What is a data breach?

A data breach happens when an individual’s personal data is accessed, stolen, published, or otherwise used without their authorisation. Crucially, a breach can have a range of adverse effects on individuals, including emotional distress and financial losses. And, despite fears about cybercrime, human error is still the biggest cause of data protection breaches. There are several ways a data breach could occur, for example: access by an unauthorised third party (e.g. a cyberattack) unauthorised disclosure via human error (e.g. an email being sent to the wrong person) computing devices containing personal data being lost or stolen alteration of personal data without permission accidental or unlawful destruction of personal data.

What is personal data?

Personal data is any information about a person that could be used to identify them, either on its own or in combination with other information. For example, a name, email address or even an IP address. Personal data also includes extremely sensitive information such as medical records, details about a person’s political or religious leanings, and criminal convictions.

The Information Commissioner’s Office (ICO) is the UK’s data protection watchdog regulator. It protects your information rights and data privacy. And it helps organisations to meet their data protection obligations. If your personal information is involved in a data breach, you can ask the ICO to investigate why this happened. Importantly, the ICO can impose substantial fines on organisations in breach of their data protection responsibilities. For example, in 2020 the ICO individually fined Marriott International £18.4 million, British Airways £20 million, and Ticketmaster £1.25 million for failing to keep their customers’ personal data secure. However, the ICO does not award compensation to individuals, so it is vital to appoint an expert lawyer to get the compensation you deserve following a data breach. Your solicitor will use evidence uncovered by the ICO to support your data protection compensation claim.

How do I know if my data has been breached?

To avoid falling foul of data protection rules, organisations MUST tell you if they have breached your personal data “without undue delay”. However, in reality, this does not always happen. If you suspect your data has been breached, but you have not heard from the company you think failed to protect it, you can make a subject access request (SAR) to find out if your information was involved in a privacy violation. You can also contact the ICO if an organisation fails to respond to a SAR, or if it does not do so adequately.

What should I do if my data has been breached?

Victims of data breaches often become the target of cybercriminals. So, following a privacy violation, before you do anything else, it is essential to take steps to keep yourself safe. As well as following any security instructions provided by the organisation that breached your data, here are some top tips to prevent the impact of a data breach from escalating.

How do I start a data breach compensation claim?

If you discover you are involved in a data breach, you should start a compensation claim. To do this, contact Keller Lenkner UK for a free assessment of your case. We will talk you through your options and explain everything in plain English.

What is a group action data breach?

In some cases, where a data breach occurs, you will not be the only victim. In these instances, you might be able to join a group action claim. Because there is strength in numbers, a group action (also called a class action or multi-party action) helps to even the playing field between large organisations and individual claimants. So, a group action usually makes a big organisation take the matter more seriously. This increases the chances of success for the claimants.

How much data breach compensation will I get?

There are no set amounts awarded for a data breach claim. If you go to court, the judge will consider all the circumstances, including the seriousness of the breach and the impact on you. However, it is important that your data breach solicitor knows what to claim for. Inexperienced solicitors might not understand the full and lasting impact a data breach can have on a person.

A quick guide to staying safe after a data breach.

How to protect yourself following a data breach

Victims of data breaches often become the target of cybercriminals.

To keep yourself safe after a data breach, our expert data breach lawyers have provided some helpful tips.

Protect your finances following a data breach or cybercrime

Information stolen in breaches is often used to commit cybercrimes. Privacy violations have resulted in fraud, blackmail, and identity theft, so data breach victims are at high risk of being targeted by cybercriminals. To stay safe, you should:

Contact your bank or credit card provider immediately if your financial data has been exposed.
Check all bills and emails for goods or services you have not ordered.
Check your bank account for unfamiliar transactions.
Alert your bank or credit card provider immediately if there is any suspicious activity.
Monitor your credit score for any unexpected dips.
Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
Never be pressured into moving money to another account for "fraud reasons". A legitimate bank won’t ask you to do this.

Watch out for further attacks and attempts to extract additional information from you

Phishing fraudsters contact you using emails, texts, and other forms of communication. They disguise themselves as someone you trust. Their goal is to trick you into giving them your personal information (e.g. usernames, passwords, credit card details, etc.) and steal from you.

