an enviable reputation in data breach law. And, with a team of data protection experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor – and considerable multi-claimant expertise, it’s easy to see why.

We have offices in Chancery Lane, London and Liverpool City Centre, and the technology to provide a nationwide service.

The Keller Lenkner name is synonymous with negotiating power. What’s more, our directors have proven experience in the US. This means that our data breach lawyers are backed by global expertise. This is advantageous when it comes to taking on big players and complicated group actions.

Other firms might claim to be data protection experts, but it takes more than an understanding of the law to succeed. At Keller Lenkner UK our team of data breach lawyers has the passion, skill, persistence and resources to fight your corner and win.

FAQs about group actions

Can I join a Keller Lenkner UK data breach group action if I am unhappy with my current solicitor?
We are often contacted by people who have signed up to a group action with another firm, but who want to join our group instead. If you want to use a different/more experienced solicitor, please contact us. It is easy to make the switch.

Latest Group Action News

The emotional impact of the PFEW data breach should not be underestimated

The emotional impact of the PFEW data breach should not be underestimated. We all know the impact that theft can have on a person. Following a burglary, people often feel shock, anger, fear, helplessness, and panic. These feelings might develop immediately or be experienced much later. Cybercriminals are committing theft when they steal personal data, so it is understandable that some people feel upset; particularly as the PFEW effectively gave the burglar the keys.

Read More »


Contact us today for a free initial assessment of your case. Our expert, friendly team will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.