Santander Data Breach Compensation Claims Experts

100% No Win, No Fee Claims

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Santander Data Breach Compensation Claims Guide

By Mark Ainsdale. Last Updated 24th March 2024. Welcome to our Santander data protection claims guide. If you’ve been the victim of a Santander data breach and it has caused you financial or psychological harm, you may be able to make a personal injury claim against the bank — if you can prove the breach and harm caused. 

This guide has been created to give you information on how to go about doing so. Here at Legal Expert, we could provide you with a solicitor who could help you claim for the emotional distress caused by a Santander Bank data breach, as well as helping you claim compensation for the financial harm the breach may have caused you.

Whether data protection laws have been breached due to a cyber attack, hacking, or another type of security breach, our No Win No Fee solicitors could take your case to Santander and fight for compensation on your behalf without you having to pay upfront to begin your claim.

To check your eligibility to make a Santander data breach claim or to learn how to claim with one of our solicitors, you can call us free on 0800 073 8804.

Santander data breach claims guide

Select A Section

A Guide To Data Protection Breach Claims Against Santander Bank

A huge amount of our personal data is held by a variety of companies these days, and we would expect, since the introduction of the General Data Protection Regulation (GDPR), which was enacted into our legal system via The Data Protection Act 2018, our data to be protected and held securely. 

We would also expect those companies that hold our data to ensure that their IT systems are robust enough to prevent cyber attacks and hacks that could breach our personal data. If you’ve been the victim of a Santander data breach, however, you’ll be aware that this does not always happen.

How Common Are Data Breaches?

The Cyber Security Breaches Survey 2020 has revealed that a staggering 46% of businesses have reported cyberattacks or data security breaches within a twelve-month period. Large and medium-sized businesses have reported the highest number of breaches. So, it’s not uncommon for these breaches to happen to major organisations. And if you happen to suffer a breach, such as a Santander data protection breach, you could claim compensation.

Could I Claim Compensation For A Santander Data Breach?

Claiming compensation for the financial harm caused by a breach by Santander online banking or through any other Santander system may be something you’re aware you could do. But are you aware that you could also claim emotional distress caused by a breach of your personal data?

This guide has been created to guide you on making a compensation claim for both financial and emotional harm caused by a Santander data protection breach. We explain what constitutes a breach of customer data, how such a breach could happen, and what you could do if you think your personal data has been breached.

It is worth mentioning that there are certain restrictions for making a data breach claim. One of these is the time limit for making such claims, which is 6 years or 1 year if it involves a breach of your human rights. 

Whether you’re ready to make a claim or not, the information below could help you decide whether or not you could be eligible for compensation. If you’d like to ask us any further questions after reading this guide or would like us to provide you with a solicitor to help you claim, you can call us at any time.

What Is A Data Breach Claim Against Santander Bank?

Our personal data was previously protected by the Data Protection Act 1998 (DPA). This has now been updated. Currently, your data is protected by the Data Protection Act 2018. This update was made to align UK laws with the General Data Protection Regulation (GDPR).

GDPR states that a data breach is the disclosure, access, alteration, loss, theft or destruction of personal information by unapproved means. Such breaches may be accidental, or they may have been deliberate or malicious. The person/entity that breached your data may have been inside or outside the organisation that held such data.

How Does The GDPR Affect Financial Services?

GDPR came into force in 2018 and contained page upon page of data privacy and security requirements for any business holding customer’s personal information. It gave data subjects certain rights, including:

  • The right of access to their data
  • Having the right to be informed about their data
  • The right to the erasure of their data
  • Having the right to rectification of their data
  • The right to restrict processing of their data
  • Having the right to data portability
  • Rights relating to profiling and automated decision making

The data they hold about customers could include extremely sensitive financial information when it comes to financial institutes. Therefore, it is of the highest importance that they hold such information securely, do not process it without consent, and consider data protection when designing every aspect of their processes. They must also have robust systems in place to notify customers of data breach events. Otherwise, the organisations could find themselves as the defendants in compensation claims. And if a data breach happens involving Santander customers, you could look at filing a Santander data protection claim.

