We've been featured in:

Sort Code And Account Number Disclosed – Data Breach Claims

By Stephen Hudson. Last Updated 3rd July 2024. Have you had your account number leaked and the disclosure of your sort code in a data breach? Are you looking to make a claim? This article has been made to inform you about the different types of financial data breaches along with how you could begin the claims process.

A data breach is an incident in which personal data is lost, accessed, changed, destroyed,  or disclosed without a lawful reason. As a result of a data breach, you could be greatly affected psychologically or financially. 

If you were affected this way and the data breach was caused by an organisation’s wrongful conduct when processing or storing the personal data, you could claim.

It is important to act quickly when making a data breach claim. This is due to the fact that there is a limited window of time after a data breach has occurred in which you can make a claim.

Get in touch with us today to see if you can start your data breach compensation claim by:

keys pointing to a lock over a circuit board.

A guide to making a sort code data breach claim

Select A Section

  1. What Are The Criteria To Make A Bank Account And Sort Code Data Breach Claim?
  2. How Could A Sort Code Data Breach Occur?
  3. How To Claim For A Financial And Banking Information Data Breach
  4. Examples Of Data Breach Compensation Payouts
  5. Make A No Win No Fee Data Breach Claim

What Are The Criteria To Make A Bank Account And Sort Code Data Breach Claim?

We use our bank account number and sort code near enough every day for purchases, direct debits, and sending and receiving money between family and friends. People often wonder is it safe to give your sort and account number, and the answer is most of the time yes, it is completely safe. However, if such details are exposed in a data breach, then you could potentially be at risk.

When talking about a sort code and account number data breach, there are 3 relevant parties. These are:

  • Data subjects: the living and identifiable individuals to whom the personal data relates.
  • Data controllers: the organisation that decides when, why and how personal data will be processed.
  • Data processors: these are external organisations that conduct processing services on behalf of controllers. It is important to note that not every data controller will use external processing services.

Both data processors and controllers have legal obligations under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). Failing to uphold these laws can lead to data breaches.

The criteria for a sort code and account number data breach claim are as follows:

  1. The data controller failed to uphold their legal obligations under data protection law.
  2. This failure resulted in a breach of your personal data.
  3. Due to this breach, you suffered psychological distress, financial loss or both. 

To learn more about “what someone can do with my account number and sort code” talk to our advisors today. Our team can also assess your eligibility to begin a claim for free.

Data Breach Time Limit – How Long Do I Have To Claim?

If you meet the eligibility criteria to make a personal data breach claim, you must also ensure that you start your claim within the correct limitation period.

Generally, for claims being made for a personal data breach, the time limit is 6 years.

To see if you are within the time limit to make a personal data breach compensation claim, you can contact our friendly advisory team. They can offer you free advice, answer any questions you may have, and offer a free valuation of your claim.

How Could A Sort Code Data Breach Occur?

Data breaches can occur within any organisation, financial institution and charity. There are several different types of financial data breaches and they include:

  • Data has been lost, hacked or leaked
  • Identity theft, e.g. for the purposes of falsely obtaining credit cards
  • A staff member wasn’t trained in data protection and your personal data was compromised as a result of them leaving it in an unsecured location.

These failings can be due to a third party, such as ransomware and hackers, or human error. If a data breach occurs and it risks your freedoms and rights, the organisation should inform you without undue delay. 

How To Claim For A Financial And Banking Information Data Breach

If you begin your claim for a financial and banking information data breach, there are a number of steps that you need to take to make your claim as successful as possible. The process can be daunting but below is a how-to you can follow to begin.

Under the UK GDPR, a company is required to inform you and the Information Commissioner’s Office (ICO) if there has been a data breach that risks your rights and freedoms. If you notice that you have any unauthorised or unusual charges on your bank account, inform your bank immediately.

However, if they don’t get in touch with you about the sort code data breach, you should raise your concerns with them. If they don’t give you a satisfactory response, you could raise your concerns with the ICO within 3 months of the organisation’s last meaningful contact on the matter.

The ICO can’t award you compensation or give advice on what type of compensation could be owed to you, but it may launch an independent investigation into the breach. While it isn’t mandatory, it could be useful to obtain legal advice. This could help you clear any confusion or anxiety you may have when making a claim. 

Gathering Evidence

An important step to begin the claims process is to start gathering evidence of the sort code data breach. It could be the information that you may have received from the data controller confirming that a data breach has taken place. This letter or email should have the date the breach occurred and what was exposed.

The findings of the ICO’s investigation could also be used as evidence, along with any financial records that show financial loss, such as credit scores or bank statements. 

For more information, don’t hesitate to get in touch with an advisor. Just call the number at the top of the page.

Examples Of Data Breach Compensation Payouts

If you make a successful claim for a sort code data breach, then you could receive compensation for up to two types of damages: Material damage and non-material damage.

Non-material damage compensation addresses the effects the breach had on your mental health. For example, non-material damage could compensate you for post traumatic stress disorder (PTSD), anxiety or depression caused by the data breach. 

The compensation guideline brackets in the table below are taken from the  Judicial College Guidelines. Those valuing your claim may refer to this document, as it provides guideline compensation brackets for a number of injuries and illnesses. Please note that these are only guideline amounts.

Compensation table

Types of Mental Anguish SeverityCompensation Guideline
Very Severe Mental Harm and Related ExpensesVery SevereUp to £250,000+
General Psychiatric HarmSevere (a)£66,920 to £141,240
Moderately Severe (b)£23,270 to £66,920
Moderate (c)£7,150 to £23,270
Less Severe (d)£1,880 to £7,150
PTSDSevere (a)£73,050 to £122,850
Moderately Severe (b)£28,250 to £73,050
Moderate (c)£9,980 to £28,250
Less Severe (d)£4,820 to £9,980

Material damage compensation addresses the financial losses caused by the breach. For example, after a financial data breach, money could be stolen from your bank account. This could be recouped under material damage compensation.

Similarly, if you lose out on earnings after taking time off work to recover from the psychological effects of the breach, these could also be covered by material damage compensation.

For more advice on how much data breach compensation you may receive if your claim is successful, get in touch with our advisors online or on the phone today.

Make A No Win No Fee Data Breach Claim

When you are making a claim for bank data breach compensation, you may wish to work with a solicitor. It can be useful to bring your claim to a solicitor, particularly if they specialise in or are familiar with the area of the law that your claim is concerned with.

Our solicitors have years of experience dealing with various types of personal data breach claims and could help you with yours. Additionally, they may offer to work with you under the terms of a Conditional Fee Agreement which is a type of No Win No Fee arrangement.

When working with one of our No Win No Fee data breach solicitors, you won’t have to pay them anything upfront for their services. If your claim is successful, your solicitor will take a success fee from the compensation awarded to you. However, this amount is a percentage that is subject to a legal cap. Alternatively, if your claim is unsuccessful, there will typically be no expectation for you to pay your solicitor for the services they have provided.

For further information on working with No Win No Fee data breach solicitors, please contact our advisory team for guidance. Our team is available 24/7 to answer your questions and offer free advice.

Contact our advisors today:

Our Related Guides

We have included some helpful links that may be of interest to you.

For further information on a sort code data breach, please contact us through the live chat feature in the corner.