How Do I Make A Claim For Stress Due To A Data Breach?

Stress can be a part of normal modern life, but when you are suffering from acute stress due to a data breach, it can feel like your whole world is falling apart. Every day we share our personal information either on or offline and we trust that those who use it do so safely. In fact, there are laws now which expect organisations and businesses to take care of our personal data. If they fail, they can suffer severe penalties and you can sue them for compensation.

Stress due to a data breach

Stress due to a data breach

You may be reading this because you have already been notified about a data breach that has affected you. Usually, companies will notify you in writing if they have suffered a hack or virus that has exposed customer details in a way that could cause harm. That harm might be financial, through the loss of funds from your accounts, or emotional from the aggravation and stress.

This article aims to help you have a greater understanding of how stress from a data breach is understood and what you can do about it. Our friendly team of data breach advisors could offer you the free legal advice needed to start a claim for compensation right now. Simply call us on 0161 696 9685 for instant, confidential help. You can also email or write to us at or use the ‘live support’ option bottom right. We look forward to helping you.

Select A Section

  1. A Guide On Making A Claim For Stress Due To A Data Breach
  2. Calculate Compensation For Stress Due To A Data Breach
  3. Special Damages Which Could Be Awarded
  4. What Are Data Breaches?
  5. Are There Different Types Of Data Breach?
  6. What Is Stress Caused By A Data Breach?
  7. How Could You Be Impacted By Stress Due To A Data Breach?
  8. How To Report A Data Breach To The Information Commissioner
  9. Make A No Win No Fee Claim For Stress Due To A Data Breach
  10. Contact A Data Breach Solicitor
  11. Related Guides
  12. Cyber Security Statistics
  13. FAQs On Stress Due To A Data Breach

A Guide On Making A Claim For Stress Due To A Data Breach

Firstly, we understand that making a claim for compensation is probably something you’ve never considered before. You may only be thinking of it now because you have begun to notice serious damage to your income and quality of life because of the data breach. Perhaps stolen money or the constant thoughts of vulnerability that comes from knowing your personal data has leaked into the public realm and could be exploited by cybercriminals against you.

Hackers and online criminals buy and sell personal data to create fake identities for the purposes of fraud. The consequences of their actions can be left to you to sort out. This can place an intolerable burden of anxiety and anguish on you. We explain how the laws around data use have changed to support you. It can now be possible to calculate compensation payouts for you if your mental health was harmed by the poor data handling of an organisation.

Stress due to a data breach is a real thing. The long-term effects of stress have been linked to insomnia, depression, PTSD (Post-traumatic stress disorder)  and even heart disease. Companies ask for our data on the understanding they will safeguard it and use it properly. If they allowed an outside hacker to breach it, or staff incompetence to expose it, they could be liable for your damages. Whilst money alone cannot repair the harm done to your peace of mind, it can help make the future a brighter place.

Calculate Compensation For Stress Due To A Data Breach

The figures below are a cross-section of General Damages from the Judicial College Guidelines. They provide recommended compensation amounts for a head to toe array of injuries and illnesses. They aim to financially acknowledge impacts that might differ from person to person in a way that keeps it consistent and fair, such as:

  • The pain and suffering the data breach caused you
  • Damage to your personal relationships because of stress
  • Loss of income through missed work or an inability to cope as normal
  • Increased likelihood of other health problems

After a landmark case called Vidal-Hall v Google, the law adapted its position on compensation for a data breach. Previously, it was necessary to prove financial harm in order to support a claim for emotional harm. Now, you can claim for either or both with the right evidence. So for injuries suffered due to data breaches they are now looked on as personal injury claims. So you can claim for material damages and non-materials damages this is equivalent to special and general damages.

InjuryEffectsSuggested Award
Psychiatric damage - severeExtreme and lasting problems chronically affecting many areas of life.£51,460 - £108,620
Psychiatric damage - moderately severeSignificant problems like stress and trouble working or sleeping that results in loss of ability to work.£17,900 - £51,460
Psychiatric damage - less severePhobic responses, nightmares sleep disturbances, mild depression, anxietyUp to £5,500
PTSD - severeInability to function at work or in life as normal. Symptoms include nightmares and acute anxiety.£56,180 - £94,470
PTSD - moderately severeRecovery possible but disabilities for foreseeable future with poor prognosis of recovery£21,730 - £56,180
PTSD - moderateLargely recovered but some lingering and persisting symptoms, even with therapy.£7,680 - £21,730
PTSD - less severeMinor symptoms but mostly recovered within 2 years.Up to £7,680

Your No Win No Fee lawyer can help arrange a psychiatric evaluation to prove your claims of stress due to a data breach. The findings of this independent assessment can then enable your lawyer to aim for the highest compensation amount appropriate. Why not speak with us now for more help on how this could work for you. The free legal advice on offer might make all the difference to your claim.

Special Damages Which Could Be Awarded

Materiel damages can be looked at as special damages in personal injury claims.  If for example, you suffered psychological stress at work from a data breach, you may be unable to function normally. This means you might need time off and if it’s unpaid, you may notice a sudden financial burden. Furthermore, this could impact your ability to pay for childcare, causing serious disruption to your family life.

PTSD (Post-traumatic stress disorder) symptoms can be absolutely devastating, leaving the victim completely immobilised and emotionally unable to cope with the smallest task.

When you consult with a No Win No Fee data breach solicitor, they can offer guidance on how to collect together proof of all these missing costs. Using bills, receipts and other forms of tangible evidence, they could compile a true picture of the financial damage the data breach caused.

What Are Data Breaches?

In 2018, the laws around the use of our personal data changed in the UK. In recognition of the speed and complexity of the internet, it became obvious that personal data was being gathered for the wrong reasons and dedicated criminals were testing the weak spots of company cybersecurity to try and steal this information for fraudulent use. The General Data Protection Regulations (GDPR) laws came into effect to ensure a much higher level of scrutiny and safety for our personal data from all involved.

It was recognised that any willful or accidental act that exposed personal data in a way that may be harmful to the data subject could constitute a data breach. A non-departmental body called the Information Commissioners Office (ICO) governs the way personal data is handled you can find out more here.

Compliance with GDPR and ICO

Data protection laws are enforced by this non-governmental body. The ICO can investigate organisations or companies, both private or governmental when a data breach has occured. They have the power to issue fines as high as £17.5 million (or 4% of the last years’ annual turnover)  if they discover a blatant breach and their website is an invaluable resource for consumer protection regarding data. They also aim to help companies understand and abide by these new rules in clear, simple ways.

Briefly, GDPR defines a data breach as the accidental or deliberate:

  • Loss
  • Alteration
  • Duplication
  • Destruction
  • Implication because of a whistle-blower scenario, or
  • Unauthorised sharing

of the personal data of a subject that could lead to them suffering economic, emotional or social harm. This means that regardless of it being an outside cyber-attack or staff negligence, an unfortunate oversight or a blatantly deliberate act, if your data was inappropriately shared or leaked, those responsible could be liable.

Who uses our personal data?

Data sharing is not a bad thing if done properly and within the law. It’s a way for companies to improve services and offer the consumer better choices. However, it’s important to note who is collecting and using our personal information and what they need it for.


Controllers are the group, organisation or company that originally requested your data for a purpose you were aware of.


Are a department or external company whose job is to process the data on the part of the data controller. Companies need to ensure their processors are aware of GDPR and practising it fully.

Third parties.

Where does all this data go? When we consent to our information being used, we allow certain things to be done with it. Cookies and online preferences allow us to have more control than ever over how our data is passed on and for what reason. Accepted reasons can be to improve the customer experience or streamline service provision. It can be to expand customer reach, maximize profits and get a clearer picture of customer habits and preferences.

7 Core principles

The GDPR has established 7 core principles for correct data handling to make it easier for all concerned to understand their new legal obligations:

  • Lawfulness, fairness and transparency – the reasons for collecting the data must be obvious to the data subject. Furthermore, they must be clearly stated in a way that is separate from other requests.
  • Purpose limitation – there must be a clear reason for collecting the data.
  • Data minimisation – only the amount of data absolutely required should be collected.
  • Accuracy – data must be correct and updated regularly.
  • Storage limitation – time limits for keeping data.
  • Integrity and confidentiality (security) – all involved must know what is expected of them under GDPR law and practice it at every level.
  • Accountability – importantly, companies must report a serious data breach to the ICO within 72 hours of discovery. They should also promptly inform the data subjects implicated.