Data Protection Breach Claims Against Banks And Financial Services Institutions

Unfortunately, despite many financial institutions having strict controls on the access and security of personal information, sometimes data breaches happen.

For example, in 2018, Santander and Barclays had to replace thousands of customers’ cards when British Airways had a data breach. It resulted in thousands of BA customers having enough of their details hacked for fraudsters to make telephone or online purchases using their details. Around 380,000 transactions were thought to have been made over a period of around 2 weeks. The ICO fined British Airways £20m for the breach.

There was also reported a Santander data breach in 2020 across three states in the USA due to a phishing attack that exploited a glitch in ATMs, allowing for more money than was held in bank accounts to be withdrawn. This article goes into further details about one Santander data protection situation due to a hacker scam.

How A Bank Could Breach Your Data Privacy?

There are several ways in which your data privacy could be breached by a financial institution, including those listed below: 

  1. If your data is accessed by an unauthorised third-party
  2. Deliberate action or inaction by a controller or processor of your data
  3. An accidental action or inaction by a controller or processor of your data
  4. Sending your personal data to an incorrect recipient
  5. The loss or theft of computing devices containing your personal information
  6. Any alteration of your personal data without your consent 
  7. The loss of availability of your personal data

Any of those situations could constitute a breach of data protection regulations. If you can prove the breach and how it caused you either material or non-material harm, you could have grounds for a Santander Bank breach compensation claim. Get in touch with our team to find out more.

Do I Need To Report A Bank Data Breach To The ICO?

If you have been the victim of a Santander data breach, you could choose to report this to the ICO.  However, the ICO advises that you take steps to report the breach of personal data to the organisation that holds your data. The instructions for doing so, on the ICO website, are to:

  • Report the breach quickly
  • Make sure the report is sent to the right address
  • Ensure it is specific as to what data you believe has been breached
  • If you know how your data has been breached, you should include this information
  • Ensure that you include details of how you have been affected by the breach of your personal data
  • Ask the organisation to investigate

If you don’t receive a response within a reasonable time or the response is inadequate, you could then report your case to the ICO. However, it would be wise to do so within a minimum of three months of the data breach, as the ICO wouldn’t ordinarily investigate matters that have not been brought to its attention promptly.

However, reporting a Santander data breach would not affect any compensation claim you were making against the bank. Therefore, you could seek legal advice if you are considering claiming a data breach, whether the matter has been reported to the ICO or not. Our team are standing by to take your call if you’d like to find out more. And we can advise you how to react if you have conclusive evidence of a Santander data protection breach.

What To Do If You Were The Victim Of A Data Breach

There are certain steps you might wish to take if you believe you have been the victim of a data breach and report the breach of data to the organisation and the ICO where appropriate.

Firstly, you may want to secure your data as much as you can. This may mean changing passwords and stopping your bank cards, for example.

You may also want to check whether anyone has attempted to access your financial accounts or apply for credit in your name. You could also contact CIFAS if someone has attempted to access your accounts or has committed fraud in your name. And you could also get legal advice to see if you could claim the harm you’ve suffered due to a Santander data breach.

Could I Claim Compensation For A Santander Data Breach?

GDPR gives any person who has suffered material or non-material harm the right to claim compensation from an organisation that has breached data protection regulations. You could claim for:

  • Loss of privacy
  • Financial losses
  • Emotional distress

The amount of compensation you could receive for such a claim could depend on the severity of the breach and how it has affected you. You could claim if you’ve been harmed because:

  • Someone sold your data.
  • Identity theft occurred as a result of the breach
  • Your financial accounts were accessed, and money was taken
  • Also, your details were used to apply for financial products fraudulently
  • You suffered anguish and anxiety or had trouble sleeping due to the data breach

If you’re unsure as to what you could claim for, we could help. If you call our team of expert advisors, we’ll assess your case for free to see whether you could claim and what you could claim for. We could then provide you with a lawyer to help you make your claim.

