View Sidebar

How To Claim Compensation For Fraud After A Data Breach?

The impact of a data breach can be significant. They can range from psychological impacts like stress and anxiety to identity theft, stolen money and other fraudulent activities.


If the data breach happened because the party holding your data failed to keep it safe and secure, then they could be liable.
In this guide, we’ll take a look at what a breach of data protection is, how they can happen, what impacts they can have, and how you could claim data breach compensation for the fraud that’s taken place as a result—as well as example payouts of what you could receive.

If at any point you have any questions or queries about UK GDPR laws and regulations, please don’t hesitate to contact us either via our contact page or the number at the top of our site.

How To Claim Data Breach Compensation

The purpose of this article is to help you understand whether you can make a claim for data breach compensation. Below, we’ll explore in detail what personal data breaches are, how they happen and how much you could receive in a settlement. View this complete guide on data breach compensation claims in the UK and get the free advice that can help you understand GDPR data breach laws and personal data breach claims.


But first, we wanted to provide some quick pointers on how to begin the claims process.


  1. The first thing to do is to determine whether your data has been breached. This usually happens in one of two ways. First, you notice suspicious activity on your bank accounts or online accounts and suspect you’ve been impacted. Or secondly, you’re notified of the breach by the responsible third party.
  2. In the first circumstance described above, the first step to take is to change passwords, notify your bank, and try to work out where the breach occurred. Once known, contact the organisation and ask them to investigate and confirm what was breached.
  3. If you do not hear from the organisation within 3 months, you can escalate your complaint to the ICO, who may begin an investigation.
  4. Once you know the extent of the breach you can begin to understand its full implications. This is where it may be worth seeking legal advice from a solicitor, something we’ll discuss more below.


Hopefully, the organisation responsible will fix the breach and improve its practices so it never happens again. But that could still leave you out of pocket, and that’s where a data breach compensation claim could be warranted.

What Is A Data Breach?

According to the Information Commissioner’s Office (ICO), a personal data breach is an incident in which data has been:


  • Accidentally or unlawfully destroyed
  • Lost
  • Altered without authorisation or consent
  • Disclosed without consent
  • Or accessed without consent


Crucially, this covers both accidental and deliberate acts. So for example, sending personal data to an incorrect recipient via post or email would be classed as a data breach, even if it was done innocently and in error.


Another example would be the likes of medical records being lost or stolen. If, for instance, a doctor had medical records in his car and the car was robbed, that would be classed as a data breach.


Data breach law is governed by the UK General Data Protection Regulation (also known as GDPR) and the Data Protection Act 2018. The UK GDPR provides the right for anyone impacted psychologically or financially by a data breach to seek compensation.

How Can Data Breaches Happen?

Data breaches can happen in a number of ways, as we’ve seen above. In the media we often hear of large-scale hacks and cyber attacks. British Airways was one such organisation that was recently targeted. Due to failings in their security systems, the personal data of around 420,000 staff and customers was exposed, leading to compensation claims being made against the organisation and a £20 million fine imposed by the ICO.


However, while we hear a lot about cyber attacks, data breaches caused by human error are far more common. If we look at the most recent statistics on data breaches as reported to the ICO, we can see that in the third quarter of 2021/22 that there were 1,773 data security incidents caused by non-cyber issues compared with 631 cyber-related incidents.


So with human error data protection breaches nearly three times higher, let’s look at the potential causes:


  • The most common type of data breach revealed in the latest statistics was data being emailed to the incorrect recipient.
  • The second most common cause was data being accessed without the data subject’s permission.
  • In third place was data being faxed to the incorrect person
  • The fourth biggest causes was physical data, like paperwork, being lost or stolen or left in an insecure location
  • And lastly, failure to redact personal data is another leading cause.


As we can see, data breaches can happen in the most innocuous of situations. However, even a simple typo in an email or a failure to Blind Carbon Copy (BCC) people into emails can create significant issues.


For example, a few years ago an NHS trust was fined after the 56 Dean Street HIV clinic sent out a newsletter which mistakenly revealed the recipient’s email addresses. Given the sensitive nature of HIV statuses, the ICO described this as a serious breach of the law, one that caused “a great deal of upset to the people affected.” (Read more here –


So now we know how data breaches can happen. Let’s take a look at the impact they can have.

What Types Of Fraud Can Result From A Data Breach?

It’s important to understand that you can only claim data breach compensation for two types of damage:


  • Material damage – impacts to your finances, such as identity theft, credit score problems, or money stolen from bank accounts
  • Non-material damage – impacts to your psychological well-being, such as suffering from distress, anxiety or post-traumatic stress disorder (PTSD)


To succeed in a claim, it’s necessary to prove that the problems you’ve experienced were directly caused by the data breach. It’s also necessary to show that the failings or inaction of the party in control of the data contributed to the breach occurring.


When it comes to fraud, the main type of damage that’ll be incurred is material damage. If, for example, someone possesses enough information about you, there’s a chance they could steal your identity. This, in turn, could lead to issues like credit being taken out in your name, damaging your credit score, or even money taken from your bank accounts.


These serious forms of fraud could all justify pursuing a data breach compensation claim.

How Much Data Breach Compensation Could You Claim For Fraud?

Fraud has damaging and far-reaching consequences, not just to your finances, but to your mental health too.


When it comes to working out how much compensation you could be entitled to, it’s easier to provide estimates for non-material damage than it is material damage. That’s simply because the financial aspects are unique to each case and require assessing how much money you’ve lost and how much you could lose in the future.


So in this section, we’ve included some information on payouts for mental distress caused by a data breach. The figures you can see below have been taken from the Judicial College Guidelines, a document that details recommended compensation awards based on cases previously decided by the courts.




Injury Severity Notes Value
Post-traumatic stress disorder Less severe Debilitating effects but in the short-term only, with a full recovery made within 2 years. £3,710 to £7,680
Post-traumatic stress disorder Moderate Similar to the above, only that some symptoms may persist for longer into the future £7,680 to £21,730
Post-traumatic stress disorder Severe The impact on the sufferer will be profound and life-changing and may be permanent. They may no longer be able to work and personal relationships may fall apart. £56,180 to £94,470
Psychiatric damage Less severe Compensation is determined based on the impact on daily activities and sleep, as well as the duration they persist. Usually, a full recovery is made £1,440 to £5,500
Psychiatric damage Moderate Similar to the above, but higher data breach compensation awards could be made for more persistent and debilitating problems. £5,500 to £17,900
Psychiatric damage Severe Prognoses in these cases will be poor and a full recovery unlikely. Like with severe PTSD, the impact will be far reaching and significantly debilitating. £51,460 to £108,620

If you speak to a data breach solicitor you’ll be able to gain a clearer understanding of what you could be entitled to in compensation.