There are instances when genuine mistakes or misinterpretations can lead to a data breach. Human error is a significant cause and even companies with the most sophisticated firewall and software defences can suffer virus, malware or hacks.

Emotional distress and psychological injury caused by a data breach could cast a long shadow over your finances and health. It might take years to rectify the chaos caused.

Are There Different Types Of Data Breach?

Data can be breached both digitally and in paper format. Your personal documents being left open for anyone to read is just as serious as your profile being used online. So, let’s look at the most common types of a data breach, what causes them and how they might affect you:


This is when an outside party or organisation deliberately seeks to intrude into the private information held by a company. The world of hackers and the dark web is fantastically intricate and grows more so every day.


A virus is a deliberately placed piece of code that can copy itself with the intent of corrupting the computer system or destroying the data it holds.  Viruses can also completely corrupt laptops and systems, rendering them useless.


More organised, a cyber-attack can be when a group of people specifically target a company with the purpose of stealing the data for fraudulent use. It’s possible to construct whole identities with the right data and use it to open lines of credit or defraud financial institutes.

GDPR breaches 

Are any form of data mishandling similar to those listed above. In practice, most data breaches could be the result of staff or human error. Casual conversations, laptops left open and filing cabinets not locked are all commonplace examples of GDPR data breaches. Training is key. Proper shredding and deleting protocols are essential. Everyone must play their part.

Loses and leaks of data

Transportation and storage issues can result in losses and leaks of data. When processors move paper copies around the country there is always a risk that they could be lost or damaged. Likewise, when transferring from one system to another it’s essential to do so accurately.

Data being sent to a third party

This might be another common example of human error. The information sent out could go to the wrong recipient, causing all kinds of potential privacy violations. Imagine the bank sending your new credit card and pin number to the wrong person!

You may have encountered a data breach that is particular to your workplace. If you are unsure as to whether others might be responsible for your personal details leaking into the public realm, either on or offline, speak to our friendly team right now. At we understand that the consequences of privacy violation can be devastating.

What Is Stress Caused By A Data Breach?

How might we be affected by data breaches? Consider for a moment the kind of typical information a bank may need to hold about you:

  • Full name
  • Address and postcode
  • Marital status
  • Dependents
  • Account details, savings and joint
  • Insurance information
  • Mortgage details
  • National insurance number
  • Employers details
  • Immigration status
  • Passwords and encrypted log-ins
  • Health details

Clearly, this is more than enough information to create a whole new identity, open lines of credit and defraud lenders. If cybercriminals can get hold of this information, the first you may know about it is an emptied bank account. This is a harrowing ordeal to put someone through and the reason the ICO take GDPR law so seriously is that they recognise the shattering consequences of identity theft and online fraud.

How can I protect myself from stress due to a data breach?

We can answer cookie preferences more carefully. Constant vigilance, strong passwords and the avoidance of suspect looking attachments are good, but committed cybercriminals know how to circumvent these defences. They know that by targeting large companies there is a chance that human error will allow them the window through which to climb into your identity and finances. As a victim, it could take months or even years to put everything safely back together.

Worry, uncertainty and the increased anxiety of facing each day with the prospect of further damage being done to your finances, privacy or reputation can be intolerable.

How Could You Be Impacted By Stress Due To A Data Breach?

When considering a personal injury claim for compensation, it’s useful to consider every aspect of data privacy impact so that it can be accurately valued. Some financial expenses like fines and bank charges may present themselves long after the original fraud was detected. Likewise, the long-term effects of ill-health could drag on interminably with counselling, medications and impaired quality of life. Can you afford for this to happen?


You may be all too familiar with some of these, but there may be damage in other ways that are not so obvious. Some examples:

  • Lost work through worry
  • Expensive counselling costs to overcome the stress
  • Sleepless nights, depression, panic attacks needing treatment
  • PTSD or other acute emotional problems stopping normal function
  • Emotional distress causing weight loss or other sudden changes
  • Fear of mixing with strangers or connecting with people impacting you
  • Mistrust of the world or social media
  • Feelings of persecution and paranoia
  • Arguments with your partner or children
  • Panic attacks over how to find money
  • The gnawing fear of what is happening to your information

An independent medical assessment arranged as part of your No Win No Fee agreement can provide concrete proof about the acute distress created by data exposure. Documentation can show how there was unusual activity in your bank and that purchases were out of character. Banks are usually helpful and supportive about data breaches as it’s in their interests to get to the bottom of the fraud, too.

