What does this constitute?

Owing to the fact that almost every company is now online, this has resulted in more and more of our personal information/ data being stored on the company’s online servers. Unfortunately, this rise in online activity has gone hand-in-hand with Cyberattacks and data breaches.

Why is this happening?

In our experience, there are two main types that we see on a day-to-day basis:

  • Cyberattacks
  • Human errors and accidental data sharing.


What is a Cyberattack?

This is where cyber-criminals (hackers) infiltrate online systems and gain access to vast amounts of your personal data that companies store on their servers.

In some instances, the hackers will look to demand a ransom from the company and delete the compromised information upon receipt of the same, however, in other cases, we have seen the criminals post and share the data online, for example on the “dark web”.

These types of incidents can have a huge impact on anyone whose data has been stolen in Cyberattacks as a lot of cases we see involve the hackers stealing large amounts of personal and financial information. This can have a devastating effect on anyone affected. Hackers can defraud you by taking money out of your bank or carrying out transactions pretending to be the company.

How is the company to blame for this?

If you have been affected by a Cyberattack then you can have a claim against the company who have been hacked. Reasons the company may be at fault are:

  • if the company has failed to protect their data properly by not having in place satisfactory security measures at the time of the incident;
  • failing to have suitable internal protocols which would prevent fraud or data misappropriation from occurring within their business.

CEL are experts in data breach prevention and restitution and recently won a case where even though there was no evidence that a Cyberattack had taken place within the Defendant’s company, the fact that the third party who stole our client’s data was able to do so without any internal warnings or checks recognising the actions as suspicious or potentially fraudulent were enough to convince the Defendant that we were likely to succeed in a claim against them for failing to adequately protect our Client’s personal information. As a result, our client was duly compensated.

Simply put, online companies who hold personal data belonging to other people become “data controllers” and as a result of this, they have a number of strict statutory and regulatory obligations under the Data Protection Act (2018) and the General Data Protection Regulations (the GDPR).

If it can be proved that the company did not have sufficient security measures in place and failed to do as much as they reasonably could to prevent the incident from occurring, the person whose data has been affected (the data subject) is able to claim against them for the distress and loss they have suffered as a result of the company’s failure to comply with the responsibilities we have listed above.

Human Errors and accidental data sharing:

The most common examples of these include:

  • an employee sending personal information to the wrong person or;
  • disclosing information they were meant to keep confidential to another person who was never meant to be privy to it.

Even though the data breach has not been committed by the company itself, in almost every case, if an employee, servant or agent of that business shares your information without your permission – even if it was done accidentally – the company is vicariously liable to you for their actions. This means that you are able to hold the company at fault for the negligence of their employee, servant or agent as they were acting for/on behalf of the company at the time the breach happened.

Should I be worried?

As you can imagine, this can result in a great deal of mental anguish and worry for people who this has happened to.

The two main concerns are:

  • when the information which has been lost or disclosed is sensitive and highly personal;
  • when the person the information has been disclosed to decides to use it maliciously against them.

How much compensation is my claim worth?

Whether it is a Cyberattack or a human error, if you have suffered distress and inconvenience as a result of the data breach, the law states that you are eligible to claim compensation for the incident. Further to this, if you have been unfortunate enough to also suffer financial loss as a result of the incident, you can claim for this too.

Claims for distress and inconvenience start at, on average, £750 but can be much more than this, increasing to over £10,000 in some cases depending on the severity of the breach. With regards to any claims for financial loss, if we believe we can link the financial loss to the data breach, we will always look to recover the full amount you have lost plus a figure for the distress and inconvenience you have suffered too, wherever possible.
How do I make a claim?

If you have been the victim of a Cyberattack or suspect a company who holds your data has suffered a data breach, just get in touch with ourselves on 0151 909 8212 for a free, no-obligation initial discussion with one of our experienced staff members to see whether they believe you have a case.

This is a very fast-paced, technical and complex area of law so we would strongly recommend that if you do intend to bring a case for a data breach, you choose a specialist data breach firm such as ourselves. Aside from the wide range of high-quality legal services and experience that we offer in this area we also work closely alongside many of the leading experts in this field meaning you are guaranteed first-class expertise in every area of your claim.

If you’re still not sure on your next steps, or if you even have a claim, the best thing to do is contact our friendly team for some free, initial advice. We can help you determine your best option and if you do have a claim, get the ball rolling on claiming compensation.