HMRC Data Breach – Essential Claims Guide

Last Updated 16th April 2026. When you experience an HMRC data breach due to an organisation’s failure to meet data protection laws, you can seek compensation for your suffering. You may have experienced emotional distress due to the breach, causing conditions like anxiety, depression and Post-Traumatic Stress Disorder (PTSD). Financial losses, such as lost income, can also result from a data breach. Either of these types of impact can qualify you for compensation. 

When it comes to assessing compensation for your emotional suffering, legal professionals may use the Judicial College Guidelines (JCG). This text outlines compensation guideline brackets. For example, there is a suggested amount of £72,440 to £152,900 for severe (a) psychiatric damage impacting a person’s relationships and daily life. In moderate (c) cases of psychiatric damage with a good prognosis and marked improvement, the suggested bracket is between £7,740 to £25,190. 

If you have any questions about the responsibilities of HMRC when it comes to your personal data. Our team understands how stressful a data breach can be, as they have spoken with many individuals in a similar situation. You can contact them at any time to assess your eligibility to make a claim and estimate how much compensation could be owed to you. There may also be an opportunity to instruct one of our expert solicitors to guide you through each stage of the process. Speak to Public Interest Lawyers today. 

Select A Section

  1. What Is An HMRC Data Breach?
  2. Can I Claim Compensation For An HMRC Data Breach?
  3. How Could HM Revenue And Customs Suffer A Data Breach?
  4. How Could I Claim Compensation For Stress Should An HMRC Data Breach Occur?
  5. Compensation Payouts After An HMRC Loss Of Data Incident
  6. How Our Solicitors Can Help You After An HMRC Data Breach?
  7. Can I Claim For An HMRC Data Breach On A No Win No Fee Basis?
  8. Contact Us About A Data Breach
  9. Frequently Asked Questions (FAQs)
  10. Useful Links

What Is An HMRC Data Breach?

An HMRC data breach occurs when your personal data has been compromised due to the failure of an organisation to handle the data in line with the law. Personal data refers to any information that could be used to identify you. This applies to your full name, personal phone number or postal address. 

As with all other organisations that handle the data of UK citizens, HMRC needs to comply with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). The Information Commissioner’s Office (ICO) is the body that monitors whether these laws are being implemented. They outline a set of data protection principles that must be followed when it comes to handling data:

  • Purpose limitation
  • Accuracy
  • Transparency, lawfulness and fairness 
  • Data minimisation 
  • Storage limitation 
  • Accountability
  • Confidentiality and integrity

If your data was breached due to a failure to meet these principles, you could be entitled to claim HMRC data breach compensation. It can be difficult to determine whether an organisation has acted lawfully, especially if you aren’t familiar with data handling processes. Reach out to our advisory team to confirm whether HMRC mishandled your data and whether you can start the claims process.

Can I Claim Compensation For An HMRC Data Breach?

You can make an HMRC data breach claim if the HMRC did not meet legal requirements when handling your data, causing you harm. This can be broken down into the following criteria:

The HMRC Needed To Follow Data Protection Laws

As stated in a previous section, the HMRC needs to handle your data in line with UK GDPR and the DPA. These laws outline various ways of protecting people’s personal data. For example, organisations should not store data for longer than is necessary. 

A Breach Resulted From Unlawful Data Handling

It will be necessary to show how exactly HMRC was responsible for the breach of your personal data. For example, your data may have been breached due to a failure of HMRC to implement the necessary updates to the security systems, allowing a cyber criminal to steal your personal data. 

This Caused You Some Form Of Suffering

The HMRC data breach must have impacted you in some way. Many claimants experience emotional distress due to the breach of their personal data. It may cause or exacerbate a mental health condition, such as anxiety. It is also common to experience financial losses due to a data breach, such as payments for therapy. Both emotional and financial losses could qualify you for a claim. 

