How To Claim For A Mortgage Provider Data Breach

Have you fallen victim to a mortgage provider data breach that has caused you to suffer financial or emotional damage? If a mortgage provider breaches your personal data, accidentally, negligently or due to malicious behaviour by someone inside or outside of the organisation, you could be eligible for compensation.

We have created this guide to explain the types of harm that victims of a data breach could suffer, and how they could claim compensation for it under the Data Protection Act and the General Data Protection Regulation (GDPR).

Mortgage provider data breach compensation claims guide

Mortgage provider data breach compensation claims guide

There are lots of different ways in which a mortgage provider data breach could happen. Whether your personal data has been exposed by hacking, the use of malware, ransomware, or a virus, or someone has sent your sensitive financial information to the wrong recipient, this guide could help.

Below, we explore how loan and mortgage companies should protect your data, and how it could be breached. We also explain how a data breach solicitor from our panel could assist with your claim on a No Win No Fee basis.

If you are already looking to begin a claim or have questions, you can reach our expert team on 0161 696 9685. We’d be happy to assess your eligibility to claim and could connect you with a No Win No Fee solicitor from our panel to take your case forward.

Select A Section

A Guide On Mortgage Provider Data Breach Compensation Claims

Under data protection law, organisations that collect, process and store our personal data must protect its privacy. If they fail to do so, GDPR and the Data Protection Act 2018 allows those harmed by a data breach to claim compensation.

We have created this guide to explain what you may need to know if you’ve been affected by a mortgage provider data breach, and how you could use a data breach lawyer to make a claim.

In general, if you’ve suffered material (financial) or non-material damage (including distress, anxiety or depression) due to a residential mortgage services data breach, you could claim compensation.

There are some time limits for claiming though, so it could be wise to act swiftly once you determine whether you’ve fallen victim to a data breach. Usually, for a data breach claim, you’d have 6 years from the date you obtained knowledge of the breach. If the incident breached your human rights, however, you might only have one year to claim.

If you’re concerned about having to pay legal fees to a data breach solicitor in order to make a claim, it might ease your worries to learnt that you would not have to. No Win No Fee data breach solicitors could take on your case without any funds being needed upfront. We explain more about making claims under these terms in the sections below as well as explaining how we could help you find such a lawyer.

Remember, if you have any questions, please get in touch on the number at the to of this page.

What Is A Mortgage Provider Data Breach?

A mortgage provider data breach could involve the intentional or unintentional breach of personal information or financial information by a mortgage firm. But what is personal information and how could it be breached?

Simply put, personal data is information that could be used by someone to identify you on its own, or when combining it with other information. Such information could include sensitive financial information, your name, address, e-mail address, IP address or other contact information, for example.

What Is A Financial Data Breach?

A banking data breach could be defined, according to the ICO, as a security incident in which personal data is lost, stolen, unlawfully accessed, stored, transmitted, altered, destroyed or made unavailable. It could be deliberate, negligent or accidental. Causes of such a data breach could include:

  • Someone sending your personal data by e-mail to an unauthorised recipient
  • A hacker gaining access to computer systems using a bot or placing malware, a virus, ransomware or spyware onto computer systems
  • Someone losing a laptop or USB stick with other people’s personal data on it
  • Failure to install protection against data security threats, such as a firewall, for example
  • Phishing attacks or DDoS attacks

No matter how your data has been exposed, if there has been a breach of data protection law, you could be eligible to make a claim for compensation for the harm it causes you.

What Is Third-Party Data Sharing By A Mortgage Company?

GDPR is a data privacy and security law that affects organisations across the globe. It requires data controllers and processors to protect any personal data they collect, store and process.

The UK’s application of GDPR has been enshrined into UK law under the Data Protection Act 2018. One important part of this legislation is that data controllers should not share your personal information without your consent unless they have a valid reason to do so. Valid reasons could include:

  • To perform a task that is in the public’s interest
  • Where there are legitimate interests
  • When there are vital reasons such as the saving or protection of someone’s life
  • Where they require data sharing to fulfil a contract
  • When they have a legal obligation to do so

If a loans and mortgages organisation has shared your personal data with a third party without a valid reason, or your consent, this could represent a breach of GDPR. If such a mortgage provider data breach causes you emotional or financial harm, GDPR allows for those harmed to claim compensation from the organisation that breached their data.

Enforcement Action Taken By The ICO Against Financial Service Companies

As the UK’s independent public body, established to uphold information rights, the ICO is able to enforce GDPR and the Data Protection Act, as well as other data protection legislation, including:

The ICO can take enforcement action, which could include financial penalties for breaches of the legislation it covers.

In 2020, it was reported in the media that there had been a potential RBS mortgage data breach. In the incident, the Royal Bank of Scotland allegedly refused to take back sensitive customer information that an employee took to her home to work on. The ICO reportedly branded this a breach of data protection.


