We've been featured in:

Mortgage Company Data Breach Compensation Claims Guide

By Lewis Cobain. Last Updated 26th June 2024. Whether you’ve been with a mortgage company for a number of years or you’ve just obtained your first mortgage, you may have given a mortgage company a lot of personal data.

Mortgage companies require a lot of information to make decisions about mortgages, and they should keep the personal data you give them secure. But what happens if you are the victim of a mortgage company data breach? Could you claim data breach compensation from the mortgage company for financial or emotional damages? We answer this and many other questions in the below guide.

Banking data security is something that all financial service providers should take seriously. After all, banks and building societies have a legal obligation to protect the personal data they process. We explain more about the legal obligations these companies have in the sections below.

In addition to this, we look at how a banking service data breach could happen, what kind of compensation you could receive.

Finally, we offer some insight into how a solicitor from our team could help you get the compensation you deserve. If you’d like to speak to us about a data breach that has affected you, whether to start a claim or have your questions answered, we’re here to help. You can call our expert advisors on 0800 073 8804 at any time.

Mortgage Company data breach claims guide

Select A Section

What Is A Mortgage Company Data Breach?

Before we go ahead and explain what could constitute a mortgage company data breach, let us explain what is meant by personal data. According to the Information Commissioner’s Office, the UK’s independent authority for data rights, personal data is:

  • Information relating to a natural (living) person that could identify that person
  • Information relating to a natural (living) person that could be used in combination with other data to identify a person

Examples Of Personal Data

Examples of personal data could include:

  • Name
  • Address
  • Phone number
  • E-mail address
  • Contact information
  • Usernames
  • Passwords

What Is A Data Breach?

A breach of personal data could happen due to a mistake by a member of staff. It could also happen if the company falls victim to a cyberattack, such as hacking. Other ways in which your personal data could be breached could include:

  • Loss or theft of computer equipment
  • Insufficient protection of your personal data online
  • Mismanagement of personal data

By law, mortgage companies and other organisations should protect your data from such breaches. If they fail to do so, data protection law could allow you to seek data breach compensation for the detrimental effects of the breach. This could include any financial expense arising from a financial data breach, for example, if the breach has meant someone has been able to steal from you. You could also claim compensation for emotional harm you suffer because of the breach.

How Could Mortgage Companies Suffer Financial Data Breaches

There are many ways in which a breach of GDPR could happen to mortgage brokers and mortgage companies. A data protection breach could occur because:

  • Mortgage documents are sent in error to an unauthorised person
  • A mortgage company suffers a loss of data in a cybersecurity attack
  • A hacker launches a malware, ransomware or DDoS attack
  • Hardware containing personal information is lost or stolen

Whatever the nature of a data breach, if it causes you harm, you could be eligible for data breach compensation. If you’d like us to assess your case to see if you could claim, we would be happy to help.

Who are the top mortgage lenders?

These are the top mortgage lenders in the UK by market share in 2019.

  1. Lloyds Banking Group
  2. Nationwide BS
  3. NatWest Group
  4. Santander UK
  5. Barclays
  6. HSBC Bank
  7. Virgin Money Plc
  8. Coventry BS
  9. Yorkshire BS
  10. TSB Bank
  11. Skipton BS
  12. Co-operative Bank plc
  13. OneSavings Bank Plc
  14. Bank of Ireland
  15. Leeds BS
  16. Metro Bank
  17. Principality BS
  18. Aldermore Bank
  19. Paragon Banking Group
  20. Kensington Mortgages Company
  21. Legal & General Home Finance
  22. More 2 Life
  23. Newcastle BS
  24. Aviva Equity Release
  25. Sainsbury’s Bank
  26. Danske Bank
  27. Foundation Home Loans
  28. Shawbrook Bank
  29. Vida HomeLoans
  30. Together Financial Services Ltd
  31. West Bromwich BS

Does The GDPR Apply To Banks And Mortgage Lenders?

