Twitter Data Breach Claims

If your data has been put at risk in this data breach, you may be able to claim with Keller Lenkner UK.

Get justice for the Twitter data breach

In December 2020, Twitter was fined €450,000 by the Irish Data Protection Commissioner (DPC) for failing to promptly declare and properly document a data breach. This comes after a Twitter bug led to private tweets being made publicly available.

By making private tweets public, it is quite possible that a Twitter user could have:

In total, we believe that at least 88,726 Twitter users in the EU are affected by this breach, and there is likely to be significantly more. These people could now have a claim for compensation. As well as claiming for emotional distress and any damage done (e.g. financial losses, missed career opportunities, etc.), people involved in the Twitter breach can also claim for the loss of privacy itself.

If your data was included in this breach, and you live in England & Wales, you may be able to make a compensation claim with Keller Lenkner UK.

Contact us today for a free, no-obligation, assessment of your case.

Why claim data breach compensation?

Hold Twitter to account for failing to protect your private information.

Receive financial compensation for your losses.

Force Twitter to implement better data security.

Was your data compromised in the Twitter data breach?

Users affected by the Twitter data breach:

  • used the ‘Protect your Tweets’ feature during the data breach period (5 September 2017 to 11 January 2019)
  • used the Twitter for Android app only. People on iOS or the web were not impacted
  • made certain account changes during this time (e.g. changed their email address).

Twitter has said that it has “informed people we know were affected by this issue”. However, the bug could have been in place since 2014, and Twitter does not keep logs that far back. In addition, an announcement on the Twitter Help Centre said that it could not confirm every account that may have been impacted.

At Keller Lenkner UK, we are registering people in England & Wales who have been affected by this breach and who want to get justice.

Register with us and we will keep you up to date with any developments as they happen. We will also let you know when you can make a claim.

You can register if you believe you are involved in this breach – even if Twitter has not confirmed as such. However, if you do not have evidence that your private tweets were made public, you will need to demonstrate that you are in the group affected by this breach (Android user, etc.) and that you experienced harm as a direct result of the privacy failure.

Twitter Data Breach Timeline

  • 5th September 2017 to 11th January 2019
    A Twitter bug led to private tweets being made publicly available. The fault could have been in place since 2014, but Twitter does not keep logs that far back.
  • January 2019
    The Twitter bug was publicly exposed.
  • 15th December 2020
    Twitter is hit with a €450,000 GDPR fine for failing to promptly declare and properly document the data breach.

Latest News

Twitter fined €450,000 by Irish data regulator

In the first major tech GDPR case, Twitter has been fined €450,000 by the Irish Data Protection Commissioner (DPC) for privacy breaches. This is the first time a multinational tech firm has been held to account by the Irish regulator since GDPR was introduced. The penalty was issued as Twitter failed to promptly declare and properly document a data breach.

Read More »

Did Twitter breach your data?

Twitter has been fined €450,000 by the Irish Data Protection Commissioner (DPC) for failing to promptly declare and properly document a data breach. This comes after a Twitter bug led to private tweets being made publicly available. But not everyone involved in the breach knows that they had their privacy compromised.

Read More »



Find out more about making a group action claim for compensation.



What does no-win, no-fee actually mean and are there really no costs if you appoint us?

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.


GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.