We've been featured in:

  • bbc logo
  • daily mail logo
  • itv logo
  • skynews logo

My Data Has Been Breached, What Can I Do?

Updated 9th May 2025. Many people are concerned about what course of action they should take if their personal data has been breached. You may ask, “what should I do if my data has been breached?” This article has been written to answer that question.

A white keyboard with a single red key reading "attack."

We understand that it can be confusing when it comes to figuring out what your next step should be after a data protection breach takes place. That’s what our advisors are here for; to help you better understand the process of making a claim for compensation due to the psychological or financial impact of your personal information being breached.

So, get in touch today. By speaking with us directly, you can receive guidance and advice that is specific to your circumstances. We may be able to put you in touch with our solicitors if you have a legitimate claim. Read on for more information.

Choose A Section

  1. Start By Finding Out If You Were Affected
  2. How Do You Check If Your Data Has Been Breached?
  3. Secure Your Information Or Data
  4. Check For Any Updates About The Data Breach
  5. How Else Can You Protect Yourself In The Future?
  6. My Data Has Been Breached, How Much Could I Claim?
  7. No Win No Fee Data Breach Damages Claims
  8. My Data Has Been Breached, How Do I Contact A Solicitor?
  9. Where Do I Learn More?

Start By Finding Out If You Were Affected

If you’re wondering, “should I investigate myself if my data has been breached?” the answer, is yes, if the organisation hasn’t informed you of a data breach yet. Such an organisation could be a data controller or a data processor. 

Data controllers are organisations that decide why and how your personal data will be used. Data processors are organisations that are sometimes used to process personal information on behalf of the data controller.

Personal data or personal information is anything that can be used to identify you, such as your name or bank details.

A personal data breach occurs when a security incident leads to personal data being unlawfully:

  • Lost
  • Disclosed
  • Destroyed
  • Altered
  • Accessed

This can be accidental or deliberate.

The organisation should advise you of a data breach if ir risks your freedoms and rights. However, they might not always be aware of the breach. 

You should also check for yourself whether or not the data protection breach has affected you. For example, a data controller may have had access to your banking information for official purposes. If this information has been accessed or distributed unlawfully then this could lead to your finances being compromised. You may need to check your bank account, and also get in touch with your bank to see if there has been any suspicious activity.

However, it is not only a financial impact that could lead to you making a claim. You may also be affected in other ways. If you have suffered mentally due to health concerns such as depression or anxiety related to your personal information being breached, you could also be compensated for this.

It’s important to remember that you need to have suffered financial or psychological harm as a result of the data breach. You cannot be compensated if you have not been affected by your information being breached.

You also need to show that the data controller or data processor’s positive wrongful conduct caused the data breach. For example, they may not have trained staff properly in data protection. Alternatively, they may not have used online security measures to protect your personal data.

How Do You Check If Your Data Has Been Breached?

If you’re concerned that a data breach has happend, you should contact the organisation involved. If they don’t provide you with a satisfactory response, you could contact the Information Commissioner’s Office (ICO). This is an independent UK body that is responsible for imposing financial penalties on organisations responsible for the mishandling personal data under legislation such as the UK General Data Protection Regulation (UK GDPR).

They could investigate the matter for you. However, you’d need to contact them within 3 months of the organisation’s final unsatisfactory response about the potential data breach. Waiting longer than this can affect the ICO’s decision on the issue. 

Secure Your Information Or Data

If your personal data has been breached, it’s advised that you take measures to prevent it from happening again. It’s important to secure your data. Some steps you could take include:

  • Contacting your bank to freeze your payment cards (csuch as a debit card or a credit card)
  • Change your login details (such as your password and/or email address)
  • Check bank statements to make sure there are no unauthorised charges on your account

Check For Any Updates About The Data Breach

It’s important to make sure you keep an eye out for any developments regarding the incident that led to the data protection breach. Initially, you may not be affected by the events. 

However, it’s possible that as time goes on, your details may turn out to have been included in the information that was breached.

