Phone And Laptop

Data breach compensation and claims

If you have been affected by a data breach, you may be eligible for compensation. Call 020 8038 9412 for a free initial consultation.

What is a data breach?

All organisations that hold personal information have a legal duty to keep that data secure. When they fail to do so and your information is disclosed without your permission, this is known as a data breach.

Data breaches can happen in many ways, including:

  • When an employee deliberately shares confidential information without consent

  • When a cyber‑attack or hack exposes personal data due to inadequate security measures

University of Nottingham data breach

We are aware of the Nottingham University data breach. If you are concerned that you have been affected and would like to speak to our team, please complete this contact form.

Each year, the Information Commissioner’s Office (ICO) issues millions of pounds in fines to organisations that fail to protect people’s personal information. Some breaches affect a single individual, while others impact millions and make national headlines such as the Capita data breach, which exposed the personal details of numerous pension scheme members and other individuals.

If your personal data has been compromised, you may be entitled to data breach compensation. Claims can cover the loss of control over your information, the anxiety and distress caused, and any financial losses you have suffered.

Leigh Day specialises in guiding clients through these complex and sensitive cases. Its specialist data breach team is here to help you understand your rights, hold organisations accountable, and secure compensation.

Get help today

Why choose Leigh Day?

Experienced

Leigh Day has more than 20 years' experience in data protection and privacy claims. This includes challenging multi-national companies, as well as local authorities and the NHS.

Top ranked firm

Leigh Day human has been recognised as a leader in its field for many years. In 2026, it was top ranked in 14 practice areas in Chambers and Partners.

Informed

We keep on top of changes to information and data protection law to best advise our clients. We have brought successful compensation claims in cases where others wrongly accessed clients’ personal, medical and financial information.

Leigh Day's specialist data breach team challenge multi-million-pound corporations who have unlawfully shared their customers' information or failed to invest in adequate security measures, resulting in a data breach.   

Meet the team

Sean Humber

Partner

Sean is an experienced human rights lawyer and privacy breach compensation claims specialist

Data protection and privacy Discrimination Human rights Judicial review Environment Group claims

Gene Matthews

Partner and joint head of human rights

Gene specialises in consumer law, product liability and data protection claims mainly brought as group claims/ multi-party actions

Clinical trials Medical devices Product safety Group claims Diesel emissions claims Data protection and privacy Human rights

Joshua Garrod

Associate solicitor

Joshua is an associate solicitor in the human rights department, specialising in information, privacy and data protection law.

Information law Data breach Human rights

Data breach FAQs

Organisations often hold a huge amount of data about their customers - from confidential information such as names and addresses to financial data like credit card and bank details.

Under the GDPR, a company is obligated to inform both you and the I.C.O. without delay if there is a serious data breach affecting your personal information. They should explain:

  • The likely consequences of the data breach
  • Measures taken or in place to tackle the breach and any adverse effects
  • Who their data protection officer is and their contact details

If you think your personal data may have been disclosed as a result of a data breach but have not been informed by the organisation from whom information was taken, contact them directly. They should then tell you whether your personal data has been disclosed as a result of a data breach.

Contact Leigh Day if you believe a breach has involved your personal data, but the company in question have not notified you. Leigh Day's data breach solicitors can investigate your concerns and assess whether you have a viable claim for compensation.

Get in touch with our specialist data protection solicitors to start your compensation claim for financial loss and/or emotional distress caused by a data breach.

One of our specialist data protection, privacy and information law experts will listen to your case. If we believe you have a claim, the first step may be to complain directly to the company responsible. This can be the quickest way to settle a data breach claim, should the organisation accept they were at fault.

Reporting the data breach to the I.C.O.

If you have been a victim of a data breach, you may also wish to complain to the I.C.O. who, as the UK's independent body set up to uphold the public’s information rights, are able to investigate the matter and fine the organisation . They can’t award compensation to those affected, but their actions, including any reports they produce as part of their investigations and findings that the organisation has not complied with the law, may help support your case.

There are many different types of data breach. Some can be deliberate. For example, a disgruntled member of staff at a company can leak personal information to others without the individual’s knowledge or consent.