Calculating Damages For Data Protection Breaches By Banks

Calculating damages for a Santander data breach would depend on the type of harm you had suffered. While a claim for financial harm could recompense you for the financial damage you’ve suffered as a result of a data breach, you could also claim compensation for anxiety, depression or emotional distress you’ve suffered too.

There is, in fact, legal precedent on this matter. In one specific case, Vidal-Hall and others v Google Inc [2015] – Court of Appeal, the judge addressed the matter of compensation in cases where a breach of personal information had caused psychological or psychiatric injuries. He stated that such damages should be considered. But how much compensation is claimable in cases of psychiatric or psychological damage?

The amount of compensation you could receive for such injuries would usually depend on a psychological assessment conducted by an independent medic. The resulting report could be submitted as evidence of the harm you’ve suffered, as well as detailing your prognosis. Your compensation for the harm you’ve suffered could then be calculated.

We look to the Judicial College to illustrate how much compensation could be achievable in such cases. The table below contains figures taken from this publication to give you insight into how much such injuries could be worth.


Injury Notes Compensation Bracket
Psychiatric Damage – General Severe cases that led to a marked effect on the injured party’s ability to cope with work, life and education. It could also affect their relationships and leave them more vulnerable to future risk of harm. In cases in this bracket, medical assistance would have been sought but the prognosis would be really poor. £51,460 – £108,620
Psychiatric Damage – General Moderately severe cases where the above effects are experienced to significant effect but the prognosis is more optimistic. £17,900 – £51,460
Psychiatric Damage – General Moderate cases where problems associated with the more severe cases could present but there would have been marked improvement and a positive prognosis. £5,500 – £17,900
Psychiatric Damage – General The person’s ability to sleep and carry out usual daily activities would be assessed when calculating awards in this bracket as well as how long the person has suffered for. Up to £5,500
Post-Traumatic Stress Disorder Cases where the injured party is severely affected permanently. They would not be able to function to the level they did before trauma. All aspects of their life would be affected. £56,180 – £94,470
Post-Traumatic Stress Disorder Moderately severe cases with a more positive prognosis than above but significant disability that would go on for the foreseeable future. £21,730 – £56,180
Post-Traumatic Stress Disorder Moderate cases where for the most part, the injured party would have recovered but still retained some symptoms, although not grossly disabling. £7,680 – £21,730
Post-Traumatic Stress Disorder Less severe cases where there has been a virtually full recovery between one and two years. Up to £7,680


If you cannot see your injury above, it may be a good idea to call our team to help ascertain what level of compensation you could claim. And remember that you must have strong, undeniable evidence to support your compensation claim after a Santander data protection breach. 

How To Claim Compensation If Your Bank Breaches Your Data Privacy

To claim compensation if your bank breaches your data privacy, you would have to prove that:

  • Your bank breached your data.
  • The breach of data caused you material or non-material harm
  • You were claiming within the time limit for your type of claim.

So, you could approach the company yourself, reporting the breach and asking them to launch an investigation. You could also let them know how the breach has affected you, both in terms of financial effects and effects on your stress levels, mental health and sleep.

If the results of the Santander investigation do not include offering you compensation for the data breach, you may wish to get legal advice, as you would have the legal right to claim if there was a security breach and your data protection suffers a breach that causes you harm.

How A Specialist Data Protection Solicitor Or Lawyer Could Help You

You could go ahead with a Santander data breach compensation claim alone, but having an experienced legal professional well-versed in data breach law could not only take the hard work of making such claims from your shoulders, but it could also help maximise your compensation payout.

Finding a lawyer to help you with such claims is something we’d be only too happy to do. At Legal Expert, we’ve been helping people claim compensation for a wide variety of cases for many years, and we believe our track record speaks for itself; you can read our reviews here

Our friendly, knowledgeable advisors are on hand to talk you through the claims process and answer your questions about making a claim. We could also assess your eligibility to claim, free of charge and without obligation to use our services. 

