Credit Card Data Breach – Essential Claims Guide

By Danielle Newton. Last Updated 23rd August 2023. This guide will help if you’ve been affected by a credit card data breach. Because card providers use a lot of personal data to manage your account, generally, they’ll need to abide by the rules of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

Credit card data breach

Credit card data breach guide

Any personal data that organisations use must be protected as much as can be reasonably expected. This includes your name, address, telephone number, credit card number and banking details. The Information Commissioner’s Office (ICO) is the non-departmental public body that answers to the UK Government. They were set up to police data protection rights of individuals also known as data subjects. In this article, we’ll look at when you could be compensated for a credit card data breach. We’ll also explain what level of compensation might be paid.

Our panel of solicitors can help with data breach claims in the same way they can help with personal injury cases, for a back injury at work claim or a claim following a slip, trip or fall. If you’re interested in taking action, our advisors will offer free legal advice during an initial consultation. Where your case is accepted by a data breach solicitor from our panel, they’ll work for you on a No Win No Fee basis.

To learn more about what to do if you’re the victim of a data breach, please read on. Alternatively, please call on 0800 408 7825 if you’d like to take action today.

Select A Section

Credit Card Data Breach Claims Explained

Credit providers need to use a lot of personal data about a data subject. This makes them a data controller. They may collect and use personal information during the application process, to manage your account or for debt collection purposes. Much of the information they’ll hold about you will be covered by the UK GDPR.

Credit card companies have very strong security systems in place. These are designed to prevent unauthorised access to customer records and to stop money from being stolen. However, many data breaches aren’t caused by hackers or cybercriminals as you’d imagine. Many are caused by human error. We’ll look at this more shortly.

Where data breaches do occur that affects the rights of a data subject, the ICO could conduct an investigation. This will be used to identify the cause of the breach and any systematic failings. It could result in a large fine or enforcement action being taken against the company responsible. However, even if the breach has caused you to suffer, the ICO can’t supply compensation. That’s why we’ve written this guide on how to claim for a credit card data breach yourself.

Financial data breach statistics

Data processors and controllers must report data security breaches to the ICO within 72-hours if the rights of a data subject have been affected.

Each quarter, the ICO collates statistics by sector when a data security incident is reported to them and publishes a report.

The chart in this section show security incidents in the finance, insurance and credit sector. The data is based on reports for Q2 of the financial year 2021/22.

Credit Card Data Breach Statistics

The main incident that was recorded was where data was emailed to the wrong recipient. This occurred 33 times in this period.

What is a Personal Data Breach

You might be wondering ‘What is a personal data breach?’ Firstly, a data breach is defined as a security incident threatening the integrity, availability or confidentiality of personal data.

A breach may occur due to a cyber incident, such as a cyber-attack, or a non-cyber incident, such as due to human error.

Article 4 of the UK GDPR defines personal data as any information relating to an identified or identifiable natural person (a data subject). Using this information either directly or indirectly would lead to the identification of the data subject. Indirect personal data is information that can be pieced together with other pieces of information to find out the identity of the data subject.

Examples of personal data include:

  • Name.
  • Date of birth.
  • Identification numbers, such as a national insurance number.
  • Personal mail address.
  • Home address.

If you would like to discuss further examples of personal data or find out if you could start a claim, get in touch with one of our advisors.

What Are Credit Card Data Breaches?

So, before we consider how credit card data breaches can occur, let’s look at what they are. The UK GDPR defines a personal data breach as a security incident that results in:

  • Accidental or unlawful disclosure, access, loss, alteration or destruction of personal data.

Just because a breach has occurred, though, you won’t automatically be compensated. When claiming data breach compensation, you’ll need evidence that:

  • Your data has been involved in a data breach involving your credit card company.
  • The company’s actions or failure to act allowed the incident to occur.
  • As a result of the incident, you’ve been harmed financially or psychologically.

While some data breach claims have a 6-year time limit, others have just a single year to be started. If you’d like to check how long you’ve got left to begin your claim, please use live chat or give us a call.

How Could Credit Card Information Be Leaked?

