Data breach compensation and claims
If you have been affected by a data breach, you may be eligible for compensation. Call 020 8038 9412 for a free initial consultation.
What is a data breach?
All organisations that hold personal information have a legal duty to keep that data secure. When they fail to do so and your information is disclosed without your permission, this is known as a data breach.
Data breaches can happen in many ways, including:
-
When an employee deliberately shares confidential information without consent
-
When a cyber‑attack or hack exposes personal data due to inadequate security measures
University of Nottingham data breach
We are aware of the Nottingham University data breach. If you are concerned that you have been affected and would like to speak to our team, please complete this contact form.
Each year, the Information Commissioner’s Office (ICO) issues millions of pounds in fines to organisations that fail to protect people’s personal information. Some breaches affect a single individual, while others impact millions and make national headlines such as the Capita data breach, which exposed the personal details of numerous pension scheme members and other individuals.
If your personal data has been compromised, you may be entitled to data breach compensation. Claims can cover the loss of control over your information, the anxiety and distress caused, and any financial losses you have suffered.
Leigh Day specialises in guiding clients through these complex and sensitive cases. Its specialist data breach team is here to help you understand your rights, hold organisations accountable, and secure compensation.
Get help today
Read our reviews
Why choose Leigh Day?
Experienced
Leigh Day has more than 20 years' experience in data protection and privacy claims. This includes challenging multi-national companies, as well as local authorities and the NHS.
Top ranked firm
Leigh Day human has been recognised as a leader in its field for many years. In 2026, it was top ranked in 14 practice areas in Chambers and Partners.
Informed
We keep on top of changes to information and data protection law to best advise our clients. We have brought successful compensation claims in cases where others wrongly accessed clients’ personal, medical and financial information.
Leigh Day's specialist data breach team challenge multi-million-pound corporations who have unlawfully shared their customers' information or failed to invest in adequate security measures, resulting in a data breach.
Meet the team
Sean Humber
Partner
Sean is an experienced human rights lawyer and privacy breach compensation claims specialist
Gene Matthews
Partner and joint head of human rights
Gene specialises in consumer law, product liability and data protection claims mainly brought as group claims/ multi-party actions
Data breach FAQs
Organisations often hold a huge amount of data about their customers - from confidential information such as names and addresses to financial data like credit card and bank details.
Under the GDPR, a company is obligated to inform both you and the I.C.O. without delay if there is a serious data breach affecting your personal information. They should explain:
- The likely consequences of the data breach
- Measures taken or in place to tackle the breach and any adverse effects
- Who their data protection officer is and their contact details
If you think your personal data may have been disclosed as a result of a data breach but have not been informed by the organisation from whom information was taken, contact them directly. They should then tell you whether your personal data has been disclosed as a result of a data breach.
Contact Leigh Day if you believe a breach has involved your personal data, but the company in question have not notified you. Leigh Day's data breach solicitors can investigate your concerns and assess whether you have a viable claim for compensation.
Get in touch with our specialist data protection solicitors to start your compensation claim for financial loss and/or emotional distress caused by a data breach.
- Call 020 8038 9412 for a free initial consultation
- Email infobreach@leighday.co.uk and someone will respond soon
One of our specialist data protection, privacy and information law experts will listen to your case. If we believe you have a claim, the first step may be to complain directly to the company responsible. This can be the quickest way to settle a data breach claim, should the organisation accept they were at fault.
Reporting the data breach to the I.C.O.
If you have been a victim of a data breach, you may also wish to complain to the I.C.O. who, as the UK's independent body set up to uphold the public’s information rights, are able to investigate the matter and fine the organisation . They can’t award compensation to those affected, but their actions, including any reports they produce as part of their investigations and findings that the organisation has not complied with the law, may help support your case.
There are many different types of data breach. Some can be deliberate. For example, a disgruntled member of staff at a company can leak personal information to others without the individual’s knowledge or consent.
In other cases, the breach can happen unintentionally. For example, a business may suffer a successful cyber-attack of its customers’ personal information as a result of inadequate security, or a hospital may send a letter containing confidential medical information to the wrong address.
The loss of personal information as a result of a data breach can have a significant emotional and financial impact on the victim. In some cases, especially where financial information is stolen in a breach, it can lead to fraud, identity theft and loss of money.
Two important examples of serious data breaches are:
- Carphone Warehouse: Over three million mobile phone customers’ personal details were hacked as a result of a successful cyber-attack of Carphone Warehouse’s IT system in 2015. The firm were fined £400,000 by the I.C.O. for the breach.
- TalkTalk: Over a hundred TalkTalk customers had their personal information hacked in a series of data breaches suffered by TalkTalk in 2014 and 2015.
The amount of compensation you will receive if you are the victim of a data breach depends on the exact circumstances relating to the breach, including:
- Sensitivity of the data stolen;
- How many people accessed your data;
- Length of time between the breach occurring and being informed;
- How long unauthorised access to the data was / is available;
- Anxiety and emotional distress encountered;
- Any financial losses experienced.
You could receive compensation for the loss of control over the information even if you suffered no financial loss. The I.C.O. can issue fines to organisations for breaching the GDPR and / or Data Protection Act 2018. However, the fines are distinct from any that can be claimed by victims of data breaches. Their findings that an organisation has not complied with the law, usually after a lengthy investigation, can be helpful in support of a claim for compensation too.
Organisations must report a data breach to the I.C.O., as the relevant authority, without undue delay and no later than 72 hours after being made aware of it. Any longer than this and they must give reasons for the delay.
Get help today
Complete this short form to get in touch.
Leigh Day has deep expertise in navigating complex and sensitive data protection cases. Partner Sean Humber leads privacy and information law work, bringing extensive experience in claims involving the wrongful access or disclosure of personal, medical and financial data.
Partner Gene Matthews brings nearly 20 years of expertise in group litigation, representing clients in large‑scale data breach actions against multinational corporations and government bodies.
If your personal information has been mishandled due to organisational failings, Leigh Day's specialist data breach team is here to guide you through this complex and distressing process.
Please be assured that all personal data is treated in accordance with Leigh Day's privacy policy.
What the directories say
Sean is a very knowledgeable and experienced lawyer. He has great communications skills along with great persistence and determination. He always goes the extra mile to help.
Chambers and Partners 2026
What the directories say
Gene is very experienced and runs a serious team that is relentless in its approach. He is very well organised.
Chambers and Partners 2026
News about our data breach claims
Legal claim launched following recent critical report of major data breach at outsourcing giant Capita in 2023
Following a major data breach at outsourcing and technology giant Capita that exposed the personal information of millions of people, law firm Leigh Day has launched a legal claim for those affected to pursue compensation for financial loss and emotional distress.
Catastrophic MoD data breach of sensitive personal information increases risk to safety of Afghans who worked with UK Forces
The lifting of a super injunction by the High Court in London has revealed that the Ministry of Defence (MoD) experienced a serious data breach of the sensitive personal data of many thousands of Afghan citizens in 2022.
Get help today
Complete our short form now