Credit Card Data Breach Compensation Claims Guide – How To Claim?

You place your credit card in the ATM machine and request ‘available balance’ only to discover that every penny has vanished. A cold dread might sweep over you as you try to understand what has happened and what it means for your personal finances. A credit card data breach may have happened.

credit card data breach

The horror of a situation like this can be the reality for people who have suffered credit card data breaches. But there is something you could do when your data is exposed due to the security failings of a bank and you suffer financial loss or mental harm as a result: You could make a data breach compensation claim.

Contact us today at Legal Helpline, where we can answer your queries and discuss your legal options. You can call on 0161 696 9685 or contact us for a callback at a time that’s best for you.

It’s completely confidential and our ‘live support’ option offers on-the-spot advice with the utmost discretion.

Our advisors are available 24/7 and you’ll be under no obligation to proceed with the services of our panel of solicitors. Plus, they give free legal advice. Why not get in touch?

Select A Section

  1. A Guide On Compensation Claims For A Credit Card Data Breach
  2. What Are Credit Card Data Breaches?
  3. What Is The Sharing Of Personal Data With A Third Party?
  4. Enforcement Action Taken By The ICO Against Credit Card Providers
  5. Credit Card Data Breach Compensation Calculator
  6. Types Of Compensation Awarded After A Credit Card Data Breach
  7. How To Report Your Credit Card Provider To The Information Commissioner
  8. No Win No Fee Claims For Credit Card Data Breaches
  9. Getting Help From A Data Breach Solicitor
  10. How Victims Could Claim After Data Breaches
  11. Talk To A Specialist Solicitor
  12. Credit Card Data Breach FAQs
  13. How Can I Learn More?

A Guide On Compensation Claims For A Credit Card Data Breach

This article hopes to offer you the resources to make a decision on whether to claim compensation for a data breach. We examine who has our personal data, what they use it for, and who they share it with.

Discussing the laws that aim to protect people who provide personal information, we explain how it’s possible to build a case for compensation against the party whose failings allowed your personal data to be exposed.

It’s possible to work with a data breach solicitor to calculate compensation if your credit card details were inappropriately used or shared. Therefore, in this guide, we explain how a No Win No Fee lawyer can use the evidence of financial loss and emotional suffering caused by a data breach to evaluate damages on your behalf.

Using a compensation table of suggested awards for the psychological impact of a data breach, we explain how your injuries might be valued. We also explore compensation that could reflect both your emotional and financial losses.

What Are Credit Card Data Breaches?

The General Data Protection Regulation (GDPR) came into effect in the EU in 2018. It was enacted into UK law via the Data Protection Act 2018. This legislation sits alongside the UK GDPR.

These laws aim to protect our personal information both online and elsewhere. The UK GDPR gave more control back to consumers about what happened to the data they gave about themselves.

People whose personal data is collected or processed are known as data subjects. Data controllers (such as an organisation or bank) decide how and why they’ll use the data subjects’ personal information.

Personal information or personal data is the kind that can be used to identify you. For example, your name or address is personal information.

The Information Commissioner’s Office (ICO) is a body that enforces UK GDPR and other data protection laws. Their key definition of what exactly constitutes a breach is the accidental or unlawful access, loss, alteration, disclosure or destruction of personal data. This can be both deliberate and unintentional.

Every organisation that holds our personal information (including banks) should ensure our personal data is handled properly. Consequently, if their positive wrongful conduct causes a data breach, and data subjects suffer financial loss or psychological harm as a consequence, the data subjects could claim.

Examples of a credit card data breach

Some examples of a data breach that are specific to credit cards could involve:

  • A bank employee leaving your personal information on a computer screen for unauthorised persons to see.
  • USB sticks, laptops, and smartphones holding personal information being lost or stolen.
  • Personal details in unsecured filing cabinets being accessed by unauthorised persons without a lawful basis.
  • Personal information not being disposed of properly and being accessed by unauthorised personals without a lawful basis.
  • Casual chatting amongst colleagues where personal information is clearly discussed in earshot of members of the public.

Banks aren’t necessarily responsible for all payment card data breaches. Every company or organisation, for example, that holds or processes your payment details should also take measures to protect your personal information.

For example, they should only process personal data with your explicit consent. (However, there are instances where they won’t need this consent.)

Should banking information be accessed by cybercriminals or anyone with ill intent, they could steal funds. So it’s essential the bank and all those with control over credit or debit card details act with the utmost scrutiny to confidentiality.

What Is The Sharing Of Personal Data With A Third Party?

The UK GDPR does not seek to prohibit sharing our information. It recognises the importance of companies needing to liaise between different departments or outside agencies. It merely asks that this is done carefully and with our consent.

The ICO describes two parties who handle our data. The first is data controllers. They decide how and why they’ll process or collect personal information. Data controllers may use data processors to help them collect or process data. This can be, for example, an outside agency that is authorised to use this information.

Third-party data sharing can be a useful way to improve services and the ICO outlines principles to ensure personal data is handled properly, as below. Data controllers and processors need to

  1. Provide clarity as to why the information is needed in the first place.
  2. Process that data in a legal, fair and transparent way.
  3. Only keep the data for as long as is absolutely necessary.
  4. Store the information securely and confidentially.
  5. Keep only the absolute minimum of data to complete the required task.
  6. Ensure data is updated and accurate.
  7. Take responsibility for what is done with the personal data and show compliance with the other principles (accountability).

Each time we accept cookies on a website we are consenting to the use of our information. But thanks to the UK GDPR, that data must now be used in accordance with the rules above.

Proving a credit card data breach

If you can prove that a personal data breach was the result of a data controller or data processor’s positive wrongful conduct, you could claim. In addition, you’d need to show that the data breach resulted in you losing money or suffering mental harm.

Our advisors can advise you in a quick, informal phone call how you could proceed. If a third party exposed your bank details, call us today to see how we could help.

Enforcement Action Taken By The ICO Against Credit Card Providers

How does the ICO enforce the UK GDPR? The ICO is a powerful independent body with the authority to issue serious fines. In some cases, this can be as much as £17.5 million or 4% of the company’s last annual yearly turnover.

In August 2019, they fined Hall and Hanley Ltd £120,000 for sending over three million marketing messages without consent. And in August 2019, the ICO issued a fine against Hudson Bay Finance for failing to adequately respond to a subject access request.

On the whole, banking security procedures are very tight. Methods such as multiple passwords, automatic log-outs, encrypted details, and intricate firewalls help keep criminals away from our money. Clearly, banks have an interest in being safe places for our money. But serious breaches can still occur.

If you tried to complain to a company about a data breach but they didn’t give a satisfactory response, you could raise your concerns with the ICO. The ICO can intervene on your behalf. However, you’d need to raise your concerns with the ICO within 3 months of the last meaningful response from the company. Taking longer than this can affect their decisions.

Additionally, it’s important to note that the ICO can’t offer you compensation. You’d need to make a claim to access this.

Credit Card Data Breach Compensation Calculator

After a case called Vidal-Hall and others v Google Inc [2015], the position of the law adjusted to consider cases of psychological damage caused by a data breach in their own right. Prior to this, cases needed to involve financial damage to qualify. This change now means that you could claim for either psychological damage or financial loss (or both) as a consequence of a data breach.

Importantly, data breach solicitors can calculate damages for mental suffering in a similar way to how they would in personal injury cases.

The compensation table below offers some award suggestions from the Judicial College Guidelines. These figures are based on previous cases and seek to keep awards as fair and consistent as possible for matters like psychiatric harm.