You don’t need to determine whether your case meets the criteria; our advisors are available to confirm this for you. Get in touch today for a free case assessment with the potential to hire one of our specialist data breach solicitors.

magnifying glass held over files enlarging the words 'data breach'

 

How Could HM Revenue And Customs Suffer A Data Breach?

In this section of our guide on what you could do after an HMRC data breach, we’ve added some possible data breach scenarios. They include:

  • Tax demands containing personal data sent to the wrong postal address, despite having the correct address on file.
  • Personal tax information is shared with others without a lawful basis.
  • A device containing personal data is lost or stolen and is unsecured.
  • Where a message is sent to the wrong email address and it contains your personal data, but the recipient isn’t authorised to access this.
  • If an officer discloses personal information about you to an unauthorised party.
  • Where unredacted personal information is published in an online report.

As shown in the list above, human error could be the cause of data breaches just like criminal activity can.

Examples Of HMRC Loss Of Data Incidents

Recently, HMRC suffered a data breach that affected around 100,000 taxpayer accounts. The incident, which is reported to have begun last year, occurred as a result of a phishing scam. HMRC’s chief executive explained that the scam was aimed at accessing the PAYE accounts of individual workers, in order to access existing accounts or create PAYE accounts to pay themselves. Overall, HMRC are expected to have lost around £47 million as a result of the breach.

Keep reading to learn more about data loss, or contact us today to find out if you could be eligible to make a data breach claim.

How Could I Claim Compensation For Stress Should An HMRC Data Breach Occur?

You may be wondering, ‘If an HMRC data breach were to occur, what potential steps could I take?’

There are several steps you could take following a personal data breach. Firstly, you would need to prove that your personal data was compromised in a breach. You would also need evidence that shows the breach was caused by the organisation’s failings and that you also suffered mental or financial harm as a result of the breach.

Evidence that can be useful for a personal data breach compensation claim includes:

  • Any correspondence between yourself and the organisation responsible. For example, you may have been informed that your personal data was compromised in a data breach by letter. You can submit this letter as evidence.
  • The results of an investigation by the ICO. If the data breach was reported to the ICO and they investigated, the results of the investigation could support a data breach claim.
  • If you are claiming for mental suffering, you could submit a copy of your medical records showing the psychological injury you suffered, along with the prognosis and what treatment you required.
  • For monetary losses, you could submit copies of your bank statements or a credit report to demonstrate how you were harmed financially.

If you have any questions, such as “Could I claim compensation for stress if an HMRC data breach were to occur and affect my personal data?’, please get in touch with one of the advisors from our team.

Compensation Payouts After An HMRC Loss Of Data Incident

Following a successful HMRC data breach claim, compensation can be awarded for two different types of damage. These are:

  • Material damage: this refers to financial losses stemming from a breach of personal data. Examples include a loss of earnings for time off work and money spent on therapy.
  • Non-material damage: non-material is the psychological impact of having your personal information breached.

In the case of Vidal-Hall and Others v Google Inc [2015], the ruling stipulated that people who experienced personal data breaches can claim compensation for psychological injuries independent of financial loss. This means that you can claim for one type of damage on its own, or both.

We have provided the psychological injury brackets from the Judicial College in this table. Solicitors (or others responsible for valuing claims) can use these guidelines to help value your potential HMRC loss of data claim.

Compensation Table

It is important we emphasise that the top entry is not a JCG figure. This information has been provided for guidance purposes only.

Type of HarmSeverity Guideline Compensation Amount
Very Severe Psychological Injury with Financial LossesVery SevereUp to £250,000 +
General Psychiatric InjurySevere (a)£72,440 to £152,900
Moderately Severe (b)£25,190 to £72,440
Moderate (c)£7,740 to £25,190
Less Severe (d)£2,040 to £7,740
Post-Traumatic Stress DisorderSevere (a)£79,080 to £133,000
Moderately Severe (b)£30,580 to £79,080
Moderate (c)£10,810 to £30,580
Less Severe (d)£5,220 to £10,810

How Our Solicitors Can Help You After An HMRC Data Breach?

