Charity Data Breach Claims

Charities do a lot of good, but the sector is failing to meet its data monitoring, reporting and training obligations.

If you have been the victim of a charity data breach, we can help.

Get justice for a charity data breach violation


Charities hold a lot of sensitive data. Often on the vulnerable people they support and protect. So it is vital that this information doesn’t fall into the wrong hands or be misused in any way.

However, all too often, charities either aren’t are aware of their obligations or haven’t done enough to ensure that they meet them.

Many people donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data.

Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often charities and organisations are insured against data breaches, so you don’t have to worry about the impact of the good work you support.


Contact us today for a free, no-obligation, assessment of your case.

Our current charity actions



In 2020, over 100 educational and third-sector organisations were put at risk following a breach of the Blackbaud cloud platform. Blackbaud – a firm that provides administration, fundraising, and financial management software – was targeted by cybercriminals in a devastating cyber-attack. The hackers demanded a ransom in exchange for deleting the data, which Blackbaud paid.

Read More »
National Trust Data Breach

National Trust

The National Trust has issued a data breach alert after a cyberattack on cloud computing company Blackbaud. Blackbaud provides software to the National Trust. The National Trust confirmed that data about its volunteering and fundraising communities has been compromised. Its 5.6 million members are not though to be at risk.

Read More »

Why claim charity data breach compensation?

Hold the charity to account for failing to protect your private information.


Receive financial compensation for your losses.


Force the sector to implement better data security.

Examples of charity data breaches

The ICO has investigated the following charity data breaches. If the ICO finds an organisation guilty of data protection offences, it can issue financial penalties and prosecutions.

Charity donor data breaches

What are charities not allowed to when it comes to donors?
  • Rank people based on their wealth. This involves hiring companies to find the wealthiest donors. It may also include identifying who is most likely to leave money to the charity in their wills (legacy profiling).
  • Collect information about people that they didn’t give them. You have a right to choose what personal information you provide, and what you don’t
  • Share personal data with other charities. Charities often exchange donor information, but they can’t do this without your explicit consent. They must also provide details of who exactly they are sharing information with, and why.

If you are a donor, and you believe that a charity has not been handling your data correctly, you can report your concerns to the Fundraising Regulator.

Keller Lenkner UK can help you to claim compensation against charities and voluntary organisations that have failed in their data protection responsibilities.

Why use Keller Lenkner UK to make a data breach, GDPR violation, or cybercrime claim?


Your questions answered

See our answers to the FAQs we get asked about charity data breaches.

Latest news

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.


GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.