Let’s look now at how a data controller could be involved in a data breach. We can’t list every example but here are a few potential scenarios:

  • If your credit card statements are sent to the wrong postal address.
  • Where information about you is sent to the wrong email address.
  • If personal information about you is disclosed to an unauthorised party.
  • Where your personal data is used without a lawful basis.
  • Where the credit card company’s IT systems are hacked and personal data is stolen due to poor security measures.

Again, each of these incidents alone does not entitle you to claim compensation. So call our team today and have your case looked at for free. If our advisors can see that you have good grounds for wanting to claim data breach compensation they can offer to connect you to a No Win No Fee data breach solicitor.

Where breaches are identified that affect your rights, your credit card company will need to tell you about it. We’d suggest that you keep a copy of any letter or email in a safe place. This is the sort of evidence you could use to prove that the incident took place when claiming compensation.

What Damages Can Data Breach Victims Get?

Data breach compensation claims are based on one or both of the following:

  • Monetary losses. Called material damages, this element of the claim could be used to claim back any costs incurred because of the breach.
  • Mental harm. Non-material damages can be used to claim for a range of psychological injuries. Therefore, anxiety, embarrassment, distress, depression and Post-Traumatic Stress Disorder could all be considered.

Why not call us if a credit card data breach has caused you to suffer? We’ll provide free advice and let you know your options.

How Are Data Breach Settlements Calculated?

Previously, compensation for mental harm caused by a data breach could only be paid if you’d lost money as well. However, the Court of Appeal changed that rule when settling the case of Vidal-Hall and Others v Google Inc [2015].

To show what amount of non-material compensation might be paid after a data breach, we’ve supplied the table below. Its figures are taken from the Judicial College guidelines

How much can you claim for a data breach?

Type of Claim Category Compensation Bracket Additional Information
Mental Harm (Psychiatric Damage) Severe (a) £54,830 to £115,730 It’s quite likely that treatment will not resolve the claimant’s symptoms. As a result, life in general, work and relationships will all suffer.
Moderately Severe (b) £19,070 to £54,830 There will be significant problems initially but there will be a better prognosis than above.
Less Severe (d) £1,540 to £5,860 This category is based on the amount of time daily activities (such as sleeping) were affected.
PTSD Severe (a) £59,860 to £100,670 The claimant won’t be able to work because of their symptoms which are likely to be permanent. They also won’t return to pre-trauma levels of functioning.
Moderately Severe (b) £23,150 to £59,860 With professional help, some recovery will be achieved. However, there will be serious suffering initially.
Less Severe (d) £3,950 to £8,180 An almost full recovery will be seen in around a year or two.

Remember, every claim is unique. Therefore, if your claim is accepted, your solicitor will explain how much you’ll claim for after assessing your case fully.

Claim For A Credit Card Data Breach With A No Win No Fee Solicitor

Many claimants are worried about losing money on solicitor’s fees if they decide they want a solicitor to help them pursue their case. That is why it may be a good choice for you to opt for solicitors who work on a No Win No Fee basis. Knowing you won’t pay solicitors’ fees if your claim fails will make everything a little less stressful.

If your case is taken on, your solicitor will forward you a Conditional Fee Agreement (CFA) to sign. This contract will mean your solicitor will work without being paid upfront. If your case is won, you’ll pay the ‘success fee’ that’s listed within the CFA. This is a percentage of any compensation that’s paid.

So that you cannot be overcharged, success fees are legally capped at 25% when using a CFA. To see if you’re able to fund a solicitor’s service with a CFA call our team today.

Find Out If You Could Claim For A Credit Card Data Breach

You’ve almost completed this article on credit card data breach claims. If you are thinking about taking action and would like us to help, why not:

  • Call us for free advice on 0800 408 7825.
  • Contact us to ask for a call from a specialist advisor.
  • Use our live chat feature to discuss your options online.

Remember, you’ve got nothing to lose by calling because we offer free legal advice regardless of what you choose to do.

Additional References

Thanks for reading this article about a credit card data breach. Please contact us with any further questions.