GDPR is the world’s strictest and most wide-reaching data security and privacy law in the world. It requires any organisation that processes personal data to protect it. The fundamental principles of GDPR are:

  • Accuracy – organisations must keep accurate and up-to-date data
  • Storage limitation – organisations must only store personal data for the shortest time necessary for its specified purpose
  • Purpose limitation – organisations must explicitly specify the purpose of data processing.
  • Transparency, fairness and lawfulness – organisations must be transparent with every data subject regarding how their data will be processed and they must process data lawfully and fairly.
  • Accountability – organisations must be able to demonstrate compliance
  • Data minimisation – organisations must collect only the data necessary for the purposes specified.
  • Integrity and confidentiality – organisations must not risk data integrity, confidentiality, or security when processing it.

When it comes to the company supplying a mortgage, GDPR would apply to that company. After all, they would process your personal data for the purposes of supplying your mortgage. The Data Protection Act 2018 enshrines in law the UK’s application of GDPR. Section 168 of the Data Protection Act 2018 refers to a data subject’s right to compensation in accordance with Article 82 of GDPR. This means that data subjects that have been harmed by a mortgage company data breach materially or non-materially could potentially seek data breach compensation.

Mortgage Company Data Breaches Reported To The ICO

While there do not appear to be any specific GDPR breaches by mortgage brokers listed on the ICO website, some large financial firms have breached personal data.

Equifax Fined

For example, credit reference agency Equifax received a fine for a data breach in 2017 by the ICO. The incident that led to the £500,000 fine affected up to 15 million UK citizens. The ICO worked with the Financial Conduct Authority to investigate the breach and it was found that Equifax Ltd failed to take steps to ensure its parent company protected data sufficiently. This was in breach of 5 principles within the Data Protection Act 1998 including;

  • Lack of legal basis to transfer UK citizens’ data internationally
  • Poor retention practices
  • Failure to secure personal data

EasyJet Credit Card Data Breach

According to reports, in 2020 over EasyJet customers’ data was breached, including their e-mail addresses, travel details and credit/debit card details. EasyJet notified the ICO of the breach, which was the result of a sophisticated cyber-attack. The stolen information included the CVV number of customers’ credit/debit card details, which could put customers at risk of financial fraud.

(Source: https://www.bbc.co.uk/news/technology-52722626)

FCA Data Breach

Even the Financial Conduct Authority has declared, in response to a Freedom of Information request under the Freedom of Information Act, that it has breached personal data. The FCA breach involved the identity of those making complaints to the authority.

Do I Need To Report A Mortgage Company Data Breach?

If you would like to take action after suffering a mortgage company data breach, you may need to complain to the company first. According to the ICO, if you would like to complain about a mortgage lending data breach, or a financial data breach, you could simply write to the organisation that breached your data. You should include as much information as possible about the breach.

If the organisation doesn’t respond satisfactorily or doesn’t respond at all, you could notify the ICO. However, you should do so quickly, as an undue delay in notifying the ICO could mean they don’t investigate. For example, if you had a mortgage data breach in 2019, and hadn’t notified the ICO within 3 months of the last meaningful contact with the organisation, they would be unlikely to investigate.

Taking Legal Action

You are not required by law to have a data breach solicitor if you do not want one. However, they can bring huge benefits as they will have the experience needed to file the claim in full. If you would like to see if you have a valid case for data breach compensation call our advisors today. Through a no-obligation consultancy, they can provide free advice.

How Could Victims Of Mortgage Data Breaches Be Compensated?

There are two types of damages that can be claimed in a data breach case. This could be financial damage, or non-material damage.

Material Damage

If, for example, a financial data breach led to someone being able to steal from you, you could claim compensation for the financial cost of the theft. Or, if a banking data breach had meant someone being able to make fraudulent purchases in your name, you could claim for the expenses you incur as a result. You would need to provide documentary evidence of this. Therefore, it would be wise to keep all these documents safe. If you can’t provide evidence that you’ve suffered financial harm, you won’t be able to claim for it.