In other cases, the breach can happen unintentionally. For example, a business may suffer a successful cyber-attack of its customers’ personal information as a result of inadequate security, or a hospital may send a letter containing confidential medical information to the wrong address.

The loss of personal information as a result of a data breach can have a significant emotional and financial impact on the victim. In some cases, especially where financial information is stolen in a breach, it can lead to fraud, identity theft and loss of money. 

Two important examples of serious data breaches are:

  • Carphone Warehouse: Over three million mobile phone customers’ personal details were hacked as a result of a successful cyber-attack of Carphone Warehouse’s IT system in 2015. The firm were fined £400,000 by the I.C.O. for the breach.
  • TalkTalk: Over a hundred TalkTalk customers had their personal information hacked in a series of data breaches suffered by TalkTalk in 2014 and 2015.

The amount of compensation you will receive if you are the victim of a data breach depends on the exact circumstances relating to the breach, including:

  • Sensitivity of the data stolen;
  • How many people accessed your data;
  • Length of time between the breach occurring and being informed;
  • How long unauthorised access to the data was / is available;
  • Anxiety and emotional distress encountered;
  • Any financial losses experienced.

You could receive compensation for the loss of control over the information even if you suffered no financial loss. The I.C.O. can issue fines to organisations for breaching the GDPR and / or Data Protection Act 2018. However, the fines are distinct from any that can be claimed by victims of data breaches. Their findings that an organisation has not complied with the law, usually after a lengthy investigation, can be helpful in support of a claim for compensation too.

Organisations must report a data breach to the I.C.O., as the relevant authority, without undue delay and no later than 72 hours after being made aware of it. Any longer than this and they must give reasons for the delay. 

Get help today

Complete this short form to get in touch.

Leigh Day has deep expertise in navigating complex and sensitive data protection cases. Partner Sean Humber leads privacy and information law work, bringing extensive experience in claims involving the wrongful access or disclosure of personal, medical and financial data.

Partner Gene Matthews brings nearly 20 years of expertise in group litigation, representing clients in large‑scale data breach actions against multinational corporations and government bodies.

If your personal information has been mishandled due to organisational failings, Leigh Day's specialist data breach team is here to guide you through this complex and distressing process. 

Please be assured that all personal data is treated in accordance with Leigh Day's privacy policy.

What the directories say

Sean is a very knowledgeable and experienced lawyer. He has great communications skills along with great persistence and determination. He always goes the extra mile to help.

Chambers and Partners 2026

What the directories say

Gene is very experienced and runs a serious team that is relentless in its approach. He is very well organised.

Chambers and Partners 2026

Profile
Gene Matthews
Clinical trials Data protection and privacy Diesel emissions claims Group claims Human rights Medical devices Product safety

Gene Matthews

Gene specialises in consumer law, product liability and data protection claims mainly brought as group claims/ multi-party actions

Profile
Sean Huumber
Data protection and privacy Discrimination Environment Group claims Human rights Judicial review

Sean Humber

Sean is an experienced human rights lawyer and privacy breach compensation claims specialist

News about our data breach claims

News Article
Digital padlock being unlocked
Data breach Human rights Data protection and privacy

Legal claim launched following recent critical report of major data breach at outsourcing giant Capita in 2023

Following a major data breach at outsourcing and technology giant Capita that exposed the personal information of millions of people, law firm Leigh Day has launched a legal claim for those affected to pursue compensation for financial loss and emotional distress.

News Article
Afghanistan
Data breach Afghanistan ARAP

Catastrophic MoD data breach of sensitive personal information increases risk to safety of Afghans who worked with UK Forces

The lifting of a super injunction by the High Court in London has revealed that the Ministry of Defence (MoD) experienced a serious data breach of the sensitive personal data of many thousands of Afghan citizens in 2022.  

News Article
Digital Composite Image Of Businessman Using Laptop With Icons At Desk 1187838626
Data breach Church of England Abuse claims

Lawyers react to data breach affecting personal information of survivors of Church of England abuse

Leading data breach and abuse lawyers at Leigh Day have expressed their concern after personal details of almost 200 survivors of church abuse were leaked in a serious data breach.

Get help today

Complete our short form now