If we believe you could be eligible for data breach compensation, we could provide you with a solicitor to help build a strong case against Santander and fight for the maximum compensation possible.

No Win No Fee Data Protection Breach Claims Against Santander Bank

If you would like to claim a Santander data breach, you might prefer to do so with a No Win No Fee lawyer. Claims under these terms require no upfront payment to your lawyer. Instead, you would sign a Conditional Fee Agreement, which would detail the small success fee you’d pay if your claim was a success.

The success fee, by law, has a legal cap. It represents a small proportion of your payout and will cover your solicitor’s costs. It is only payable if your case wins, and we can arrange compensation for you. If your case were to fail, you would not pay the success fee or any costs incurred by the lawyer while they were pursuing your data breach claim.

If you would like to work with a No Win No Fee lawyer from Legal Expert as a Santander fraud victim, or because you have been emotionally harmed due to a Santander Bank data breach, or you have any questions about launching a No Win No Fee claim, the Legal Expert advisors would be happy to talk to you. And we can also explain what evidence you must provide for a Santander data protection claim.

Data Breach Statistics

When we talk about data breaches, we do so with the idea that data breaches hopefully happen irregularly. Unfortunately, though, these sorts of events do happen very often. And that isn’t just speculation or estimations; this is using data courtesy of the Government. So, the Government’s cyber security breaches survey for 2021 suggests a large percentage of companies in this position. More to the point, around 39% of businesses, meaning almost four in ten, would suffer a data breach in 2020/21. Bear in mind that this is just a snapshot for one year. So, many other companies may have previous histories of data breaches.

Now, these companies comprise a variety of sectors, though the majority are medium-level and large-scale organisations. That is due to the value of their customer data to the hackers. Whilst in possession of this critical personal information, they could create psychological terror for victims in return for a ransom. And not just from customers. Indeed, the major organisations are willing to buckle to avoid negative headlines and, worse, a loss of customer trust. Hence why these hackers are willing to act with criminal intent in this manner. And as the statistics suggest, this happens far too often. But from reading this guide, you now know how you can claim compensation if you’re a victim of this.

Make Your Data Breach Claim

If you’re ready to make a Santander data breach claim, we’re ready to help you. If you’re not sure whether you’re eligible to claim, we could answer your questions and check your eligibility for free. You can contact us in a variety of ways, including:

Data Breach Resources

General Information On Data Breach Claims – This guide talks you through data breach claims in general terms.

No Win No Fee – This explains No Win No Fee claims in more detail, including an explanation of how you could benefit from claiming these terms.

Council Data Breach Claims – You can find information on making data breach claims against the council.

ICO Information – Be Data Aware – The ICO has created an article informing people how their data could be used.

Actions Taken By The ICO – You can read about the ICO’s action to enforce data protection regulations.

Personal Data Breach – Here, you can find out more about how organisations should respond to reports of a personal data breach.

Other Useful Compensation Guides

Santander Data Protection FAQs

How much compensation can you get for a data breach?

This could range anywhere from £1,000 to around £42,900.

Who do I contact about a data breach?

The best people to contact would be the Information Commissioner’s Office (ICO).

How do you claim a data breach?

You would contact both the company in question and the ICO before taking it to a small claims court.

Can I sue if there is a leak of my data?

Yes, because you don’t know what could happen once somebody has your data without your permission.

What happens if someone breaks the Data Protection Act?

In most cases, the perpetrator would pay a fine, though it depends on the severity of the breach.

Is a breach of GDPR a criminal offence?

Yes, passing the Data Protection Act 2018 would make an intentional GDPR breach a criminal act.

What are the main offences of the Computer Misuse Act?

These are having unauthorisable access to computer contents with the intent to cause a crime due to reckless handling of this data.

What is the punishment for breaking the Computer Misuse Act?

In severe cases, it could mean 10 years in prison and a significant fine.

Thank you for reading our Santander data protection guide.

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts