What Causes Data Breaches?

By Marlon Marquardt. Last Updated 3rd February 2023. Welcome to our guide on some common causes of data breaches. This article will look at what a data breach is and how it could be caused. 

common causes of data breaches

A guide to common causes of data breaches

The Information Commissioner’s Office defines a data breach as, in broad terms, a security incident that affects the integrity, availability or confidentiality of personal data. This includes when personal data is accessed, changed, lost, disclosed or destroyed without authorisation. If this has happened to you, you could be eligible to claim compensation under certain circumstances. 

The UK GDPR and Data Protection Act 2018 are legislative documents that work alongside each other to protect your personal data. They include guidelines on how organisations should handle and protect your personal data security. 

What Makes A Valid Claim?

To make a valid claim for a data breach, you must start your claim within 1 year for public bodies or within 6 years for non-public bodies. You also must have suffered some form of material or non-material harm. This essentially means financial loss and psychological damage

You’d also need to show that the organisation’s positive wrongful conduct led to the data breach. For example, if your employer didn’t provide cybersecurity or failed to train staff in data protection where necessary and this led to a personal data breach that caused you mental or financial damage, you could claim.

Keep reading to find out more about the common causes of data breaches. Alternatively, to talk to someone directly about making a claim, get in touch with us using the means below. Our team of advisors can offer free legal advice and may pass you on to a specialist data breach solicitor from our panel if they think your claim has a good chance of success. 

Select A Section

  1. Common Causes Of Data Breaches
  2. Data Breach Claim Time Limits
  3. Impersonating A Person Or Organisation
  4. Unauthorised Accessing Of Personal Data
  5. Common Causes Of Data Breaches: Hacking And Malware Attacks
  6. Compensation Examples for Data Protection Breaches in 2022
  7. Data Breach Solicitors – No Win No Fee Solicitors On Data Breach

Common Causes Of Data Breaches

The Information Commissioner’s Office (ICO) is an independent public body created to ensure that organisations meet the obligations they owe in regard to information rights. Organisations must report serious data breaches they suffer, or are liable for, to the ICO.

The ICO publishes quarterly data security trends that highlight some of the most common causes of data breaches in the country. The reports over the years have shown that most types of data breach are data being e-mailed to the incorrect recipient (human error). This does not include other, non-cyber, incidents.

Other identified causes of data breaches include:

  • Phishing attacks: These could be malicious emails sent to trick people into installing malware or sharing sensitive information.
  • Data being posted or faxed to the incorrect address: This could also be caused by human error.
  • Loss or theft of paperwork: A failure to properly store physical data can leave it open to unauthorised access

We go into more detail about different types of data breaches and how they could happen in the following sections.

Alternatively, if you would prefer to speak to someone directly, our advisers are trained professionals that can speak with you on the subject.

Data Breach Claim Time Limits

Above, we looked at some of the potential common causes of data breaches, including phishing and unauthorised access. However, if a data breach causes your personal data to become compromised, you will only have a certain amount of time to make a claim.

Generally, you only have 6 years to start a personal data breach claim. Or you have 1 year to start a claim if the claim is being made against a public body.

Remember, in order to be eligible for compensation, you must prove the following:

  1. The data breach was caused by the organisation’s failure to adhere to data protection law.
  2. The data breach involved your personal data.
  3. As a result of this, you suffered either financial loss or harm to your mental health.

Contact our advisors today for some free legal advice concerning your potential claim. Our advisors could also answer any questions you may have and could also give you some further potential causes of a data breach.

Impersonating A Person Or Organisation

Another arguably common cause of data breaches is impersonation. A cybercriminal could pretend to be you in order to gather your personal information from an organisation. For example, someone could call your bank and ask to make a transaction pretending to be you. Alternatively, someone could get in contact with you pretending to be an organisation that you trust. 

For this reason, many organisations that handle personal data have security measures, such as questions with answers only you would know. Pins or passwords that you should not share with others may also protect your information.

If someone breaches your data via impersonation, this could potentially cause anxiety, post-traumatic stress disorder (PTSD) or psychological harm of another kind. You could seek compensation for this in a data breach claim. 

Unauthorised Accessing Of Personal Data

Another common cause of data breaches is when unauthorised individuals access your personal data. This could be within an organisation or by specific individuals. 

For example, many websites now offer ‘cookies’. This is so that your internet experience is more tailored to you and can be used to save personal details, such as log-in information. 

However, most cookies should give you options for which parties are allowed to access such data. If your cookie preferences are ignored, and a third party accesses your data without permission, this could be a data breach. 

By Members Of Staff

Within an organisation, there should be qualified and trained people to handle and process your data. If another member of staff who is not authorised to access this data does so, this could be a data breach. 

This may not always be purposeful. Data breaches can happen by accident and human error, but you can still claim compensation. 

For example, if a bank employee accidentally emailed your personal information to the wrong address, an unauthorised person could then have access to your personal information. Even if they don’t do anything with this personal information, it is still a data breach, and you could, therefore, still claim.

By Other People

An individual could also access your personal data without authorisation. For example, if a document or computing device with your personal information on was left out in the wrong place, it could be lost or stolen. If someone steals your data, they may use it against you. 

For example, if someone stole your home address, they may visit your home. This could cause stress and mental trauma

 Common Causes Of Data Breaches: Hacking And Malware Attacks

The NCSC defines malware as malicious software which could cause damage in many ways if it is installed and run, including:

  • Stealing, encrypting or deleting personal data
  • Taking control of devices to attack other organisations
  • Locking a device or rendering it unusable
  • Obtaining credentials that allow access to you or your organisation’s system
  • Using services that may charge you money
  • ‘Mining’ cryptocurrency

So what can organisations do to avoid being attacked by malware?

  • Make regular backups, particularly of important or sensitive files
  • Prevent malware from spreading to devices
  • Prevent malware from running
  • Prepare for an attack with training and cybersecurity measures

If your data is not being protected properly, it could also be hacked. A cybercriminal could illegitimately and purposefully access your personal data without authorisation. These attacks are an offence, and any perpetrators could be prosecuted.

Compensation Examples for Data Protection Breaches in 2022

Now we’ve illustrated the common causes of breaches of data protection, this section will confirm the different types of damages you could receive from a successful claim.

Your data breach compensation can consist of two different types of damages. Non-material damages can compensate you for the psychological injuries caused by the data breach. This can include depression, anxiety or PTSD.

Legal professionals use the Judicial College Guidelines (JCG) to provide clients with a better idea of their potential compensation amount. The figures below are taken from the most up-to-date guidelines, published in April 2022. Please remember that these figures are not guarantees, as every claim is unique.

If you’re claiming for non-material damages, as part of the claims process, you may need to attend an independent medical assessment. A medical professional will evaluate how the data breach has affected you psychologically. A solicitor from our panel can arrange for this assessment to be performed as locally to you as possible.

Type of Harm Severity Notes Compensation Bracket
Psychiatric Damage Severe All aspects of life will be severely affected, including work, relationships, education as well as life in general. The prognosis is also bad. £54,830 to £115,730
Psychiatric Damage Moderately Severe A positive prognosis, but the claimant still experiences difficulties with general life, daily activities and relationships. £19,070 to £54,830
Psychiatric Damage Moderate The prognosis is good and the person will have made significant improvements. £5,860 to £19,070
Psychiatric Damage Less Severe The compensation amount offered depends on the amount of time the claimant was affected for, and to what extent the related issues impacted sleep and daily activities. £1,540 to £5,860
Reactive Psychiatric Disorder Severe All aspects of life will be permanently and negatively affected, preventing the person from function the same as pre-trauma. £59,860 to £100,670
Reactive Psychiatric Disorder Moderately Severe A good prognosis, and with professional help there will be some room for recovery. £23,150 to £59,860
Reactive Psychiatric Disorder Moderate There will have been a good amount of recovery and any lasting effects will not be disabling. £8,180 to £23,150
Reactive Psychiatric Disorder Less Severe Within 1-2 years, an almost full recovery will have been made. Only minor symptoms will be remain after this point. £3,950 to £8,180

The second head of claim is material damages. This can compensate you for the financial losses caused by the data breach. For example, your bank details could be stolen due to your solicitor being the victim of a malware attack. This could lead to funds being stolen. If this happened because your solicitor didn’t sufficiently protect your personal data from this kind of threat, you could potentially claim.

Due to the Vidal-Hall & Others v Google Inc [2015], you can now claim for psychological injuries without needing to experience financial losses from the data breach. You can claim for one or both as part of the same data breach compensation claim.

Data Breach Solicitors – No Win No Fee Solicitors On Data Breach

Some data breach solicitors will offer No Win No Fee agreements, and they could be financially beneficial to the claimant. That’s because the claimant doesn’t pay any solicitor fees in the event that the claim is unsuccessful.

If you do receive compensation, there is a success fee to pay your personal injury lawyer. The figure that makes up this success fee is dependent on how much you receive in compensation. However, the success fee has a legal percentage cap, so you won’t lose too much of your settlement.

There are other benefits to using No Win No Fee data breach solicitors. These include the lack of any other hidden or surprise charges as part of a No Win No Fee agreement. In addition, you don’t have to pay solicitor fees prior to or during the claims process.

These are just some of the reasons for working with data protection breach solicitors that offer No Win No Fee. Our panel of personal injury solicitors can provide a No Win No Fee agreement for claimants. To ask any questions about No Win No Fee, you can:

Related Sources

Thank you for reading our guide about the common causes of data breaches. We hope you found it useful. For further related resources, please see below. 

Claim for a Data Breach by a Pharmacy – If you’ve suffered due to a data breach by a pharmacy, you could be eligible to claim compensation. Find out how in our article. 

Housing Association Data Breach – If your data was breached at a housing association, use our guide to learn how to claim compensation. 

Misdirected Fax Data Breach – Learn more about this type of data breach and how you could claim.

Data Security Incident Trends – Find here the ICO’s latest statistics about data breach incidents. 

Help and Support After a Traumatic Event – This NHS page looks at the support you could receive after a traumatic event. 

Mind – This UK mental health charity aims to support all those struggling with psychological issues. 

If you have any more questions about common causes of data breaches, reach out to our advisors. They’re available 24/7 and give free legal advice. 

Article by AO

Publisher UI