Our solicitors can help you with a claim for HMRC data breach compensation, as they have years of experience in this area of law. When claiming, having an expert to support you can make things much easier. In terms of the specific legal services you can expect, these include:

  • Explaining how to prove the data breach and the different types of evidence that can strengthen your case as a whole
  • Identifying how the breach has affected you and arguing for the compensation to reflect this
  • Confirming how data breach laws apply to your case and helping you to understand the requirements of the claims process
  • Connecting you with specialists who may help with your situation, such as an expert psychologist
  • Ensuring that all the necessary information has been communicated to other parties involved

If any of these services appeal to you or you would like to know more information about the work of our solicitors, make an enquiry today. Our advisors understand that you want to find the right solicitor for you, so they will answer your questions without any strings attached.

Can I Claim For An HMRC Data Breach On A No Win No Fee Basis?

Yes, one of our solicitors could represent your claim for HMRC data breach compensation on a No Win No Fee basis. In order to do so, you would need to sign a Conditional Fee Agreement (CFA). Following this, you can expect legal representation without having to pay for your solicitor’s work:

  • Before you start claiming
  • As you make progress on the claim 
  • If you are not given compensation for the HMRC data breach

However, should you get compensation, you will be asked to pay a percentage of the compensation to the solicitor. This is known as a success fee. You may be happy to know that the percentage is legally bound by a cap, meaning that most of the compensation will remain with you. 

Making a legally binding commitment can seem like a daunting prospect, especially if you are unfamiliar with the law firm. Why not have a conversation with our advisors to get a better understanding of the contract and services on offer? You won’t be expected to make a decision on the spot, so you have nothing to lose by getting in touch.

Contact Us About A Data Breach

We’ve almost reached the end of the article about what you could do following an HMRC data breach. If you have a justifiable claim, you could contact us by:

  • Calling our advisors on 0800 073 8803.
  • Asking a specialist for advice using our live chat.
  • Contacting us online to arrange a callback when it’s convenient for you.

We are happy to provide free legal advice whether you decide to take action or not. Therefore, why not call today?

Frequently Asked Questions (FAQS)

If you still haven’t found the answer to your question, you can take a look at some of our FAQs below.

How Much Compensation Will I Get For A Data Breach?

The amount of compensation that you can get for a data breach depends on a number of factors, including whether or not you suffered physical or financial harm, your projected future losses, and how the breach has affected your ability to function.

Have HMRC Been Hacked?

To check if HMRC has been hacked, you can contact them through their website or over the phone. Alternatively, you can check news reports or monitor your accounts for any suspicious activity. In some cases, if HMRC has been hacked or suffered a data breach, they may contact you directly to let you know if your data was affected.

What If My Information Was Leaked In A Data Breach?

If your personal data was leaked in a data breach, there are a few steps you can take, including:

  • Changing your passwords
  • Enabling two-factor authentication on your accounts
  • Monitoring your accounts for suspicious activity
  • Reporting it to the organisation responsible or the ICO
  • Seeking legal advice to find out whether you are eligible to claim

Do HMRC And DWP Share Information?

Yes, HMRC and the Department for Work and Pensions (DWP) share information, and they don’t need your consent to do so. These two departments work closely together because your pension and benefits are affected by your income, and because of this, it’s important that they can accurately share information.

Useful Links

  • Data Breach Solicitors – More on how data breach solicitors can help you to claim damages.
  • Failure To Use BCC – If you’ve suffered because the BCC field was not used in an email and your personal data was exposed, this guide could help you to claim.
  • Lost Device Claims – This article looks at how you could be compensated if a lost device containing personal data causes you to suffer.
  • Your Data Matters – Several guides from the ICO on protecting your personal data.
  • HMRC Subject Access Requests – Information on how to request copies of the data HMRC holds about you.
  • Anxiety Support – Detailed information about anxiety support that’s available from the NHS.

You’ve reached the end of this article about what steps you might take after an HMRC data breach. Please call if you’ve got any further questions.