By Megan Black. Last Updated 1st July 2024. If you have been involved in a credit score data breach, you may wonder if you are entitled to compensation. This guide will provide information on who may be able to make a personal data breach claim following a credit score breach. We illustrate the data protection legislation that might prove vital when it comes to assessing your eligibility to claim. Near the middle of the guide you will find a table that has a list of mental suffering a data breach could cause along with values that have been attributed by the Judicial College. You could use it to estimate the value of your suffering for your data breach claim.
For more information, you can:
- Call on 0800 073 8804
- Use the live chat feature on this page
- Make a claim online
Select A Section
- What Is A Credit Score Data Breach?
- UK GDPR Compliance For Credit Score Companies
- What Data Could Be Exposed In A Credit Data Breach?
- Has The ICO Fined Credit Reference Agencies?
- How Much Compensation Could I Get For A Credit Score Data Breach?
- Find Out If You Could Make A No Win No Fee Claim
What Is A Credit Score Data Breach?
A credit score rates how reliable you are when it comes to paying the money back. As such, when you sign up to have your credit score rated you will likely provide lots of information, much of which will be personal or sensitive information. This type of data is protected by data security laws.
A personal data breach happens when information that can identify you is breached in a security incident. In this way, someone may compromise the confidentiality or availability of your personal data.
When making a personal data breach claim the onus will be on you to prove that the security incident in which your data was accessed, lost, stolen disclosed or altered was caused because the company had failed to keep it secure.
The Information Commissioner’s Office (ICO) is the UK’s independent body that can impose penalties on companies that have breached your personal data.
Who Could Access Your Credit Score?
There are numerous parties who could process your financial information. We’ve put together a list of who those parties could be:
- Credit reference agencies
- Loan providers
- Landlords, housing associations and estate agents
- Banks and financial service providers
It should be noted that the above examples do not represent all parties that could potentially access your credit data. For more information, speak to an advisor today.
UK GDPR Compliance For Credit Score Companies
An organisation that states why and how your personal data should be processed are known as a data controller. You are the data subject if an organisation processors your data. All data controllers must follow data security and privacy laws that are applicable to them
The Data Protection Act 2018 (DPA) which runs alongside the UK General Data Protection Regulation (UK GDPR) govern how data controllers must function when handling personal or sensitive information.
An organisation can adhere to these laws by being:
- Lawful, fair and transparent.
- Purpose limited.
- Minimal data collected.
- Accurate
- Storage limitation.
- Integrate and confidential (security)
- Accountable.
Collecting evidence is vital to any successful personal data breach claim. If you have experienced a credit score data breach call our advisors for further information. You may have the grounds to make a valid claim. Speak to our team of advisors for more information.
What Data Could Be Exposed In A Credit Data Breach?
Credit score companies may hold much of what is considered your personal or sensitive data. Below we look at how personal data may be involved in a security incident, we also look at what information could be exposed.
How Could Personal Data Be Exposed:
If data is emailed to the wrong recipient.
Your sensitive data is posted to the wrong address
Mis-directed fax that contains financial information
A personal data breach caused by human error
What Is Personal Information:
– Name
– Address
– Date of birth
– Driver’s licence
– National Insurance Number
The personal information that credit score companies hold could also be of a sensitive nature. If you are concerned about a credit score data breach, speak to our team of advisors today.
Has The ICO Fined Credit Reference Agencies?
The ICO imposes monetary penalties on data controllers that fail to comply with the legislation set out in the DPA and UK GDPR. The penalties are decided on a case by case basis and aim to be effective, proportionate and dissuasive.
Although the compromised systems were in America, the ICO stated that Equifax UK failed to protect the information of UK citizens during the cyber attack in 2017 that led to nearly 15m Britons being affected. The ICO fined Equifax £500,000.
Source: https://www.bbc.co.uk/news/uk-england
More recently, after a two-year investigation concluded in 2020, regarding how Experian, Equifax and TransUnion used personal data, the ICO found ‘invisible’ processing taking place. This may have affected millions of adults in the UK. It is ‘invisible’ because the data subject does not know that the organisation is collecting and using their personal data. This is against data protection law.
This investigation and results prompted these companies to make changes. However, the ICO took no further action against Equifax and TransUnion after the company made improvements.
Although Experian made some improvements, the company did not accept that they had to make further changes. The ICO, therefore, took enforcement action stating changes must be made within nine months or risk a fine totalling £20m, or 4% of the company’s total annual worldwide turnover.
Please get in touch if a credit reference agency has breached your data. Our advisors can offer guidance.
How Much Compensation Could I Get For A Credit Score Data Breach?
If you make a successful claim for a credit score data breach, you could be compensated for two forms of damage:
- Material damage, or financial losses experienced due to a personal data breach. For example, having to pay for therapy or a loss of earnings.
- Non-material damage. This refers to the psychological harm, such as depression or post-traumatic stress disorder (PTSD), that the breach has caused.
It is possible to seek compensation for either or both. For example, compensation for incorrect credit report entries in the UK that lead to a data breach, such as the stress the situation caused and relocation costs.
You should keep records of loss such as credit card statements or invoices to prove material damage. Non-material damage will be calculated during the claim.
Those figuring out your non-material damage for your credit score data breach compensation might look at the guideline figures for psychological injuries found in a document called the Judicial College Guidelines (JCG).
The table we have created below features JCG amounts, plus a top line that does not come from the document. However, it is only a guide as all non-material damage payouts are based on the merits of each case.
Type of Harm | Severity | Guideline Amount |
---|---|---|
Material And Non-Material Damage | Serious | Up to £250,000+ |
General Psychiatric Damage | Severe | £66,920 to £141,240 |
General Psychiatric Damage | Moderately Severe | £23,270 to £66,920 |
General Psychiatric Damage | Moderate | £7,150 to £23,270 |
General Psychiatric Damage | Less Severe | £1,880 to £7,150 |
PTSD | Severe | £73,050 to £122,850 |
PTSD | Moderately Severe | £28,250 to £73,050 |
PTSD | Moderate | £9,980 to £28,250 |
PTSD | Less Severe | £4,820 to £9,980 |
If you have any further questions about what to do after a personal data breach, get in touch with our advisors at any time.
Find Out If You Could Make A No Win No Fee Claim
Working with a No Win No Fee solicitor could be an option if you are worried about the fees a solicitor may charge. Solicitors who work under this arrangement require no upfront fees. When you sign a Conditional Fee Agreement there are no ongoing costs either. Furthermore, you will only pay a legally capped fee if you successfully claim compensation. A fee is agreed with your solicitor before proceedings occur, and it is deducted from your award. Additionally, your solicitor requires no costs if you are unsuccessful in your claim.
Our data breach solicitors may be able to help you make a No Win No Fee claim following a personal data breach. You can speak to an advisor for more information by using the live chat feature on this page. You can also:
- Call on 0800 073 8804
- Email info@legalexpert.co.uk
- Use our form to claim online
Financial Data Security And Data Breach Resources
You may find the following resources useful.
Cyber Security Breaches Survey – Government statistics on cyber data breaches in the UK.
Data Security Incident Trends – The ICO produces a quarterly report on the latest data security incident trends.
Make A Complaint – The ICO provides information on how to make a data protection complaint.
For further reading, take a look at some of our other guides.
How To Report A Data Breach – What steps you need to take to report a data breach.
Bank Data Breach Compensation Claims – Find out how much you could be owed if a bank has breached your data.
Credit Card Data Breach – What to do if you have suffered damage as a result of a credit card company data breach.
Legal Expert are here to help you following a credit score data breach. Check out our reviews for yourself and decide if you want our advice and support.
Guide by Jennings
Edited By Melissa.