InjuryEffectsSuggested Award
Psychiatric damage - severeExtreme and lasting problems chronically affecting many areas of life.£54,830 to £115,730
Psychiatric damage - moderately severeSignificant problems like stress and trouble working or sleeping.£19,070 to £54,830
Psychiatric damage - less severeThe effect on daily activities and sleep will be taken into account. £1,540 to £5,860
PTSD - severeInability to function at work or in life as normal. £59,860 to £100,670
PTSD - moderately severeRecovery possible but disabilities for foreseeable future with prognosis of some recovery with professional help.£23,150 to £59,860
PTSD - moderateLargely recovered but some lingering and persisting symptoms, even with therapy.£8,180 to £23,150
PTSD - less severeMinor symptoms but mostly recovered within 2 years.£3,950 to £8,180

If you can’t see your injuries in the compensation table above, why not reach out to our advisors? They give free, accurate estimates. Additionally, they could connect you with our panel of solicitors.

Types Of Compensation Awarded After A Credit Card Data Breach

Compensation is classified under ‘material damages’ or ‘non-material damages’. Evidence is required for both in order for them to be included and considered.

Material Damages

This compensation refers to the actual monetary losses you suffered as a result of your data privacy being breached. You can include any cost that you can demonstrate was a result of the data breach.

Using bank statements and credit card bills, it’s possible to build a paper trail of evidence that can clearly demonstrate that you had no part in the financial loss.

Non-material Damages

Non-material damages compensate you for the harm a data breach does to your health and wellbeing. Consequently, it relies on medical evidence.

As part of the claims process, you would attend a medical assessment conducted by an independent medical professional. This is so they can independently corroborate that you have suffered mental harm as a result of the data breach.

In addition, the assessment acts to prove the severity of your injuries. If you use the services of a data breach lawyer, they could use the medical report from the assessment to help them value your injuries.

There are real consequences to the stress created by being the victim of a data breach. For example, the chaos of sudden money loss or the violation of our personal data privacy can devastate our nerves and our lives. Perhaps you can do something about it. Talk to our friendly advisors today to see how a No Win No Fee data breach claim could aid you.

How To Report Your Credit Card Provider To The Information Commissioner

Personal data breaches should be notified to the ICO within 72 hours if it risks the rights and freedoms of data subjects. In these instances, the data subjects should also be notified without undue delay.

If your personal information is involved in a data breach, there are some steps you could follow:

  • Firstly, lodge a complaint in writing to the data controller or data processor whose failings caused the data breach.
  • If you fail to receive a satisfactory response, then within three months of the last meaningful communication, contact the ICO.
  • Don’t leave it for longer than three months as the ICO’s decisions on the matter may be affected.
  • Start to collect proof of how the breach has impacted you. Take time to assemble bank statements and proof of financial loss. Also, medical evidence can be gathered to demonstrate how the breach has adversely affected your mental health.
  • Consider using the services of a No Win No Fee data breach lawyer to seek recompense.

You have a right to report data breaches that have impacted you to the ICO. You can also seek compensation for both the financial and emotional damage caused by data breaches.

Speak to our friendly team now for advice on how to start your claim.

No Win No Fee Claims For Credit Card Data Breaches

No Win No Fee agreements may be something you previously thought applied only to personal injury cases. However, it’s possible to use a No Win No Fee data breach solicitor to help you recoup the money that was stolen from you. You could also claim compensation for the psychological harm the data breach caused.

The advantages of No Win No Fee agreements can include:

  • No fees to pay to hire the data breach lawyer.
  • Nothing to pay in solicitor fees as the case moves forward.
  • Absolute clarity about the likelihood of success right at the start of your claim.
  • The knowledge that, because the lawyer’s fee derives from a successful outcome, they are optimistic about your chances of winning.
  • Nothing to pay in solicitor fees if the case fails.

If there is a successful outcome, you would need to pay a success fee. However, this is only a small percentage of the compensation. It’s also capped by law and meant to finance the lawyer for their hard work.

With all this in mind, No Win No Fee agreements can offer you affordable access to legal representation.

