University Of East Anglia Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online


University Of East Anglia Data Breach Compensation Claims Guide

Have you been financially affected by a University of East Anglia data breach? If so, you may already be aware that you could claim compensation for such a breach. But did you also know that it could be possible to claim compensation for damage you’ve suffered emotionally too?

University Of East Anglia data breach claims guide

University Of East Anglia data breach claims guide

This guide gives you valuable information and insight into making data breach compensation claims against the University of East Anglia—provided you can prove the breach and harm caused—whether you have suffered psychological harm, financial losses or both.

We explain what a data breach is, how it could happen, and give examples of data breaches by universities that have already occurred.

We also explain the role of the Information Commissioner’s Office in enforcing data protection laws such as the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

In the sections below, we also offer some insight into using a solicitor to make claims for data breaches by the University of East Anglia, and how we could help you if you’re eligible to make a claim.

If you’d like to begin a claim or would like us to check your eligibility you can call our team any time on 0800 073 8804.

Select A Section

A Guide To Data Breach Claims Against The University Of East Anglia

There are a number of organisations that process and hold our personal information. If you are a student or member of staff at East Anglia University, you would expect that the university would take steps to protect the information they store and process on you.

But what happens if something goes wrong? There are many different ways in which your personal data could be breached, whether as a malicious attack on the university’s systems or a simple error by a member of staff.

If a University of East Anglia data breach means that a third party gets hold of your personal information, it could cause you financial harm and could have a detrimental effect on your emotional health too. If it breaches data protection laws, such as GDPR or the Data Protection Act 2018, for example, you may be eligible to make a compensation claim against the university for the breach of your personal data.

This guide has been put together to help you understand how to make data breach claims against the University of East Anglia—provided you can prove the breach and harm suffered. In the following sections, we explain how you could be affected by a breach, how the University of East Anglia could infringe upon your personal data and how much compensation you could claim.

We also explain in detail examples of how data breaches have affected universities, including a large data breach that occurred early in 2020 known as the Blackbaud hack. Finally, we explain how Legal Expert could help you fight for the maximum compensation for the effects an East Anglia University data breach has had on you.

What Is A University Of East Anglia Data Breach?

Just like all other organisations that hold, control and process personal data, the University of East Anglia must work to protect the security and privacy of that data. Whether they hold personal data relating to staff, students or alumni, they must adhere to GDPR (The General Data Protection) and the Data Protection Act 2018.

If they do not and a University of East Anglia data breach occurs, it could lead to a number of unwelcome consequences. But what constitutes a data protection breach, and how could it affect you?

What Is Personal Data?

According to the Information Commissioner’s Office (ICO), who enforces data protection law in the UK, personal data is information that relates to people who:

  • Could be identified from the information in question; or
  • Could be indirectly identified using the information, combined with other data

It could include people’s names, addresses, contact details, and online identifiers such as IP addresses and more.

What Is A Data Breach?

GDPR states that a data breach could include situations where a security incident occurs that breaches data integrity, availability, or confidentiality. It could include cases where data is:

  • Stolen
  • Lost
  • Made unavailable
  • Subject to unauthorised transmission, access, disclosure, processing, storage or alteration

How Could A University of East Anglia Data Breach Occur?

Data breaches could be accidental, or they could be malicious in nature. They could occur from inside or outside an organisation. Some examples of data breach causes could include:

  • A password attack
  • A malware/ransomware attack
  • A denial of service (DDoS) attack
  • An insider threat
  • An employee’s mistake
  • Lack of maintenance to computer equipment/software
  • Loss or theft of devices containing personal information
  • Phishing

What Consequences Could a Personal Data Breach Have?

Depending on the type of breach that has occurred, and whether the information has been lost, stolen, altered or made unavailable, a University of East Anglia data breach could cause a person to suffer in various ways, such as:

  • Identity theft – if a third party has enough of someone’s personal data, they could commit identity fraud and apply for finance in another person’s name
  • Loss of privacy – if someone gains access to sensitive information about a data subject this could cause a loss of privacy
  • Financial theft – if someone could gain access to financial information using stolen data, they could make purchases in another person’s name or take money from their bank account, for example
  • Emotional distress – the idea of someone having access to our personal data, whether they commit identity fraud or not could cause a person distress, anxiety and loss of sleep

If you have suffered harm because of data breaches by the University of East Anglia and can prove the breach and subsequent harm, and are wondering whether you could make a compensation claim, we’d be glad to assess your case to see if you could be eligible.

How Universities Have To Apply The GDPR

In March 2018 a new law came into force, known as the General Data Protection Regulation, or GDPR. Currently the strongest data security and privacy law in the world, it protects the personal data of all EU data subjects, no matter where in the world their data is stored or processed.