It’s important to stay vigilant in the period of time after finding out about the data protection breach.

How Else Can You Protect Yourself In The Future?

Use caution when people are asking for your personal information. Whoever is asking may seem like a reputable source. However, it’s possible that they’re mimicking a respected organisation in order to access your data. This is known as phishing.

Additionally, it’s generally advised to use strong passwords. This means using a string of characters rather than words that have special meaning to you. These can be easier to guess or work out.

Using the same password for various accounts can also lead to your security being comprised. It’s better to use more than one password. If possible, it can help to use a unique password for each account. 

My Data Has Been Breached, How Much Could I Claim?

Now that you know more about what to do if your data has been breached, let’s talk about how much compensation you could claim. Data breach payouts can be split into two heads, which cover:

  • Material damage: These are the financial losses you’ve suffered as a result of the data breach
  • Non-material damage: These are the psychological injuries you’ve suffered as a result of the data breach

When non-material damage compensation is calculated, the professionals working on the claim may reference the Judicial College Guidelines (JCG). This document is used to help calculate payouts because it provides guideline compensation brackets. You can take a look at some examples of these in the table below, but keep in mind that these are not guaranteed amounts, and that the first entry in this table is not from the JCG.

Awarded ForDescriptionAmount
Multiple instances of severe harm and financial lossesSevere harm + financial losses, like special damagesUp to £250,000+
Psychiatric damage(a) Severe£66,920 to £141,240
Psychiatric damage(b) Moderately severe£23,270 to £66,920
Psychiatric damage(c) Moderate£7,150 to £23,270
Psychiatric damage(d) Less severe£1,880 to £7,150
Post-traumatic stress disorder (PTSD)(a) Severe£73,050 to £122,850
PTSD(b) Moderately severe£28,250 to £73,050
PTSD(c) Moderate£9,980 to £28,250
PTSD(d) Less severe£4,820 to £9,980

Material damage compensation is calculated by assessing your current and future projected financial losses caused by the data breach. For example, if you lost out on earnings because you had to take time off work to recover from the psychological effects of the data breach, then you could claim these back under this heading.

It can also help you cover the cost of things like relocation, counselling, and prescriptions to help you deal with the effects of the breach.

If you’re still looking for the answer to the question “My data has been breached, what can I do?” we suggest that you contact an advisor from our team. Or, you can keep reading to learn more.

No Win No Fee Data Breach Damages Claims

You may be hesitant to make a claim for a breach of data protection because of the cost of hiring a solicitor. However, our solicitors work on a No Win No Fee basis for all claims they accept. 

An arrangement such as this means that you are not responsible for paying your solicitor their fee if your claim is unsuccessful. You only have to cover their fee if you are awarded compensation. Their fee is a small percentage that’s taken from your settlement. This percentage is capped by law. 

Under a No Win No Fee agreement, you can also benefit from:

  • No ongoing solicitor fees
  • No upfront solicitor fee

My Data Has Been Breached, How Do I Contact A Solicitor?

Get in touch today and we can let you know whether or not you may be able to make a No Win No Fee claim. You can also read the reviews on our website left by previous clients.

If you are one of the people asking, “my data has been breached, do I have a claim?” then we are here to help.

 Where Do I Learn More?

If you’d like any more information on what you could do after your personal data has been breached, get in touch.

Written by Bibby

Edited by Victorine

Meet The Team

  • Patrick Mallon legal expert author

    Patrick Mallon (BA, PgDl) is a Grade A personal injury solicitor and head of our EL/PL department, which handles accidents at work and public liability claims, such as slips, trips and falls. He qualified in 2005 and has over 20 years of experience. Patrick is an expert No Win No Fee lawyer and well-known for his successful case, Billie Mae Smith v McDonalds. You can learn all about Patrick, his qualifications and his experience as a solicitor here. Get in touch today for free to see how Patrick and the team can help you.

    View all posts Personal Injury Solicitor