Life is stressful enough without these sorts of problems coming at you from nowhere. You can do something about it. There is a data breach claims time limit of 6 years for data breach claims (1 year if the breach violated your human rights) and whilst this may seem a generous time frame, it’s important to start sooner rather than later. Collect as much tangible evidence as you can to share with your lawyer to help them build your case.

How To Report A Data Breach To The Information Commissioner

It’s important to note that the ICO does not pay compensation. In order to obtain damages from a company that permitted a breach in data that impacted you, you must sue them privately. You can do this with or without the help of the ICO or a No Win No Fee lawyer, but both have their obvious benefits.

Firstly, the ICO should be aware of a serious data breach as companies have a duty to inform them within a 72hour time period. The company involved may not be aware of the breach themselves, but as soon as it has come to light in most cases they must report it and tell you. The ICO recommend you follow this data breach, step by step action plan:

  • Report your complaint or concerns about the data breach to the company involved. If you feel your data has been compromised, the ICO provide this useful template.
  • If you do not get a meaningful response do not wait longer than 3 months to contact the ICO.
  • No response? Ask the ICO to step in and investigate. You can contact them using this template.

While waiting to hear any outcome from the ICO (they may or may not take up the case, so be prepared) you can start to work with a No Win No Fee lawyer about a case against the company that breached your data. Remember, GDPR are legal responsibilities like health and safety laws. You have a right to start a compensation claim as a victim of their oversight or lack of preparedness.

Make A No Win No Fee Claim For Stress Due To A Data Breach

With a No Win No Fee lawyer helping you, it is possible to collect all the relevant details and present a much larger-scale claim for damages.

No Win No Fee agreements can be used to fund your legal representation. There are no upfront fees needed to hire a No Win No Fee solicitor, none to pay as the case moves ahead and still nothing to pay if the case is unsuccessful.

Data breach solicitors under agreements like this take a small percentage from the overall settlement at the conclusion of successful cases only. This means you can relax in the knowledge that it’s in their best interest also to get the best possible result.

Contact A Data Breach Solicitor

Thank you for reading our guide on stress due to a data breach. Call our team today for guidance to free legal advice by:

Related Guides

Have you suffered an injury on a train – this guide may help you.

Criminal Injury compensation – have you suffered an injury due to a criminal attack? This guide may help you.

Have you suffered a foot injury – this guide may help you.

Other Data Breach Guides

Finally, these Government websites offer helpful advice on how to protect your personal data better in the future and there’s a more detailed overview of the Data Protection Act available here. Please use this link to learn more about PTSD and its impact on your health.

Cyber Security Statistics

Some recent statistics from 2020/2021 give a snapshot of cyber threat.

  • Four in ten businesses or 39% of businesses reported a cyber attack in the last 12 months
  • A quarter of charities (26%) were affected during the same period
  • Worryingly, companies deploying security monitoring tools were down from 40% to 35% in 2020
  • Phishing attacks accounted for 83% of all cybersecurity issues.
  • 27% of businesses and 23% of charities reported experiencing a cyber assault at least once a week.
  • Impersonation accounts for 27% of all attempted cyber threat.
  • 39% of businesses and 26% of charities that identify breaches results in loss of money, data or other assets.
  • Three-quarters (77%) of businesses state that cybersecurity is a high priority for their directors or senior managers,

FAQs On Stress Due To A Data Breach

Below are some frequently asked questions relating to our topic. If there is anything you would like information on that we have not covered, please call our team.

What are the consequences of stress due to a data breach?

Sleepless nights, panic attacks, depression and PTSD are all well-documented reactions to sudden stressful situations.

What are my rights if my data has been breached?

GDPR laws mean that anyone who mishandles your personal data in a way that could expose you to harm might be liable. With evidence, you could pursue a claim for compensation.

How long does it take to recover from stress due to a data breach?

Each case varies on the individual concerned and the seriousness of their ill-health. With proper help, it’s possible to overcome mild stress quite quickly.

What is the most common cause of a data breach?

The two main reasons for a data breach are human error and outside hacks.

Page by FS

Published by AL.