Financial Data Breach Fines

In December 2020 the ICO issued a fine of £50,000 to a Lincolnshire mortgage broker for sending nuisance marketing texts. OSL Financial Consultancy Limited, trading as MortgageKey, received the fine for not obtaining valid consent for the messages to be sent.

Calculating Compensation Amounts For Mortgage Provider Data Breaches

According to Section 168 of the Data Protection Act 2018, victims of a data breach could be eligible for compensation if they suffer non-material or material damage because of a data breach. As mentioned above, this relates to the likes of distress, anxiety and depression, or any financial damage.

A case heard in 2015 set a legal precedent that allows victims to claim for any psychological injuries they suffer due to a mortgage provider data breach. In Vidal-Hall and others v Google Inc [2015], the Court of Appeal addressed the previous legal position that financial damage was necessary in order for someone to include distress and anxiety within their claim. They decided that it was no longer necessary to have suffered financial damage, and that compensation could be sought for either form of harm.

This means, whether you’re making banking data breach claims or data breach claims against another organisation, a lawyer could help you claim compensation for psychological distress, anxiety and loss of sleep if you suffer such harm because of a data breach.

Calculating Mortgage Provider Data Breach Compensation

When a data breach lawyer works on a case, they would need to review all the evidence to work out an appropriate value. If you’ve experienced financial harm due to identity theft or fraud, they could look at the financial effects of the breach and claim compensation for the money you’ve lost because of the breach, as well as assessing any future impact to the likes of your credit rating.

When it working out the value of psychological harm, your data breach solicitor would need to see a medical report. So as part of your claim, you would need to have a medical assessment with an independent expert. The expert would assess the harm suffered and the outlook for recovery and detail this in a report.

Using this report, your solicitor can prove your claim and value your injuries. To help them achieve the latter, they may turn to a set of guidelines produced by a body called the Judicial College, which reviews compensation awards made by the courts.

To give you some idea of the guideline payout amounts for such injuries, we’ve produced the table below.

Injury/IllnessApprox Compensation BracketSeverity Level
General psychological injury/ies£51,460 to £108,620Severe
A Post-traumatic stress condition/PTSD£56,180 to £94,470Severe
A Post-traumatic stress condition/PTSD£21,730 to £56,180Moderately severe
General psychological injury/ies£17,900 to £51,460Moderately severe
General psychological injury/ies£5,500 to £17,900Moderate
A Post-traumatic stress condition/PTSD£7,680 to £21,730Moderate
General psychological injury/ies£1,440 to £5,500Less severe
A Post-traumatic stress condition/PTSD£3,710 to £7,680Less severe

If you’d like a more detailed assessment of your injuries, we can provide it. But we’d need to learn more about your case first. Why not call us on the number at the top of this page?

Types Of Compensation Which May Be Awarded

As we mentioned, GDPR allows victims of a data breach to claim for both non-material and material damages.

  • Material Damages – Exposed financial information could leave a victim at risk of identity fraud or theft. They might have to use credit monitoring software (which may cost them money) to keep track of any attempts to use their data illegally. A data breach lawyer could help you claim back the financial expenses associated with a mortgage provider data breach.
  • Non-material Damages – If you’ve been the victim of a breach of your personal information, it could cause you other, non-financial damage. It could cause anxiety, stress and you may lose sleep. Having your personal data breached could feel similar to a burglary.

A data breach solicitor from our specialist panel could help you claim compensation for the suffering you’ve experienced due to a data breach. Simply get in touch to learn more.

Reporting Your Mortgage Provider To The Information Commissioner

If you’ve suffered harm due to the RBS mortgage data breach, or another mortgage provider data breach, you should report your concerns directly to the organisation initially.

As per the ICO’s advice, you should put your complaint in writing to the organisation that breached your data. You should include all relevant details and ask that they investigate. If you’re not satisfied with their response or you don’t receive one, you could ask that the ICO investigate.

However, you should not leave it too long to do so. Typically, the ICO won’t investigate or put someone on the ICO breach register if there has been an undue delay in reporting an incident.

If you want to make a data breach claim against an organisation, you don’t have to report them to the ICO. Instead, if three months have passed without meaningful contact from the organisation, you could seek out a data breach lawyer. They could help you with your claim for compensation.

If you’d like such support, our team of advisers are on hand to help. You can reach them on the number at the top of this page.

No Win No Fee Mortgage Provider Data Breach Compensation Claims

Claiming for a mortgage provider data breach doesn’t mean you’d have to pay legal fees upfront. All of the data breach lawyers on our panel work under No Win No Fee agreements. This means there’s no need to pay legal fees until your compensation has come through.

The No Win No Fee Process

  • To make a data breach claim under No Win No Fee terms, you’d need to sign an agreement. The formal title for this contract is a Conditional Fee Agreement. It contains details of a success fee, which you would only pay on the condition that your claim was successful. The success fee is a small percentage of your total settlement. It is subject to a legal cap too, meaning you don’t lose much of your compensation.
  • Once you return the signed agreement, your data breach solicitor would be able to get started on your claim. They would build a case on your behalf and negotiate a settlement for you.
  • When your settlement comes through, your No Win No Fee lawyer would deduct the success fee from it. The balance would be for your benefit.
  • If your claim doesn’t end with a payout, your solicitor would not receive the success fee. Nor would you be liable for their costs in pursuing your data breach claim.

To learn more about No Win No Fee claims, why not take a look at our guide? Or, if you would like to ask us something about No Win No Fee claims, you could simply give us a call.

How A Data Breach Protection Lawyer Could Help You

You don’t necessarily have to use a data breach solicitor to help you with a claim. However, many people prefer to. There could be certain benefits from seeking legal advice from a trained professional. A data breach lawyer could:

  • Help put together the strongest case possible for data breach compensation
  • Take the stress of completing paperwork off your shoulders
  • Ensure you claim for all the damages you could be eligible for
  • Negotiate a settlement on your behalf
  • Help you take the organisation to court to fight for the compensation you deserve

Finding A Data Breach Lawyer For A Mortgage Provider Data Breach Claim

To find a lawyer to help you if you’ve suffered a breach of banking data protection law, you could conduct an online search. However, you will find there are a huge number of choices out there. Therefore,  you may be concerned about how to choose the right law firm for you. Some tips for finding an appropriate lawyer could include:

  • Asking family and friends for recommendations
  • Checking online review sites – we’d advise you to use independent sites to ensure the reviews are genuine
  • Putting together a shortlist of data breach lawyers and calling them to ask them about their services and success rates

If you’d like to make the search easier, Legal Helpline would be happy to help. We could provide you with a free, no-obligation eligibility check on your data breach claim. If we believe you could have a strong case, we could connect you with a No Win No Fee data breach solicitor. We have lots of information on the solicitors we could connect you with. This could save you lots of time and stress finding a lawyer to suit you.

How To Start A Data Breach Claim Against Your Mortgage Provider

As we’ve mentioned, you don’t legally need a data breach lawyer to assist you when making a claim for a mortgage provider data breach claim. You could opt to go it alone. If you do, we’d advise you to carefully put together all the details of the breach in a letter. According to ICO advice, you should include:

  • Information that identifies you to the organisation – this could include your account number, name and address, for example
  • Details of the concern you have that there has been a breach
  • Information about how the breach has affected you
  • A reasonable timeframe for them to respond to you

If for some reason they do not respond to you, or their response isn’t satisfactory, you could raise a complaint with the ICO. The ICO could investigate and issue enforcement action if they believe the mortgage provider data breach has breached data protection law.

Or you could contact a data breach lawyer and they could help you take action against the organisation that has breached your data. That’s something we can support you with, and if you’d like to take advantage of that help, you can find out contact details in the next section below.

Contact A Specialist Data Breach Solicitor

We hope you’ve found this guide useful. If you’re ready to make a mortgage provider data breach claim, or you’d like to ask us any questions about banking and the Data Protection Act, you can reach our team via:

Financial Data Breach Faqs

Do Banks Have To Report Data Breaches?

Any data controller, including a bank or mortgage provider, must report a data breach incident to the ICO if it could affect the rights or freedoms of an individual. They have 72 hours from the time they become aware of the breach to do so. If a data security incident doesn’t risk the freedoms or rights of individuals, the bank should still keep records. However, they do not have to report this type of incident to the ICO.

What Is An Example Of A Data Breach?

There are lots of examples of how a data breach could happen. It could happen because an organisation doesn’t have sufficient cybersecurity controls in place to protect data from being breached.

A breach could also happen if an employee makes a mistake and sends personal information to someone by mistake.

Breaches could also occur due to a hack, a virus, malware or other types of malicious attacks. However, not all breaches relate to computer held data. If data in a filing cabinet is not secure, for example, and an unauthorised person accesses it, this could also be a data breach.

What Are My Rights If My Data Has Been Breached?

You have a right, under the Data Protection Act, to claim compensation for non-material and material damages you encounter due to a mortgage provider data breach. This includes distress.

Where To Learn More

Data Breaches By Employers – Has your employer breached your data privacy? If so, this guide could be useful to you.

Has A Pharmacy Breached Your Data?– If so, this useful guide could give you some insight into whether you could claim compensation.

Breaches Of Medical Data – If sensitive personal information is breached, such as medical data, you could claim compensation. This guide could help you.

A Guide to Claiming GDPR Data Breach Compensation – Another detailed guide on claiming compensation for a breach of GDPR.

The GDPR In Full – You can see the General Data Protection Regulation in full here.

Make A Complaint To The ICO – If you’re concerned that your data is being mishandled, this guide shows you how to make a complaint.

How Organisations Should Use Data– The Government has put together a guide to the use of personal data, which you may find interesting.

Thank you for reading our guide to claiming compensation following a mortgage provider data breach.


Guide by JJ

Edited by REB