Data Breach Compensation Claims

Keller Lenkner UK helps people make successful data breach claims after the theft, loss, or misuse of their personal information. It is important that people can claim data breach compensation as being the victim of a data privacy violation can result fraud, distress, and/or embarrassment.

What is a data breach?

Many high-profile data breaches happen when cybercriminals hack and access an organisations’ systems. But this is not always the case.


A cyberattack happens when criminals illegally access an organisation’s data, for example, by hacking or ransomware. Finding out that criminals have stolen your data can be extremely distressing. Furthermore, following a cyberattack, stolen data is often found for sale on the dark web, so different criminals might try to use your data to commit further crimes against you.

The British Airways, Ticketmaster, and Equifax data breaches (amongst others) all happened because of a cyberattack.

Human error

Cybercrime might be big news, but in most instances, data breaches are the result of human error rather than criminal activity. And, for those involved, the experience can be devastating.

The Equiniti, Greater Manchester Police and TeamSport data breaches (amongst others) all happened because of human error.

Regardless of the cause of the data breach – be it human error or cybercrime – in almost all cases, poor information security and inadequate or out-of-date processes made the data breach possible.

What can you claim data breach compensation for?

Each data breach case is different, and as your data protection lawyers, we always look at the full, and possible long-term impact of a breach when compiling your claim. However, there are some things we always look for when claiming data breach compensation.

Financial loss

Psychological distress

Loss of privacy

With your stolen data, criminals might make purchases using your bank/credit cards, apply for credit in your name, access your existing online accounts (e.g. bank, PayPal etc.) or even set up illegal bank accounts in your name.

You are entitled to claim for any losses you can link directly to the breach of data.

A data breach can have a significant impact on a person’s mental health. Following a violation, it is not uncommon for victims to be diagnosed with stress and other psychological conditions. Likewise, a data breach can exacerbate any existing mental health illnesses.

As a direct result of privacy violations, we have seen people experience stress, fear, anxiety attacks and trauma. Some victims require medication to help them deal with the psychological effects of a breach of trust. Relationships with loved ones can also suffer.

Personal data has value – there is a reason it is commonly found for sale on the dark web after a data breach. So, we must hold organisations to account if they fail to protect our right to data privacy.

Why claim data breach compensation?

As data privacy violations continue to rise, so too do data breach compensation claims. Nevertheless, some people still think that making a GDPR* compensation claim is opportunist. With data breaches causing suffering and distress to people across the UK, this could not be further from the truth.

Of course, if you lose out financially after a data breach, you must get back what you are owed. But what many people do not understand is that the emotional impact on victims can be just as devastating.

Downplaying the impact of a data breach compensation claim is disrespectful to the victims.  Furthermore, the amount of information we share with organisations leaves us all open to the threat of financial and identity fraud if this falls into the wrong hands. So, organisations must be held to account if they fail to protect our personal data as they are required to do so by law.

Claiming compensation can help victims get the justice they deserve. But more than that, it could also force organisations to take data protection seriously and implement more secure processes.

*General Data Protection Regulation (GDPR)
The GDPR is the EU regulation that governs data protection and privacy. It sets out how your personal information can be used by organisations, businesses, and the government. Despite Brexit, UK organisations still need to comply with the GDPR. The Data Protection Act (DPA) is the UK’s interpretation of the GDPR.

Types of data breach claims

At Keller Lenkner UK, we deal with a huge range of data breach cases. The most common reasons for a data breach are where:

  • Data has been inadvertently lost or leaked.
  • Personal data has been erroneously used and/or sent to a third party without permission. For example, in the Experian data breach, the ICO* discovered that the “the data of almost every adult in the UK was, in some way, screened, traded, profiled, enriched, or enhanced to provide direct marketing services”.
  • Financial data or an identity has been stolen to carry out theft/fraud.
  • An organisation failed to maintain up-to-date, accurate information and this caused damage.
  • Personal information has been misused or mishandled.
*The Information Commissioner’s Office (ICO)
The ICO is the data protection regulator in the UK. It helps safeguard your information rights and upholds data privacy. The ICO has issued large fines to organisations in breach of their data protection duties. You can ask the ICO to investigate if you discover that your personally identifiable information has been compromised in a data breach. The ICO does not give data breach compensation to individuals, but at Keller Lenkner UK, our expert data protection lawyers use evidence uncovered by relevant ICO investigations to support our data protection compensation claims.