Non-Material Damage

Non-material damages could include loss of privacy, and it could also include psychological harm. A legal precedent was set in 2015 to allow for such claims. The case we refer to is Vidal-Hall and others v Google Inc [2015] – Court of Appeal, in which a judge discussed compensating victims of data breaches for psychological injuries caused by a breach. This means that you could claim data breach compensation for anxiety, distress, stress or depression caused by a breach of your personal data.

Steps To Take If Your Mortgage Company Had A Data Breach

If your mortgage company has had a data protection breach, whether it has breached your banking data security or not, having a solicitor on your side may be the difference between winning or losing your case.

When making a claim for compensation it is key to have as much supporting evidence as you could collect. That way your case has a more likely chance of succeeding if you can back up your claims.

How Our Data Breach Solicitors Could Help

If you suffer psychological or financial harm because of a mortgage lender data breach, you could seek data breach compensation. But only if you have suffered as a consequence.

There are several reasons why many claimants prefer to have assistance from a data breach solicitor, such as ourselves. These could include:

  • Not having to take on the (sometimes complicated) legal paperwork required to prove your claim
  • Ensuring you have the strongest case possible for compensation
  • Making sure legal paperwork is submitted before a claim becomes time-barred
  • Ensuring you claim for everything you’re eligible for
  • Negotiating the highest settlement possible for your case
  • Supporting you through the process if your case goes to court

How We Could Help

Here at Legal Expert, our expert advisors could help you if you’ve been affected by a mortgage company data breach.

Our freephone helpline instantly connects you with our expert advisors, ready to talk to you about your claim.

We could conduct a free eligibility check with no obligation for you to use our services. We could also answer any questions you might have about claiming. If we believe you could be eligible for compensation, we could provide you with specialist solicitors to help you.

We have superb reviews and have helped many claimants successfully get the compensation they deserve. We’d like to help you do the same.

No Win No Fee Data Breach Claims Against A Mortgage Company

If you’re intending to make a claim and would like a data breach solicitor to help you, you may worry about the costs. However, all of our solicitors work under No Win No Fee terms, which means you wouldn’t pay them until your claim ends and compensation comes through.

How Do No Win No Fee Financial Service Data Breach Claims Work?

The process generally works as follows:

  • Your data breach solicitor sends you a No Win No Fee Agreement, detailing the level of success fee you’d pay if your claim ends in compensation. The fee is usually a small percentage of your mortgage company data breach compensation payout. It is subject to a legal cap.
  • You sign and send back the agreement. Your data breach solicitor begins work on your banking service data breach claim.
  • Once they negotiate compensation for you, and the payout comes through, they deduct the success fee, and the rest is for your benefit.
  • If your claim ends without compensation, you don’t pay the success fee or your solicitor’s costs.

Would you like to speak to us about No Win No Fee claims in more detail? If so, we’d be happy to chat with you. If you’d rather read our handy guide to No Win No Fee claims, you can find it here.

Start Your Data Breach Claim Today

Are you ready to start claiming for a mortgage company data breach? Perhaps you have questions about getting a data breach solicitor or the claims process itself. Or maybe you’d like us to check your eligibility to claim. Whatever you need, we’re here to help. There are lots of ways for you to reach us too, including:

However you prefer to get in touch, we’ll be delighted to help you.

Resources

Can A Data Breach Solicitor Help With Data Loss? – If your data was lost, this guide could be useful to you. It explains more about claiming for incidents that involve data loss.

Claiming Mortgage Company Data Breach Compensation For Distress – This guide explains all about the psychological effects of a data breach, and how you can obtain compensation.

Workplace Data Breach Compensation Claims– One organisation that stores and processes your data is your employer. But what happens if they breach your personal data? Find out whether you could claim compensation if such a breach affects you.

ICO Guide For Data Protection – This guide is aimed at organisations that process data. It explains more about data protection law and how companies can ensure their compliance.

Government Guide To Data Protection – This government guide explains the Data Protection Act. It explains what rights you have when it comes to your personal data. You can also use this guide to help you make a subject access request to find out what data a company has on you.

Other Useful Compensation Guides