Welcome to our guide on bank data breach claims. Imagine the horror of putting your cash card into the ATM machine only to discover your bank account has been cleared out. Bank account data breaches can cause exactly this scenario. What do you do next? How could this money be reclaimed and will it happen again now that criminals have gained access and hacked your details?
Data breaches in the banking sector can devastate the lives of ordinary people. A simple act of negligence on the part of a bank employee or data processor could expose your personal bank details to online criminals actively seeking opportunities to exploit them. This article explains what you can do about a bank data breach that has caused you financial loss or emotional or psychological suffering.
Our data breach lawyers could help you build an accurate case for compensation. At Legal Helpline we offer an introductory service to data breach solicitors with over three decades of experience. They could help you on a No Win No Fee basis to do something right now about your loss of money and ruined peace of mind. Why not get in touch to discuss what happened and see how our advisors can help.
- Call us on 0161 696 9685
- email or write to us at Legal Helpline
- use the ‘live support’ option, to the bottom right of this screen for instant legal help
Select A Section
- A Guide On Bank Data Breach Compensation Claims
- What Is A Bank Data Breach Claim?
- What Is Data Sharing With A Third Party?
- Enforcement Action Taken By The Authorities For Banking Data Breaches
- Calculating Bank Data Breach Compensation Amounts
- Types Of Compensation Awarded For Bank Data Breaches
- What Is The Information Commissioner Responsible For?
- No Win No Fee Bank Data Breach Compensation Claims
- How Could A Data Breach Solicitor Help You?
- How To Claim For A Banking Data Breach
- Speak To Our Team
- FAQs On Bank Data Breach Claims
- Where To Learn About Data Breach Claims
In 2018 a new law called the General Data Protection Regulation (GDPR) was passed concerning the rights of consumers over their personal data. This was enacted into UK law by the Data Protection Act 2018. It was brought in to acknowledge how the internet had transformed communications and information sharing, but how this had also given rise to a whole new type of criminality and data sharing abuses. Anyone who has ever received a deluge of spam emails knows how out of control this problem was becoming.
Cybercrime, hacking, phishing scams, and malware viruses are all ways in which online gangs can penetrate banking security systems and access private information for fraudulent use. As the unwitting victim on the receiving end of this, you may only discover you have been the victim of a data breach when it’s too late. What can you do?
Banks and building societies have a legal duty of care to protect your data. Failure to do this because of human error or flawed security systems can make them liable for your loss. Furthermore, certain changes in the law have made it possible for the victims of a bank data breach to claim compensation for both financial loss and emotional anguish.
Anyone who can collect the right evidence could work with the data breach solicitors on our panel to obtain compensation from the bank in question for their failure to protect your private data. We include a table below to show you how one aspect of your compensation for mental suffering could be calculated. Combined with proof of financial loss, you could receive a significant compensation amount back in your bank account.
Firstly, what exactly is a bank data breach and why are they so concerning? It’s important to remember that banks have always had a responsibility to safeguard our personal financial information from criminal activity. GDPR rules merely strengthened our rights to hold them to account for breaches.
Banking security software and procedures are possibly the most rigorous in any industry sector because of this. But mistakes can still happen that result in people being traumatized and stolen from.
Under GDPR, breaches of data are classified in the following ways:
- Anything that leads to the accidental or unlawful loss, alteration, destruction, unauthorised disclosure of, or access to personal data and the way it is stored, transmitted, or otherwise processed.
It is recognised that there are two main parties that have a responsibility to uphold this duty of care called ‘controllers’ (those who have our data) and ‘processors’ (those who handle the data). The latter can be either an internal or outside agency. Both have strict requirements now under GDPR for how they handle our information.
The Information Commissioner’s Office
The body that has the authority to regulate GDPR breaches is called the Information Commissioner’s Office (ICO) and they have some far-reaching powers to enforce and uphold GDPR duty of care expectations from controllers and processors, such as:
- Absolute transparency, fairness, and lawful handling of data
- Clearly stated purposes for use of the data
- Data collection kept to a minimum and only for those clearly expressed purposes
- Emphasis on data accuracy and regular updating
- Storage limitation – retaining the data for only the appropriate length of time
- Integrity and confidentiality at all times with other peoples’ information
- Accountability. The prompt admission of errors or attacks.
Clearly, procedures like this are essential when handling the personal financial details of millions of people. Human error can be a major source of bank data breaches and in addition, they are under fairly constant attack from hackers and online criminals. But this does not mitigate their responsibility. For example, some typical scenarios that could lead to a bank data breach that affects you are:
- Private information being left on an open computer screen
- Data inputting errors
- Statements or pin numbers sent to the wrong address
- Paper copy information left lying around
- Public conversations amongst staff
- Social media shares or posts that inadvertently disclose something
- Loss of USB sticks, laptops, or smartphones
- Unauthorised access to financial information for unlawful or trivial reasons
We trust banks with our money and expect them to handle their procedures properly to avoid us falling victim to fraud. If this has happened to you, speak to our advisors now to see how you could start your claim for compensation with a data breach solicitor from our panel.
Data sharing happens all the time. It’s an important part of modern communications and banks would not be able to function properly without this freedom. The key point to sharing data is our permission, and GDPR came about in response to the amount of data sharing that was happening without our pre-given consent.
As you use the internet today you will see nearly every reliable site asks for your ‘cookie’ preferences or permission to use your data.
Whilst this may seem irritating and distracting, it’s actually an important opportunity for you to have more control over how your information is shared and disseminated to third parties. Rather than simply clicking the ‘I agree’ button to make it go away, take a moment to see who wants your information and why. You might be glad that you did.
However much care we may take, the unauthorised sharing of our details with third parties still happens and it can lead to much disruption in people’s lives. Any reputable bank would never entertain the idea of selling on details or sharing them for marketing purposes. But it’s important for us to take as much control over our data as we can too.
The ICO takes data breaches very seriously. In recent years, they have issued massive fines to companies who have ignored or minimised the importance of proper data handling from high street pharmacists who left patients’ notes outside in an unlocked container, a ticket vendor who received a £1.25 million fine, to the intrusive sales techniques of a birthing and parenting services provider. Banks are no different and ICO fines can be as high as £17.5 million or 4% of the previous year’s turnover. In a global bank that’s a formidable amount.
When a data breach has happened, the company in question has a legal responsibility to inform you within 72 hours. In some instances, the company may not know the breach has occurred until some time after, but this would be unlikely with a financial institution normally vigilant for such risks.
In most cases of serious involvement, the bank will always contact you. However, If they think the breach doesn’t implicate you they may not, But you still have options. You can write about your concerns to them and await a response. If there is no meaningful communication within a three-month period, you can ask the ICO to step in and investigate on your behalf. It’s important to not delay your response as after the three-month period the case will be deemed either resolved or too trivial.
This is also exactly the right time to consider hiring a No Win No Fee data breach lawyer. They can look at the impact of the data breach on your life in detail. They could help you collate the relevant medical and financial proof to build a claim for compensation from the bank for their error.
If you’d like help with finding suitable legal representation, get in touch with our data breach claims advisers. They’ll assess your case for free, without any obligation on your part to proceed.
If we suppose that you have been the victim of a bank data breach already, what might have happened to you? Obviously, online thieves will steal money. In addition to emptying your bank accounts, they could ‘max out’ your credit and overdraft facilities or arrange new lines of credit which they exhaust immediately. Apart from suddenly in massive debt, where does this leave you?
The mental anguish and distress caused by being a victim of fraud like this can devastate lives. You may find yourself unable to sleep, agitated and anxious, depression and shock can set in. You could be traumatised to the point of suffering nightmares and panic attacks. PTSD symptoms can result from acute suffering like this. Suicidal thoughts are not unknown in the face of what can feel like helpless, financial ruin.
The law has changed to address this. Whereas it used to be the case that compensation for mental suffering had to be the result of financial injury too, GDPR laws now mean that you could claim compensation for either or both.
This means that a data breach solicitor can calculate possible compensation based on the trauma of the experience in its own right. The table below shows how by using recommended award amounts as listed in the Judicial College Guidelines for such impacts:
Injury Effects Suggested Award
Psychiatric damage - severe Extreme and lasting problems chronically affecting many areas of life. £51,460 - £108,620
Psychiatric damage - moderately severe Significant problems like stress and trouble working or sleeping. £17,900 - £51,460
Psychiatric damage - less severe The effect on daily activities and sleep will be taken into account. Up to £5,500
PTSD - severe Inability to function at work or in life as normal. £56,180 - £94,470
PTSD - moderately severe Recovery possible but disabilities for foreseeable future with prognosis of some recovery with professional help. £21,730 - £56,180
PTSD - moderate Largely recovered but some lingering and persisting symptoms, even with therapy. £7,680 - £21,730
PTSD - less severe Minor symptoms but mostly recovered within 2 years. Up to £7,680
These are referred to as ‘non-material’ damage, and compensation amounts can be combined with ‘material’ costs such as the financial impacts of fraud, which we examine next.
In addition to compensation for actual psychiatric harm, there is another column of damages that can be calculated by using the evidence of financial loss. It’s possible to prove unauthorised withdrawals and other such strange activity in your bank account using statements and online records. Your bank will recognise that these actions are out of character and match up with their own data breach concerns.
It’s important to note that you only have one chance at making a claim. Anything that you forget to include cannot be added at a later date. This is particularly important in cases of bank data breaches as there could be long-term effects of the fraud. Continued abuses, rolling charges, late fees, unauthorised overdraft use, and other penalties could follow on for months so be sure to include these amounts in your claim.
When you discuss your case with a data breach solicitor, they can help you calculate a realistic and appropriate sum of money that takes into account all the possible financial impacts of the bank charges incurred. Call us at Legal Helpline and we can guide you through this nightmare to the best possible outcome.
The ICO cannot pay you compensation but they can take up your case and vigorously investigate it. With bank data breaches it’s obviously in the banks’ best interests to get to the bottom of the fraud or error as quickly as possible. You might not be the only customer affected.
All banks carry insurance to claim against loss. If the breach can be proved, there is every likelihood the money will be returned to your account. In-house banking security procedures then work with law enforcement agencies to track down cyber thieves.
If you’ve suffered a loss that you can prove and the ICO does not help, a No Win No Fee data breach lawyer can look at your case from a different angle. Any obvious breach of security makes the bank liable and with the right help, you could win compensation.
Data breach claims may seem daunting. The idea of going up against a huge multi-national bank like Santander or HSBC to claim injury may seem far-fetched. The reality is that their failed systems exposed your private information. The abuses that followed – to either your finances or your health – are something they have a lawful duty to address.
No Win No Fee lawyers can help. With no upfront fees to pay to hire the lawyer and none to pay as your case progresses, using a data breach solicitor in this way can offer immediate and professional legal help. They can assist in putting together proof of how you’ve suffered and present an argument for damages that reflects every detail of the experience.
If your case fails, there are no fees to pay the lawyer at all. A successful outcome means that the data breach solicitor keeps a small, capped percentage of your compensation as their fee. This amount is restricted by law to keep it as fair to you as possible. Given the expert help they can give, most people are more than happy to pay this amount.
If you’re looking to work with a No Win No Fee data breach solicitor, we can help. Just get in touch with our team on the number at the top of this page.
Once you’ve made a decision to seek compensation from the bank, you might wonder where to turn next? The internet can offer a plethora of options. There are also websites that claim to quote ‘instant’ amounts of compensation using just a few details. Some of these websites could well be exactly the type of operation GDPR is trying to restrict!