Who can make a data breach claim?

Anyone who has had their personal information put at risk by an organisation might be able to make a data breach compensation claim.

Under GDPR, organisations who experience a data breach that is likely to affect those involved’ rights and freedoms must inform these people without undue delay. So, if you are a data breach victim, you should be contacted by the offending organisation to let you know.

However, this does not always happen. As such, it is worth keeping an eye out to see if your information is at risk. There are online tools that can help you to do this such as https://haveibeenpwned.com/

Furthermore, if you suspect a particular breach might have exposed your personally identifiable information (PII)*, you have the right to ask the offending party to confirm whether your suspicions are correct. This is called making a Subject Access Request.

*Personally Identifiable Information (PII)
Personally identifiable information (PII) describes any data that can be used to identify an individual; either on its own or along with other information.

PII could include names, postal addresses, dates of birth, email addresses, telephone numbers, credit card details, bank details, passwords, medical records, IP address or a cookie identifier, and more.

Group action or individual claim?

You can make a data breach claim with Keller Lenkner UK, regardless of whether an organisation only breached your information, or if your data was involved in a large data breach involving multiple people.

A group action data breach compensation claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions or multi-claimant actions. The main benefit of a group action is that it provides strength in numbers. Furthermore, just because your case is part of a group action does not mean that you will receive the same amount of compensation as everyone else. Your claim will be based on your experience and, if successful, you will receive what you are owed.

At Keller Lenkner UK, we are currently running several group action data breach claims.

Data breach compensation and costs

If an organisation fails to protect your personal and private information, you must have access to justice. Professional legal advice is necessary to help you to do this. Nevertheless, concerns about the cost of making a claim can stop people from appointing an expert data breach solicitor.

To help ensure you get the legal representation needed to win, at Keller Lenkner UK, our data breach solicitors work for you on a no-win, no-fee basis. This means, if your claim is not successful, you will not have to pay a penny towards your case.

We expect to win our no-win, no-fee cases, but if you lose, you might be ordered to pay costs, fees, and other expenses. So, we take out ‘After the Event’ insurance to insure against the risk of losing a case. With such insurance in place, any costs will be paid by the insurance provider if we lose your case.

If we win your case, you will probably have to contribute towards your solicitor’s costs. This is called a ‘success fee’ and it is taken from the compensation awarded to you. We always make sure you are fully informed about any potential costs before we proceed.

When it comes to compensation, while there are no guidelines about how much you can be awarded in a data breach claim, we help you achieve the maximum award possible.

Why choose Keller Lenkner expert data breach compensation lawyers?

Keller Lenkner UK is one of the most experienced multi-claimant law firms in England and Wales.

Furthermore, our data breach team boasts some of the most skilled data breach lawyers, and we are used to winning for clients against well-funded corporates and in complicated multi-claimant and group actions.

Ultimately, our team has the experience, diligence and means to fight your corner and win.

We are one of the most experienced multi-claimant legal firms in England and Wales.

Our data breach and cybercrime specialists have a combined experience of over 50 years.

We represent clients in data breach actions, often against large, well-funded companies.

We work with expert barristers to ensure you get the very best level of legal support available.

We have offices in Chancery Lane, London and Liverpool City Centre, and the technology to provide a nationwide service.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.

Starting a data breach compensation claim

In some group action cases, the court will set a deadline to join a case. With strict time limits in place, it is important to act now to ensure you don’t lose out.

Contact us today for a free, no-obligation, assessment of your case. There are no costs to sign-up, and no obligation to proceed.

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.