Skip to content 
A bank data breach could expose sensitive financial information. It could put individuals at risk of privacy violations and facing financial losses. If your financial data has been compromised, you may have grounds to seek compensation. Bank data breach claims are a way for individuals to recover compensation for the impact a breach has had on them.
In this guide, we explain everything you need to know about making a financial data breach claim. We outline what a data breach is, how to know if you have been impacted by a breach and when you may be eligible to claim. We also look at how compensation could be calculated and how to start a claim. Furthermore, we provide guidance on how a No Win No Fee arrangement works should you like to have legal representation during the claims process.
Whether the data breach was caused by human error or a malicious attack, it is essential to understand your rights. Our team is ready to assist you. We could provide help and advice and could connect you to one of our panel of specialist solicitors.
Get in touch today by:
- Calling an advisor on 0333 000 0729.
- Telling us what happened over our live chat.
- Contact us and start your claim.
Jump To A Section
- What Is A Bank Data Breach?
- Examples Of Bank Data Breach Claims
- How Can I Know If My Personal Information Was Breached?
- Can I Claim For A Data Breach By My Bank?
- How Much Compensation Can I Get For A Data Breach?
- How Do I Start My Bank Data Breach Claim?
- What Legal Helpline Can Do To Help
- More Information
What Is A Bank Data Breach?
A bank data breach occurs when a financial institution fails to protect individuals’ personal data, leading to the unauthorised access, loss, destruction, alteration or disclosure of sensitive information.
Under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR), banks and financial institutions must safeguard customers’ personal data.
Banks and other financial institutions (such as building societies and mortgage providers) may hold information protected by the UK GDPR and DPA, such as:
- Bank account details – including your account number and sort code.
- Financial information and records – including bank statements, transaction history and details of loans and credit cards. This may include both digital and physical financial documents.
- Sensitive information – including identification documents, tax records and any medical information held, such as information on disabilities preventing a customer from accessing services on their own behalf.
- Personal information – such as your name, address and contact information.
Human error, cyberattacks or security failures could lead to breaches involving customers’ personal data. This could put individuals at risk of financial harm as well as that to their mental health. If a breach does occur, the bank should assess the risk to individuals, notifying them without undue delay if their data has been affected.
If your bank had notified you of a breach, or you suspect your data has been involved in one, you could be entitled to compensation. Our team could provide further information on when bank data breach claims could be made.
Examples Of Bank Data Breach Claims
There are various ways in which a bank data breach could happen, such as through cyberattacks or human error.
Potential examples of a bank data breach could include:
- Email data breaches – this is an example of human error and may include emails being sent to the wrong recipient or group email data breach. This occurs when a sender uses the CC (carbon copy) function instead of the BCC (blind carbon copy) function, exposing all recipients’ email addresses and usernames to each other.
- Unauthorised disclosure – a bank employee discloses a customer’s financial information to a third party, both without the customer’s permission and without a lawful basis for doing so.
- Cyber attacks and hacking – cyber attacks may involve criminals gaining access to a bank’s systems, accessing data such as financial documents, transaction history and contact details.
- Theft, lost, destroyed or altered records – this may include physical and digital records which contain customers’ personal data.
- Incorrect data entry – this could constitute a data breach where errors in customer records lead to private or otherwise personal data being improperly stored or displayed.
These data security incidents could lead to the unauthorised access to or disclosure of financial data, creating serious privacy concerns.
If a data breach has compromised your personal information, you could be eligible to make a compensation claim. Contact us today for further information.
How Can I Know If My Personal Information Was Breached?
You may have received a data breach notification letter from your bank or building society informing you of a breach. Alternatively, you may have seen news reports indicating that the bank has experienced a data breach and be concerned that your personal information has been affected.
If a data breach poses a risk to your rights under the UK GDPR and DPA, your bank is legally required to send you a data breach notification letter. They must do so without undue delay.
The notification letter should explain:
- Details of how the data protection breach occurred.
- What personal data was affected.
- What impact this could have on you, such as risks to your safety.
- Steps the bank or building society are taking to address the breach.
If you did not receive a notification letter but still suspect your data has been affected, you can contact the bank using their official website or phone number. The bank should be able to confirm whether a breach has occurred, whether you have been affected and what steps you may need to take.
Do I Need To Do Anything After A Data Breach?
It is important to take action if you think that your personal, sensitive, or private information has been affected by a breach.
Steps you can take may include:
- Contacting the bank. If you have not already received a notification letter, you can ask for the information discussed above.
- Contacting the Information Commissioner’s Office (ICO). The ICO is an independent authority enforcing data protection laws. It can investigate whether the bank is complying with data protection law and fulfilling its obligations under the DPA and UK GDPR.
- Monitor online accounts. You should monitor any online (or other) accounts, such as your bank account or those of credit cards provided by your bank for suspicious or unauthorised activity.
In addition, you should be aware of any phone calls, messages, emails or notifications purporting to be from your bank and which seem suspicious. Suspicious activity may include phone calls or other forms of messages phishing for personal data.
Typically you will not need to report the data protection breach to the ICO. It is the responsibility of the bank to do so. You can learn more about data breach claims by contacting an advisor from our team.
Can I Claim For A Data Breach By My Bank?
You may be able to claim if your personal data was exposed in a bank data breach due to their failure to comply with data protection laws. Data controllers and processors must handle personal information in compliance with the UK GDPR and DPA.