Organisations that control and process the information of EU data subjects must adhere to the overarching principles of GDPR, which include:

  • Accuracy
  • Purpose limitation
  • Storage limitation
  • Minimisation
  • Transparency, lawfulness, and fairness
  • Confidentiality/integrity
  • Accountability

What Happens If The University Of East Anglia Breaches GDPR?

If your data is breached, and you suffer harm because of it, GDPR allows you to claim for non-material and material damages caused by the breach. We could help you make such claims by providing you with a lawyer to help you. We’ll also provide more details on the two types of compensation below.

How The University Of East Anglia Was Affected By A Data Breach

The University of East Anglia has responded to a Freedom of Information request, as it must do under the Freedom of Information Act 2000, with regards to a cybersecurity incident known as the Blackbaud hack.

What Is The Blackbaud Hack?

In 2020, a university database service provider for UK universities was subjected to a ransomware attack, leading to a breach of many people’s personal data. If you’re wondering ‘How does a ransomware attack occur?’, this is where a hacker gains access to computer systems and demands a ransom for the information they have accessed and in some cases stolen. Blackbaud, in this case, paid the ransom and believed the data that was taken had been destroyed. However, the data had been subject to unauthorised access.

The information breached was said to include names, addresses, e-mail addresses, phone numbers, biographical information, educational information, IP addresses, and people’s engagement with the university.

While financial details did not appear to have been breached, the University of East Anglia cyber security team advised those affected to be mindful of phishing attempts that could be made against them and advised them to change passwords.


E-mail Personal Data Breach – 2017

Back in 2017, there was a University of East Anglia data breach that led to information regarding student health problems, personal issues and bereavements being sent to 298 people. The personal data breach occurred due to an e-mail being sent to American Studies students at the time, and it was thought that the data related to the circumstances of 191 undergraduates. Students were awarded more than £140,000 in compensation after the private data leak.


Whether you have been affected by either of these data breaches or another University of East Anglia data breach, if you can prove the breach and the impact it has had on you, we could help you to get the compensation you deserve for the harmful effects of a data breach.

University Data Breaches Statistics

Unfortunately, the two examples above are not isolated incidents. It was revealed in an article by IT Governance that in 2019, 54% of universities based in the UK had reported at least one data breach to the ICO. In addition to this, the article referenced a separate study whereupon 46% of university staff respondents were given no awareness training. In the same study, it was reported that only 51% of students had received security training.

Another worrying incident occurred when Jisc, an Internet Services Provider that services UK Universities performed tests on the security of university’s systems. Testers were able to access over 50 university’s data within the space of 2 hours.


Cybersecurity Incidents

There are a number of threats to the security of data held and processed by UK universities. These could include:

  • Malware & viruses – dangerous software and code could be used on university computer systems, which could lead to theft, loss, alteration or other violations of the privacy of personal data
  • Information theft – If an unauthorised user were to gain access to a university’s system, they could not only steal personal data but also valuable research information
  • A keystroke recorder – Recording keystrokes of authorised users could lead to an unauthorised user gaining access to university systems
  • Ransomware – A ransom could be demanded for the return or destruction of stolen data
  • Phishing – if users are sent e-mails directing them to fake websites, set up to look legitimate, whereupon they enter their login information, an unauthorised person could gain access to their accounts, leading to a cloud data breach or a breach of personal data held on a server.
  • Password attack– If someone guesses an authorised user’s password, this could also lead to them being able to access a system they were not authorised to use
  • Denial of service – these types of attack leave authorised users unable to access their data.

Whether you’ve been harmed by a University of East Anglia data breach relating to the threats above, or other types of data breaches, we could assess your eligibility to claim compensation for the harm that a breach has caused you. If you can evidence the breach and the harm inflicted, then we could help you with a claim.

What The Victim Of A Data Breach Could Be Compensated For

We have already mentioned the types of harm that you could suffer from a University of East Anglia data breach. GDPR allows people whose data has been breached to claim compensation for both material and non-material harm.

What Is Material Harm?

Material harm refers to the quantifiable financial impact of a data breach. It could include money that has been stolen from you, or the value of fraudulent purchases made in your name, for example.

What Is Non-Material Harm?

Non-material harm is more difficult to put a value to. It could refer to a loss of privacy, anxiety, depression, stress and loss of sleep, for example.

Can I Really Claim For Psychological Harm?

A legal precedent was set in a case from 2015. In Vidal-Hall and others v Google Inc [2015] – Court of Appeal, a judge addressed the subject of psychological harm caused by a breach of someone’s personal data and said that compensation for such injuries could be considered. Therefore, victims of a data breach that have suffered psychological injury as a direct result of the breach could claim compensation for it—even if there is no financial damage.  

University Of East Anglia Data Breach Compensation Calculator

When it comes to the calculation of a University of East Anglia data breach payout, there are various things that could be considered. The financial impact of a breach could be relatively simple to calculate, and this could be evidenced by way of bank statements, credit cards statements and other financial documentation.