Phishing often happens following a data breach. Criminals use the data exposed in breaches to trick people into believing they are genuine.

Stolen data is easy to buy on the dark web, so if you are the victim of a data privacy violation, it is quite likely that different criminals could be trying to use your data against you.

Stolen data is also used in batches over time, so the impact of a data breach might not be immediately apparent.

To protect yourself after a data breach, you should:

Follow the security instructions provided by the organisation that breached your data.
Never automatically click on any suspicious links or downloads in emails or texts.
Never assume an email or phone call is authentic just because someone has your details.
Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
Know that, even if you recognise a name or number, it might not be genuine.
Not be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.

Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
Listen to your instincts and ask questions if something feels “off”.
Refuse requests for personal or financial information and stop discussions if you are at all unsure.
Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
Be cautious of unsolicited communications that refer you to a web page asking for personal data.
Not accept friend requests from people you don’t know on social media.
Review your online privacy settings.
Report suspected fraud attempts to the police and Action Fraud.

Put some data protection best practices in place to stop the threat from escalating

To stop a bad situation from getting even worse, if you are the victim of a data breach you should also :

Change your passwords. You should also do this regularly and use a different password for every account (a password manager can help with this).

Protect your devices with up to date internet security software.

Make a report to Action Fraud

If you have been scammed, defrauded or experienced cybercrime in England, Wales and Northern Ireland, you should also report this to Action Fraud.

Once you make a report, Action Fraud will provide you with a police crime reference number and your case will be passed to the relevant local police force/law enforcement agency for investigation. Action Fraud does not investigate the cases and cannot advise you on the progress of a case.

It is important to make a report via Action Fraud as it uses this data to make reports and passes these to the National Fraud Intelligence Bureau (NFIB). The NFIB uses this data to identify serial offenders, organised crime groups and find emerging crime types.

Make a compensation claim for the breach of your personal information.

Personal information describes any data that can identify an individual, either on its own or alongside other information. Organisations that use our personal data have a legal obligation to keep it safe. This is important because criminals regularly use stolen personal information to commit fraud, blackmail, and identity theft.

Even where a personal data breach is not caused by cybercriminals but by a simple mistake, the results can be devastating. As a result of admin errors and poor data security processes, data privacy violations can cause considerable distress, upset, embarrassment and harm.

At KP Law, we help people make compensation claims when an organisation has not looked after their personal information as well as it should have.

As well as helping individuals to make a claim, where multiple people have been affected by the same breach, we will run a group action.

We run our cases on a no-win, no-fee basis.

Why use KP Law to make a claim?

We are one of the most experienced multi-claimant legal firms in England and Wales.

Our legal team represents tens of thousands of workers and consumers across England & Wales.

We act for clients who deserve to win, and we do everything we can to ensure that they do.

We have all the resources and expertise necessary to take on complicated cases and win.

We are never afraid of a fight and are ready to take on large, deep-pocket defendants that other law firms shy away from.

From specialist barristers to expert lawyers, we always make sure you get the best possible legal support.

We have offices in London, Liverpool, Manchester, and Birmingham, and the technology to provide a nationwide service to clients across England & Wales.

We combine expertise and technology to streamline the legal process and deliver an efficient, hassle-free experience to our clients.

We don't take on a case unless we believe we can win, and we are so confident in this that our clients don't pay us a penny unless we succeed.

A quick guide to staying safe after a data breach.

How to protect yourself following a data breach

Protect your finances following a data breach or cybercrime

Watch out for further attacks and attempts to extract additional information from you

To protect yourself after a data breach, you should:

Put some data protection best practices in place to stop the threat from escalating

Make a report to Action Fraud

Make a compensation claim for the breach of your personal information.

Why use KP Law to make a claim?

Start Your Claim Today

Our experienced and professional team is ready to start your no-win, no-fee claim.

Recent awards, shortlistings, and listings

CONTACT US

USEFUL LINKS

START A CLAIM

FOLLOW US