Credit card data breach time limit

There is a 6-year time limit for data breach claims with 1 year if the case involved violations of your human rights. Although this may seem like a generous period of time, it is better to start sooner rather than later.

Call Legal Helpline today to see how we can connect you with a No Win No Fee lawyer from our panel. So, if you’ve endured financial and emotional damage from a data breach that was not your fault, we could help.

Getting Help From A Data Breach Solicitor

Formerly, people would visit the solicitor’s firm on their local high street. Either proximity or word of mouth might dictate their choice. This is no longer your only option. At Legal Helpline, we can connect you with expert data breach solicitors from our panel.

Working remotely, all communication can be conducted online or over the phone. There is no need to actually meet your lawyer unless the case goes to court. (It’s not often that claims go to court.)

In addition to this convenient approach, you would be benefiting from the expertise of lawyers who can work for you from anywhere in the country. This opens up your options.

It’s easy to get in touch. Everything you need to do can be explained to you. So why not reach out?

How Victims Could Claim After Data Breaches

You do not have to use the services of a data breach lawyer if your personal information was exposed due to a data breach and caused you financial loss or mental harm. However, we believe it can be an invaluable help if you make a claim.

Your bank or the organisation involved should contact you in the event of a notifiable data breach in which your personal information was exposed.

The purpose of this article is to provide you with the information and resources to do something about a data breach that caused you mental or financial damage.

Perhaps the bank does not consider the breach as a risk to you or is too slow in addressing the risks to your finances? Consequently, as the situation drags on, your mental health could suffer from this doubt and delay.

When calculating financial loss, it’s important to come up with a figure for compensation that accurately includes future losses. For example, credit card fraud can continue long after it’s been detected in the form of late fees and unauthorised overdraft facility use charges.

Your lawyer could anticipate these long-term problems and ensure their inclusion in your claim. This is vital as you only have one chance to make a claim. You cannot include amounts recalled at a later date.

With a No Win No Fee data breach solicitor working on your behalf, it sends a very clear message to all those involved that you have taken your data breach very seriously and intend to get to the bottom of why it happened.

Talk To A Specialist Solicitor

Why not get things started right now? Our advisors are ready to take your call and help assess your options. Therefore, simply:

The more information you have, the more accurate an amount we could calculate to help you. We look forward to assisting you and thank you for reading our guide on what you could do following a credit card data breach.

Credit Card Data Breach FAQs

What is the most common cause of a data breach?

Hacking, cyberattacks, and weak passwords can lead to online credit card data breaches. Also, human error in banks might reveal information to people who have fraudulent intent.

What is a card data breach?

A payment card data breach can happen when a breach in security leads to payment card details being lost, disclosed, destroyed, altered or accessed without authorisation or unlawfully.  Therefore, the following details could be accessed:

  • The card number
  • Sort code
  • The CVV 3 digit number on the back

Can I get compensation for a data breach?

The amount of compensation you could receive could be influenced by your ability to demonstrate the negative effects of the data breach on your finances or your health. With this in mind, it’s important to be patient as you collect evidence. It can take some time to see the true picture of the damage.

Is it fair to blame bank staff for my breach?

Bank staff may not have been trained properly in data protection. And we do all we can as customers to use passwords and pass security clearance. So it’s not unreasonable to expect them to process our data correctly. However, if you make a compensation claim, you would usually be claiming against the bank if their failings led to a personal data breach.

How Can I Learn More?

It can be useful to read up on topics relating to data breaches. Therefore, these external sites could help you gain more insight:

The Government has advice on malware and ransomware attacks.

Furthermore, you can read about victim support for cybercrime.

The ICO gives their definition of personal data breaches.

Our own guides could also help you:

Virgin Healthcare Data Breach Claims Guide

Housing Association Data Breach Compensation Claims

Comparison Site Compensation Claims

Mortgage Provider Compensation Claims

Thank you for reading about what a credit card data breach could entail and how you could claim. 

Written by JJW

Edited by RV