Calculating a payout for psychological harm would involve claimants attending a medical assessment with an independent expert, who could review any medical notes, talk to the claimant about their suffering and write up a report containing details of the injuries the claimant has suffered and their prognosis.

Psychological Injuries And Compensation

Below, we have put together a table to give you some idea of how much compensation could be appropriate for Post-Traumatic Stress Disorder and general psychological injuries caused by a University of East Anglia data breach. We find this more reliable than the likes of a personal injury claim calculator, which can sometimes produce misleading results.

The guideline amounts are taken from the Judicial College Guidelines. This is a publication that is updated annually and could be used by lawyers and the courts to arrive at appropriate compensation settlements.

Injury Approx Compensation Guide Level Of Severity
Post-traumatic stress £56,180 to £94,470 Severe
Post-traumatic stress £21,730 to £56,180 Moderately severe
Post-traumatic stress £7,680 to £21,730 Moderate
Post-traumatic stress Up to £7,680 Less severe
General psychiatric damage £51,460 to £108,620 Severe
General psychiatric damage £17,900 to £51,460 Moderately severe
General psychiatric damage £5,500 to £17,900 Moderate
General psychiatric damage Up to £5,500 Less severe

How Do I Find The Right Data Breach Solicitor?

You may be quite surprised to learn that it isn’t a legal requirement for you to have a solicitor in order to make a University of East Anglia data breach claim. You could go ahead and complain to the organisation and ask them for compensation directly. You may also wish to complain to the ICO if you receive no response from the university, or you do not believe their response is satisfactory.

However, using a solicitor to make data breach claims against the University of East Anglia may be preferable to you. You could then benefit from:

  • Your lawyer’s ability to ensure action is taken before the relevant limitation period is breached (limitation periods include 1 year for a breach of someone’s human rights and 6 years for breaches of data)
  • Not having to take on the legal legwork yourself
  • Your lawyer’s ability to put the strongest case forward for compensation and handling negotiations on your behalf
  • Your lawyer’s ability to ensure you claim for everything you are eligible for

Finding a solicitor who could do all this for you is easy when you call the team at Legal Expert. Our knowledgeable, experienced advisors will be able to answer any questions you might have about the claims process and can check your eligibility to claim for free. If they believe your case could result in compensation, they could offer to provide you with a Legal Expert data breach solicitor to help you with your claim.

Why Legal Expert?

We recognise that there are lots of firms out there that offer similar services. However, we truly believe we could help you claim the maximum compensation for the harm you’ve suffered due to a University of East Anglia Data breach. We have, after all, years of experience assisting claimants with a variety of compensation claims.

We have been very successful in gaining claimants the compensation they deserve, as you can see from the reviews that previous clients have left for us.  Our solicitors all work under No Win No Fee terms too, so you would not pay them any fees until such time as your payout had been arranged. We’d be happy to help you with your claim, so why not get in touch?

No Win No Fee Data Breach Compensation Claims Against The University Of East Anglia

No Win No Fee claims are something we offer as standard. We believe this opens the door for claimants in any financial situation to obtain professional legal assistance without having to pay upfront for it. These claims generally follow the below process:

  • Your lawyer sends you a No Win No Fee agreement, also known as a Conditional Fee Agreement, asking you to sign and return it. Within the document are details of a small success fee that you would only have to pay if your case results in compensation. The fee is capped and is usually detailed as a percentage of your compensation.
  • When you have returned a signed agreement, the lawyer can start working on your claim, building a strong case and negotiating a payout on your behalf.
  • Once your payout has been arranged, the success fee would be deducted from it; and the rest would be for your benefit.
  • If no compensation payout was achieved, you would not need to pay the success fee, nor any other fees your solicitor has incurred in pursuing your case.

We have produced a guide relating to these payments terms, which you can read here. If you have any questions about No Win No Fee claims, you could also call us for further information. We’d be glad to help you.

Speaking To A Data Breach Claim Solicitor

Ready to talk to us about your University of East Anglia data breach claim? Whether you have further questions or are ready to get started and need a lawyer, it’s easy to get in touch:

Specialist Claim Resources

SAR (Subject Access Request) – You can make a subject access request from any organisation that has your data.  This ICO resource shows you how.

Reporting Breaches Of Compliance – You can find out more about information compliance reporting for organisations via this link.

Personal Data Concerns – If you have any concerns about how your personal data is being used, this link could be useful.

Loss Of Data – This guide offers some insight into whether you could claim for a loss of your personal data.

My Employer Breached My Data – Have you suffered a personal data breach because of your employer? If so, this guide may be of use to you.

Stress Caused By Data Breaches – You can read more about how data breaches could cause stress and what you could do about it here.

Other Useful Compensation Guides

Thank you for reading our guide to the University of East Anglia data breach claims. We hope you’ve found it useful.

Guide by Jeffries

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts