Legal Advice On The Capita Data Breaches

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor
  • Specialist solicitors with up to 30 years of experience
  • Find out if you can claim compensation on 0800 073 8804

Start My Claim Online

Capita Data Breach Compensation Claims | No Win No Fee

If you have evidence that your personal data was involved in a Capita data breach which took place recently, you could be entitled to compensation. If you’re looking for legal support and representation, then you’ve come to the right place.

There have been reports of two data security incidents involving Capita in 2023, one in March and one in May. Below, we take a look at each Capita data breach and compensation claims for any financial or psychological damage.

To check to see if you can make a data breach compensation claim, you can contact us at any time. Our line is open 24/7 to give free and confidential advice at a time that best suits you. 

To speak with us now, you can:

capita data breach

Capita Data Breach – Can I Claim Compensation?

Select A Section

  1. Capita Data Breach – Can I Claim Compensation?
  2. What Was The Capita Data Breach?
  3. Evidence That Could Help Support Your Claim
  4. Possible Compensation Payouts For A Data Breach
  5. Make A No Win No Fee Data Breach Claim Today
  6. Related Resources For The Capita Data Breach

Capita Data Breach – Can I Claim Compensation?

If you’re interested in the Capita data breach and compensation claims, it’s important to be aware of the criteria in place to pursue a case.

The UK GDPR describes personal data in Article 4 as any information relating to a person that can be used independently or alongside other information to identify this person. To give some examples, this can include your name, home address, email address, date of birth and phone number.

Also, in Article 9, the UK GDPR outlines another type of personal data known as special category data. This is information, such as your racial or ethnic origin, that requires extra protective measures when being processed. 

To lay out the definition of personal data breaches, we will refer to the information provided by the ICO. They describe a personal data breach as a security breach resulting in the accidental or unlawful alteration, loss, destruction, unauthorised disclosure of, or unauthorised access to, personal data.

To make a compensation claim following a personal data breach, there are eligibility requirements that your case must meet. These are as follows:  

  • Firstly, the data controller or processor that was responsible for handling your personal data failed to comply with data protection laws. 
  • Secondly, this caused a data breach involving your personal information. 
  • Thirdly and finally, this personal data breach caused you to suffer financial losses, psychological damage, or both. 

How Long Do I Have To Claim Compensation?

When considering whether your potential claim may be eligible, it is important to consider whether it is within the relevant time limits as well as ensuring it meets the criteria laid out above. 

For a personal data breach case, you generally have six years to begin legal proceedings. However, when you bring a claim against a public body, you have 1 year.

Please speak to a member of our team to learn whether you may have an eligible personal data breach claim. 

What Is A Data Breach Exactly?

A data breach is an incident, either unlawful or accidental, that results in the loss, destruction, alteration or disclosure of personal or sensitive information.

This could include details of your identity, like your name, address and date of birth. It could also cover your medical history, or your financial details, like bank account numbers.

There are two main pieces of legislation that lay out the responsibilities that data processors and controllers have when storing and using personal data in both its physical and digital forms. These are the UK General Data Protection Regulation (UK GDPR) as well as the Data Protection Act 2018 (DPA).    

The Information Commissioner’s Office (ICO), the UK’s independent body for the upholding of information rights, defines the roles of data controllers and processors. Data controllers are in charge of determining the purposes and means of processing personal data. They can appoint data processors to do this on their behalf. 

What Was The Capita Data Breach?

Let’s take a look at the two recent Capita data breach incidents in 2023.

March 2023

First, in March 2023, Capita suffered a cyber attack which has impacted about 90 organisations that it works with. This includes:

  • Royal Mail
  • The Universities Superannuation Scheme (USS) pension fund – the largest pension fund in the country
  • AXA
  • Numerous local councils, including Barnet, Lambeth, South Oxfordshire, Barking and Dagenham, Adur and Worthing Councils, Rochford District Council, Derby City Council, Colchester City Council, South Staffordshire Council and Coventry City Council
  • The Ministry of Defence
  • The NHS
  • The Royal Bank of Scotland

Capita administers the pension funds of many of these organisations. In technical terms, they’re classed as a data processor—they process and maintain the data of other companies.

This data includes titles, names, initials, dates of birth, national insurance numbers, retirement dates and membership numbers. 

The Pensions Regulator (TPR) has now stepped in to check with its members to see if their data has been affected, meaning the scale of the breach could increase further.

Find out more here:

May 2023

In May, it emerged that Capita had left files unsecured online that were publicly accessible. These files contained benefits data, Capita has said that they are taking measures to secure the data, but a number of local councils have said they thought their data had been impacted.

The ICO has released a statement on the Capita incident explaining that they have received a large number of reports from organisations that have been directly affected.

Whilst they are currently making enquiries themselves, they are encouraging organisations that use Capita to check whether the personal data they hold has been affected.  

Can I Sue Capita For The Data Breach?

If you have a pension with some of the companies mentioned above, you may want to check with them to see if your data has been impacted. While investigations are ongoing, you should receive something called a data breach notification letter or email which alerts you to the risks.

If you don’t receive any notification, even after enquiring, you could raise the issue with the ICO.

Once you have this letter confirming that you may have been affected, you could contact a solicitor, like ourselves, to get legal advice on your position.

capita data breach 2023 compensation

Evidence That Could Help Support Your Claim

If you have suffered losses due to a personal data breach and meet the eligibility criteria to make a compensation claim, it is important that you can provide evidence of the data controller or processor’s failings. A personal data breach that places people’s rights and freedoms at risk must be reported to the affected data subjects without undue delay and to the ICO within 72 hours of discovery.

When you have been made aware that your personal data has been compromised in a breach, or when you suspect that one has occurred, there is action you could take. First, it is recommended that you contact the organisation. You may use any correspondence, such as emails and letters, for your potential claim.  

However, if the organisation does not provide you with a satisfactory response, or any response, you could then report the breach to the ICO. It is important to note that you do not need to do this to make a claim, and the ICO cannot award compensation. Although, if they investigate the report, you could use any findings that support your claim as evidence.

If you can provide evidence that your personal data was involved in a Capita data breach, please speak to one of our advisors regarding the next steps that you could take. 

Possible Compensation Payouts For A Data Breach

There are up to two types of damages for which you could receive compensation in a successful personal data breach claim; non-material damage and/or material damage. 

Non-material damage is the psychiatric harm resulting from the personal data breach, such as stress, depression, anxiety, and in some cases, post-traumatic stress disorder (PTSD). We have provided guideline compensation brackets that correspond to different types of mental harm in the table below.

To create this, we used the Judicial College Guidelines (JCG), which data breach solicitors can also refer to for help when valuing claims of this type.  

Compensation Table Of Guideline Brackets

This table is a guide only as each settlement will differ depending on the unique circumstances of your case.

Type of Harm Severity Details on this Harm Guideline Compensation Brackets
General Psychiatric Damage Severe (a) The prognosis will be very poor. The person will have marked problems with their ability to cope with daily life. £54,830 to £115,730
General Psychiatric Damage Moderately Severe (b) The prognosis will be much more optimistic than in the one above. The person will still have significant problems with their ability to cope with daily life. £19,070 to £54,830
General Psychiatric Damage Moderate (c) The prognosis will be good. The person will have made a marked improvement by trial. £5,860 to £19,070
General Psychiatric Damage Less Severe (d) The extent and length of time that sleep and daily activities were affected will be taken into consideration in this bracket. £1,540 to £5,860
PTSD Severe (a) In these cases, the effects will be permanent and have the impact of preventing the person from functioning anywhere close to the level they did before the trauma. £59,860 to £100,670
PTSD Moderately Severe (b) In contrast with the bracket above, the person will have a better prognosis for some recovery with the aid of a professional. £23,150 to £59,860
PTSD Moderate (c) The person will be largely recovered. If any effects continue, they will not be considered grossly disabling. £8,180 to £23,150
PTSD Less Severe (d) In 1-2 years, a virtually full recovery will take place. Persisting any longer will only be minor symptoms. £3,950 to £8,180

For more advice on the Capita data breach and compensation payouts in these types of claims, please get in touch on the number at the top of this page.

What Else Can Data Breach Compensation Payouts Include?

Furthermore, material damage is the monetary losses that you suffered due to the personal data breach. This could involve the following: 

  • Damage to your credit score
  • Money taken from your bank accounts
  • An impact on your credit score

However, you must provide evidence in order to pursue compensation for material damage. For example, you could obtain a copy of your bank records, evidence of your credit history and payslips. 

For advice on the compensation you could receive for a successful personal data breach claim, please speak to one of our team members. 

Make A No Win No Fee Data Breach Claim Today

If you’re eligible to seek compensation for material and/or non-material damage caused by a breach of your personal data, you could choose to work with a data breach solicitor. They may offer to work on your case on a No Win No Fee basis. There are different types of contracts that fall under this umbrella term. A popular type is called a Conditional Fee Agreement (CFA).  

This means your solicitor will not charge you for their services upfront or for the duration of time that your case is ongoing. What’s more, they generally won’t expect payment for these services at any time if your case is unsuccessful. 

Alternatively, if you make a successful claim, your No Win No Fee data breach solicitor can take a small percentage of the compensation, which the law caps. This is a success fee. 

Contact Our Team

If you have any questions regarding the steps you could potentially take after your personal data was involved in a Capita data breach, please speak to one of our advisors. 

You can:

Related Resources About The Capita Data Breach

To learn more about the capita data breach and compensation claims, check our these links below:  

Also, explore the following external pages: 

Thank you for reading our guide on the steps you could potentially take if your personal data was involved in a Capita data breach. A compensation claim could be possible, so if you have any questions, call our team on the number above.

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts