A Guide To Claiming Compensation For A Bank Data Breach

By Marlon Redding. Last Updated 2nd December 2022. Welcome to our guide on bank data breach claims. Imagine the horror of putting your cash card into the ATM machine only to discover your bank account has been cleared out. Bank account data breaches can cause exactly this scenario. What do you do next? How could this money be reclaimed and will it happen again now that criminals have gained access and hacked your details?

Bank data breach compensation claims guide

Bank data breach compensation claims guide

Data breaches in the banking sector can devastate the lives of ordinary people. A simple act of negligence on the part of a bank employee or data processor could expose your personal bank details to online criminals actively seeking opportunities to exploit them. This article explains what you can do about a bank data breach that has caused you financial loss or emotional or psychological suffering.

Our data breach lawyers could help you build an accurate case for compensation. At Legal Helpline we offer an introductory service to data breach solicitors with over three decades of experience. They could help you on a No Win No Fee basis to do something right now about your loss of money and ruined peace of mind. Why not get in touch to discuss what happened and see how our advisors can help.

  • Call us on 0161 696 9685
  • email or write to us at Legal Helpline
  • use the ‘live support’ option, to the bottom right of this screen for instant legal help

Select A Section

  1. A Guide On Bank Data Breach Compensation Claims
  2. What Is A Bank Data Breach Claim?
  3. What Is Data Sharing With A Third Party?
  4. Enforcement Action Taken By The Authorities For Banking Data Breaches
  5. Data Breach Compensation Amounts UK
  6. What Is The Information Commissioner Responsible For?
  7. No Win No Fee Bank Data Breach Compensation Claims
  8. How Could A Data Breach Solicitor Help You?
  9. How To Claim For A Banking Data Breach
  10. Speak To Our Team
  11. FAQs On Bank Data Breach Claims
  12. Where To Learn About Data Breach Claims

A Guide On Bank Data Breach Compensation Claims

In 2018 a new law called the General Data Protection Regulation (GDPR) was passed concerning the rights of consumers over their personal data. This was enacted into UK law by the Data Protection Act 2018. It was brought in to acknowledge how the internet had transformed communications and information sharing, but how this had also given rise to a whole new type of criminality and data sharing abuses. Anyone who has ever received a deluge of spam emails knows how out of control this problem was becoming.

Cybercrime, hacking, phishing scams, and malware viruses are all ways in which online gangs can penetrate banking security systems and access private information for fraudulent use. As the unwitting victim on the receiving end of this, you may only discover you have been the victim of a data breach when it’s too late. What can you do?

Banks and building societies have a legal duty of care to protect your data. Failure to do this because of human error or flawed security systems can make them liable for your loss. Furthermore, certain changes in the law have made it possible for the victims of a bank data breach to claim compensation for both financial loss and emotional anguish.

Anyone who can collect the right evidence could work with the data breach solicitors on our panel to obtain compensation from the bank in question for their failure to protect your private data. We include a table below to show you how one aspect of your compensation for mental suffering could be calculated. Combined with proof of financial loss, you could receive a significant compensation amount back in your bank account.

What Is A Bank Data Breach Claim?

Any unlawful or unauthorised accessing of, destroying, disclosing, altering or loss of a person’s personal data can be considered a data breach.

If a breach happens because an organisation failed to properly safeguard your personal data, then you could make a claim against the organisation if you were harmed as a result. Generally, harm in a data breach claim refers to financial loss or psychiatric damage.

As personal data refers to any identifiable information that an organisation collects or creates about you, a bank data breach does not just refer to accessing, stealing or loss of your finances.

A bank data breach claim could be made because you were harmed by:

  • Your personal address being leaked
  • Your personal information being shared with a third party without your consent.
  • An employee of the bank disclosing information about your purchases

The aim of this guide is to define what constitutes as a data breach in order for you to understand whether you could be eligible to claim against a bank for a breach of your data, and how data breach compensation is assessed and calculated.

If you would like to learn more about how to claim against a bank, or the compensation amounts awarded in such claims, then please reach out to one of our advisers.

The Information Commissioner’s Office

The body that has the authority to regulate GDPR breaches is called the Information Commissioner’s Office (ICO) and they have some far-reaching powers to enforce and uphold GDPR duty of care expectations from controllers and processors, such as:

  • Absolute transparency, fairness, and lawful handling of data
  • Clearly stated purposes for use of the data
  • Data collection kept to a minimum and only for those clearly expressed purposes
  • Emphasis on data accuracy and regular updating
  • Storage limitation – retaining the data for only the appropriate length of time
  • Integrity and confidentiality at all times with other peoples’ information
  • Accountability. The prompt admission of errors or attacks.

Clearly, procedures like this are essential when handling the personal financial details of millions of people. Human error can be a major source of bank data breaches and in addition, they are under fairly constant attack from hackers and online criminals. But this does not mitigate their responsibility. For example, some typical scenarios that could lead to a bank data breach that affects you are:

  • Private information being left on an open computer screen
  • Data inputting errors
  • Statements or pin numbers sent to the wrong address
  • Paper copy information left lying around
  • Public conversations amongst staff
  • Social media shares or posts that inadvertently disclose something
  • Loss of USB sticks, laptops, or smartphones
  • Unauthorised access to financial information for unlawful or trivial reasons

We trust banks with our money and expect them to handle their procedures properly to avoid us falling victim to fraud. If this has happened to you, speak to our advisors now to see how you could start your claim for compensation with a data breach solicitor from our panel.

What Is Data Sharing With A Third Party?

Data sharing happens all the time. It’s an important part of modern communications and banks would not be able to function properly without this freedom. The key point to sharing data is our permission, and GDPR came about in response to the amount of data sharing that was happening without our pre-given consent. 

As you use the internet today you will see nearly every reliable site asks for your ‘cookie’ preferences or permission to use your data.

Whilst this may seem irritating and distracting, it’s actually an important opportunity for you to have more control over how your information is shared and disseminated to third parties. Rather than simply clicking the ‘I agree’ button to make it go away, take a moment to see who wants your information and why. You might be glad that you did.

However much care we may take, the unauthorised sharing of our details with third parties still happens and it can lead to much disruption in people’s lives. Any reputable bank would never entertain the idea of selling on details or sharing them for marketing purposes. But it’s important for us to take as much control over our data as we can too.

Enforcement Action Taken By The Authorities For Banking Data Breaches

The ICO takes data breaches very seriously. In recent years, they have issued massive fines to companies who have ignored or minimised the importance of proper data handling from high street pharmacists who left patients’ notes outside in an unlocked container, a ticket vendor who received a £1.25 million fine, to the intrusive sales techniques of a birthing and parenting services provider. Banks are no different and ICO fines can be as high as £17.5 million or 4% of the previous year’s turnover. In a global bank that’s a formidable amount.

When a data breach has happened, the company in question has a legal responsibility to inform you within 72 hours. In some instances, the company may not know the breach has occurred until some time after, but this would be unlikely with a financial institution normally vigilant for such risks.

In most cases of serious involvement, the bank will always contact you. However, If they think the breach doesn’t implicate you they may not, But you still have options. You can write about your concerns to them and await a response. If there is no meaningful communication within a three-month period, you can ask the ICO to step in and investigate on your behalf. It’s important to not delay your response as after the three-month period the case will be deemed either resolved or too trivial.

This is also exactly the right time to consider hiring a No Win No Fee data breach lawyer. They can look at the impact of the data breach on your life in detail. They could help you collate the relevant medical and financial proof to build a claim for compensation from the bank for their error. 

If you’d like help with finding suitable legal representation, get in touch with our data breach claims advisers. They’ll assess your case for free, without any obligation on your part to proceed.

Data Breach Compensation Amounts UK

Settlements for successful personal data breach bank claims could compensate for material and non-material damage. Any financial losses you may have suffered due to the personal data breach are considered material damage. For example, if your credit card details were compromised in a bank data breach, this could result in unknown charges being made to that card.

Any psychological harm you have suffered due to the personal data breach is considered non-material damage. For example, you may suffer from anxiety due to a data breach if your home address or phone number was compromised in the breach.

To help you understand how much you could receive for non-material damage, we have provided the following table. When creating this table, we used the compensation amounts listed in the 16th edition of the Judicial College Guidelines (JCG). This is a document that many legal professionals will use to help them value claims, as it provides compensation brackets for various injuries, both mental and physical.

However, it is important to note that if you decide to claim for a personal data breach, compensation amounts in the UK will vary depending on the specific factors to your claim. So, please only use this table as a guide.

InjuryEffectsSuggested Award
Psychiatric Damage - SevereSevere problems that affect many areas of daily and social life.£54,830 to £115,730
Psychiatric Damage - Moderately SevereSignificant problems with daily life. But, there is a more optimistic prognosis.£19,070 to £54,830
Psychiatric Damage - ModerateMarked improvement shave been made, despite having struggles with various problems.£5,860 to £19,070
Psychiatric Damage - Less SevereThe effect on daily activities and sleep will be taken into account. £1,540 to £5,860
PTSD - SevereInability to function the same as pre-trauma due to permanent effects.£59,860 to £100,670
PTSD - Moderately SevereRecovery is possible with help from a professional, but the person will still likely suffer for the foreseeable future.£23,150 to £59,860
PTSD - ModerateLargely recovered with any persisting symptoms not being majorly disabling.£8,180 to £23,150
PTSD - Less SevereA full recovery is made within 2 years, with only minor problems persisting after this.£3,950 to £8,180

If your personal data has been breached by a bank, compensation amounts could vary. For further guidance, you can contact our advisors today.

What Is The Information Commissioner Responsible For?

The ICO cannot pay you compensation but they can take up your case and vigorously investigate it. With bank data breaches it’s obviously in the banks’ best interests to get to the bottom of the fraud or error as quickly as possible. You might not be the only customer affected.

All banks carry insurance to claim against loss. If the breach can be proved, there is every likelihood the money will be returned to your account. In-house banking security procedures then work with law enforcement agencies to track down cyber thieves.

If you’ve suffered a loss that you can prove and the ICO does not help, a No Win No Fee data breach lawyer can look at your case from a different angle. Any obvious breach of security makes the bank liable and with the right help, you could win compensation.

No Win No Fee Bank Data Breach Compensation Claims

Data breach claims may seem daunting. The idea of going up against a huge multi-national bank like Santander or HSBC to claim injury may seem far-fetched. The reality is that their failed systems exposed your private information. The abuses that followed – to either your finances or your health – are something they have a lawful duty to address.

No Win No Fee lawyers can help. With no upfront fees to pay to hire the lawyer and none to pay as your case progresses, using a data breach solicitor in this way can offer immediate and professional legal help. They can assist in putting together proof of how you’ve suffered and present an argument for damages that reflects every detail of the experience.

If your case fails, there are no fees to pay the lawyer at all. A successful outcome means that the data breach solicitor keeps a small, capped percentage of your compensation as their fee. This amount is restricted by law to keep it as fair to you as possible. Given the expert help they can give, most people are more than happy to pay this amount.

If you’re looking to work with a No Win No Fee data breach solicitor, we can help. Just get in touch with our team on the number at the top of this page.

How Could A Data Breach Solicitor Help You?

Once you’ve made a decision to seek compensation from the bank, you might wonder where to turn next? The internet can offer a plethora of options. There are also websites that claim to quote ‘instant’ amounts of compensation using just a few details. Some of these websites could well be exactly the type of operation GDPR is trying to restrict!

There is no need to shop around. When you call Legal Helpline our team can walk you through a free initial consultation with no obligation on your part to proceed. If it looks promising, we can connect you to data breach specialists from our panel who could take up your case on a No Win No Fee basis. Their expertise and insights could help you get awarded an amount that takes care of all the aggravation and chaos the cyber-fraud or staff negligence caused.

Absolute peace of mind and protected data again can be one phone call away.

How To Claim For A Banking Data Breach

To recap, there is a process that you can follow to seek compensation as the victim of a bank data breach:

  • Firstly, write to the bank to complain and cancel all credit cards and change PIN numbers
  • Await their response within 72 hours
  • Has there been any contact from them in the three months from the date of your written letter?
  • If not, ask the ICO to step in
  • Start to compile proof of medical and financial harm. Doctors assessments and bank statements are some examples
  • Connect with a No Win No Fee data breach lawyer to start a claim.

Speak To Our Team

We hope that this article about bank account data breach claims in the UK has been of use. Bank data protection breach compensation could be the solution to this nightmare, restoring both your finances and your mental health.

The ICO enforces GDPR vigorously and these laws were established precisely to stop you from being a victim to corrupted procedures that are essential in the modern financial world. Financial institutions have a duty to prevent people from gaining access to our credit card details or customer data and when they fail, through accident or negligence, you can do something about it.

  • Call us on 0161 696 9685
  • email or write to us at Legal Helpline
  • use the ‘live support’ option, to the bottom right of this screen for instant legal help

FAQs On Bank Data Breach Claims

Do banks have to report data breaches?

Yes. By law, any company or institution has a responsibility to report data breaches within 72 hours to everyone it may affect. In banking data breaches this can be especially important as cyber criminals act swiftly to empty bank and savings accounts. Time is of the essence.

How do banks secure their data?

Banks use a formidable array of security measures to protect customers’ data whilst still delivering efficient services. As such, some tools are:

  • Intricate software firewalls
  • Multifactor authentication
  • Multiple password security
  • Automatic time-outs on screens
  • Encryption
  • Privacy policies
  • Anomaly detection

All of these tactics are designed to make it as difficult as possible for outside influences to hack into your personal financial data. However, they are only as effective as the people operating them and bank data breaches can easily occur with staff negligence.

Who is liable if the data is hacked?

With regards to liability, evidence may be needed to establish that the breach occurred within the remit of the bank and not through an act of our own personal negligence. The sophisticated prevention techniques mentioned above are usually able to clearly discern whether it was the bank’s fault or a customer’s breach.

What is the penalty for data breaches?

The ICO has the power to issue serious penalties for data breach offences. They use a two-tier system:

  • Standard Maximum – £8.7 million or 2% of the previous year’s turnover (whichever is higher)
  • Higher Maximum – £17.5 million or 4% of the previous year’s turnover, (whichever is higher).

In 2021, HSBC made a first-quarter pre-tax profit of £8.8 billion. In the face of a very serious data breach, this could equate (in theory) to a fine of £352 million. Certainly enough to worry even a huge financial institution.

What health effects could I suffer as the victim of a bank data breach?

Sudden money worries can cause tremendous chaos in peoples’ lives and the subsequent emotional distress can be very serious. Depression and anxiety, insomnia and nightmares, loss of appetite or ability to function and work can be just the beginning. All the anguish created by having your personal finances violated are real, actual injuries and you should always seek medical guidance about any new or unwanted symptoms.

Where To Learn About Data Breach Claims

For information about coping with the psychological trauma of identity theft, please refer to this victim support link. In addition, you can refer here to the National Cyber Security Centre for more advice about protecting your data. The NHS offers advice about PTSD and severe anxiety issues.

We also have a few other guides on data breach claims, which you can find below:

Thank you for reading our guide to bank data breach claims.


Guide by JW

Edited by REB