- Data controllers – determine how personal data may be used (in accordance with the above legislation).
- Data processors – carry out data processing on behalf of the controller.
The data controller and processor may be different parties or may be the same party. Data breach claims could be made where:
- The breach was caused by the failure to adhere to data protection laws.
- Your personal data was involved in the breach.
- You suffered psychological distress, financial losses or both.
Am I Able To Claim If I’ve Not Experienced Financial Loss?
You may still be able to make a data breach compensation claim, even if you have not suffered any financial losses. Under the UK GDPR, you could claim compensation both for financial losses as well as for the psychological harm and emotional distress caused by a breach.
Vidal-Hall v Google [2015] set the legal precedent that individuals could claim for psychological harm, such as anxiety due to a data breach, without the need to prove any financial losses.
To learn more about claiming for anxiety or stress caused by a data breach, get in touch with our team.
How Much Compensation Can I Get For A Data Breach?
An individual suffering severe psychiatric damage due to a data breach may be eligible to claim between £66,920 and £141,240, according to the Judicial College Guidelines. Legal professionals and the courts may use the Judicial College Guidelines (JCG) when determining compensation for non-material damage. The JCG provides guidelines on compensation based on the severity of harm caused.
Whilst there are guidelines on how much may be claimed for different forms of psychological injury compensation for a personal data breach is calculated on an individual, case-by-case basis. This means that how much compensation you could get will differ depending on how you were harmed and how severe this was.
Data breach compensation claims could consider material and non-material damages.
- Material damage – these are financial losses caused by the breach. For example, as a result of the breach you could needed to relocate and take out additional security measures.
- Non-material damage – this refers to psychiatric and psychological harm caused by the breach. Examples could include stress and anxiety.
We have taken figures from the JCG to create the table below, with the exception of the first figure which illustrates what may be awarded for non-material and material damage combined.
| Harm | Severity | Notes | Guideline Compensation |
|---|---|---|---|
| Psychiatric damage or PTSD - with financial losses. | Severe | Severe PTSD or psychiatric damage and material damage. | Up to £500,000+ with material damage, such as lost income. |
| Psychiatric Damage | Severe (a) | Psychiatric damage impacting the individual's ability to cope with all parts of their life. | £66,920 to £141,240 |
| Moderately severe (b) | Similar to the above, but the prognosis is better. | £23,270 to £66,920 | |
| Moderate (c) | There is a good recovery prognosis and the individual may already have improved markedly. | £7,150 to £23,270 | |
| Less severe (d) | Duration and extent of harm are taken into consideration. | £1,880 to £7,150 | |
| Post-Traumatic Stress Disorder (PTSD). | Severe (a) | The individual's ability to cope with life is permanently impacted. | £73,050 to £122,850 |
| Moderately severe (b) | Cases are distinct from the previous category as there is a better prognosis. | £28,250 to £73,050 | |
| Moderate (c) | At this level, the individual will have largely made a recovery. | £9,980 to £28,250 | |
| Less severe (d) | At this bracket, the person should recover in between 1 and 2 years. | £4,820 to £9,980 |
Get in touch today for free help and advice on making bank data breach claims.
How Do I Start My Bank Data Breach Claim?
To successfully make a personal data breach claim, you need to provide evidence and comply with time limits.
- Collecting evidence – in order to make a successful data breach claim you need:
- Proof of the breach – such as the notification letter or email from the bank.
- Proof of financial losses – such as bank statements and invoices.
- Medical records – showing the psychological impact the breach has had on you.
- Time limits for claims. In general, you have up to 6 years in which to file your personal data breach claim.
In addition, one of the most important steps you can take in starting your claim is contacting a data breach solicitor. An experienced solicitor from our panel could help to assess whether you have a valid data breach compensation claim. Call an advisor to find out if our panel can help you.
What Legal Helpline Can Do To Help
At Legal Helpline we work with a panel of expert solicitors, specialising in helping people to claim data breach compensation. Whether you need help understanding the claims process, gathering evidence or navigating making a claim, a solicitor from our panel could help you.
A solicitor from our panel could help by:
- Helping you to access rehabilitative care, such as psychological treatment.
Gathering witness statements and other evidence. - Negotiating your settlement with the other party.
- Handling your case if it does need to go to court.
- Pursuing your claim on a No Win No Fee basis via a Conditional Fee Agreement. This means that you will only pay for the solicitor’s work at the end of a successful personal data breach claim. This is done via a success fee taken from the compensation. Furthermore, this success fee is a percentage that is limited by a legal cap.
Our panel of solicitors have decades of combined experience in helping people to make successful bank data breach claims and could help you.
Contact Us
No matter whether you suffered psychological harm or financial losses due to a bank data breach, our team could help you.
Get in touch today by:
- Calling us on 0333 000 0729
- Talking to an advisor over our live chat.
- Sending a message via our contact us form.
More Information
In this last part of the guide you can find additional resources. The guides from our site explore related aspects of data breach claims.
- This guide looks in more detail at what the value of a data breach claim could be.
- Find out more about solicitor GDPR data breach claims in this resource.
- Here we look at what a password data breach is.
These references provide further information on data protection.
- This resource from the National Cyber Security Council provides information on citizen data breaches.
- This resource from the ICO provides further information on special category data.
- In this NHS resource, you can learn about the symptoms of stress and how you can get help.
Thank you for reading our guide. Learn more about bank data breach claims by contacting our team.