There is no need to shop around. When you call Legal Helpline our team can walk you through a free initial consultation with no obligation on your part to proceed. If it looks promising, we can connect you to data breach specialists from our panel who could take up your case on a No Win No Fee basis. Their expertise and insights could help you get awarded an amount that takes care of all the aggravation and chaos the cyber-fraud or staff negligence caused.
Absolute peace of mind and protected data again can be one phone call away.
To recap, there is a process that you can follow to seek compensation as the victim of a bank data breach:
- Firstly, write to the bank to complain and cancel all credit cards and change PIN numbers
- Await their response within 72 hours
- Has there been any contact from them in the three months from the date of your written letter?
- If not, ask the ICO to step in
- Start to compile proof of medical and financial harm. Doctors assessments and bank statements are some examples
- Connect with a No Win No Fee data breach lawyer to start a claim.
We hope that this article about bank account data breach claims in the UK has been of use. Bank data protection breach compensation could be the solution to this nightmare, restoring both your finances and your mental health.
The ICO enforces GDPR vigorously and these laws were established precisely to stop you from being a victim to corrupted procedures that are essential in the modern financial world. Financial institutions have a duty to prevent people from gaining access to our credit card details or customer data and when they fail, through accident or negligence, you can do something about it.
- Call us on 0161 696 9685
- email or write to us at Legal Helpline
- use the ‘live support’ option, to the bottom right of this screen for instant legal help
Do banks have to report data breaches?
Yes. By law, any company or institution has a responsibility to report data breaches within 72 hours to everyone it may affect. In banking data breaches this can be especially important as cyber criminals act swiftly to empty bank and savings accounts. Time is of the essence.
How do banks secure their data?
Banks use a formidable array of security measures to protect customers’ data whilst still delivering efficient services. As such, some tools are:
- Intricate software firewalls
- Multifactor authentication
- Multiple password security
- Automatic time-outs on screens
- Privacy policies
- Anomaly detection
All of these tactics are designed to make it as difficult as possible for outside influences to hack into your personal financial data. However, they are only as effective as the people operating them and bank data breaches can easily occur with staff negligence.
Who is liable if the data is hacked?
With regards to liability, evidence may be needed to establish that the breach occurred within the remit of the bank and not through an act of our own personal negligence. The sophisticated prevention techniques mentioned above are usually able to clearly discern whether it was the bank’s fault or a customer’s breach.
What is the penalty for data breaches?
The ICO has the power to issue serious penalties for data breach offences. They use a two-tier system:
- Standard Maximum – £8.7 million or 2% of the previous year’s turnover (whichever is higher)
- Higher Maximum – £17.5 million or 4% of the previous year’s turnover, (whichever is higher).
In 2021, HSBC made a first-quarter pre-tax profit of £8.8 billion. In the face of a very serious data breach, this could equate (in theory) to a fine of £352 million. Certainly enough to worry even a huge financial institution.
What health effects could I suffer as the victim of a bank data breach?
Sudden money worries can cause tremendous chaos in peoples’ lives and the subsequent emotional distress can be very serious. Depression and anxiety, insomnia and nightmares, loss of appetite or ability to function and work can be just the beginning. All the anguish created by having your personal finances violated are real, actual injuries and you should always seek medical guidance about any new or unwanted symptoms.
For information about coping with the psychological trauma of identity theft, please refer to this victim support link. In addition, you can refer here to the National Cyber Security Centre for more advice about protecting your data. The NHS offers advice about PTSD and severe anxiety issues.
We also have a few other guides on data breach claims, which you can find below:
- GDPR Data Breach Compensation
- Pharmacy Data Breach Compensation Claims
- Medical Data Breach Compensation Claims
Thank you for reading our guide to bank data breach claims.
Guide by JW
Edited by REB