When you make a booking with a hotel, whether directly or through an online platform such as booking.com or Expedia, you are required to hand over a lot of sensitive personal information, including your name, address, date of birth and payment details.
If that personal information is exposed in a data beach, it can be very serious, opening you up to the potential for fraud, as well as significant worry and emotional distress. Should you be a victim of a hotel data breach, it might be comforting to know that you may be entitled to compensation.
Any hotel or hotel booking platform that collects, processes and stores your personal data has a legal obligation to keep that data safe. This is covered by the Data Protection Act 2018, which is the UK version of the General Data Protection Regulation (GDPR).
If you have suffered financial damage, emotional distress, or a loss of privacy due to a hotel breaching any part of the Data Protection Act 2018, you have a right to claim compensation.
At Hayes Connor Solicitors, we have a wealth of combined experience helping people to claim compensation where their personal data has been lost, stolen or otherwise exposed due to breaches of data protection laws, including in hotel data breaches.
As one of the largest teams of data breach experts in the UK, we can help you claim everything you are entitled to for a hotel data breach. Even if you have not suffered any financial losses, you may still be able to claim.
Worried that making a claim will be difficult or stressful at an already tough time? Our team will work closely with you, keeping the process as simple and straightforward as possible. We’ll explain everything in plain English and keep you up to date on progress at all times, so you’ll never be left confused or wondering what is happening or what you need to do next.
Where we believe you have a case for claiming hotel data breach compensation, we may be able to act for you on a no win, no fee basis, removing any financial risk from the process of making a claim.
Think you are entitled to compensation for a hotel data breach? Use our simple and secure online claim form to share the details of your situation and we will get back to you shortly to let you know whether we can help.
To speak to a member of our team now about what to do if your personal details have been exposed in a hotel data breach, please call us on 03300415139.
What our clients say
Since Day 1 the feedback from our clients has been fantastic and is a real credit to our team. We are proud of our Excellent rating on Trustpilot and invite you to read some of the recent reviews here:
Are you owed compensation for a hotel data breach?
Fundamentally, if a hotel or hotel booking platform has failed in its legal obligations under the Data Protection Act 2018 and your personal data has been exposed as a result, you will be owed compensation. This is true even if you have not suffered anything specific due to the breach.
Knowing whether an organisation has breached the Data Protection Act can be difficult, but fortunately this is not something you will usually need to worry about. This is because any organisation that suffers a data breach is legally required to tell the Information Commissioner’s Office (ICO), which will then carry out an investigation.
ICO will determine whether a data breach has occurred and this will be made public. This makes things much simpler for anyone wishing to pursue a claim, however, it does mean it is normally necessary to wait for the result of their investigation before making a claim.
What compensation can you get for a hotel data breach?
This will all depend on how the breach has affected you. There is no requirement to show that you have suffered any specific harm in order to be able to claim compensation, but generally you will be able to claim more substantial damages if you can show one or both of the following:
For example, if your financial details were fraudulently used to make payments or take out credit in your name.
For example, if the stress of a data breach has left you with difficulty sleeping, feeling ill, unsettled and/or confused.
Is there a time limit to claim hotel data breach compensation?
The standard time limit to make a data breach claim is 6 years.
However, this is not necessarily counted from the date the breach occurred, but rather the time when you first became aware of it (or should reasonably have been aware of it). In most cases, this will be when the organisation that held your data notifies you of the breach in line with their legal obligations under the UK’s data protection laws.
We recommend speaking to us as soon as possible to give you the best chance of being able to claim, but it is still worth getting in touch even if you think you may have missed your chance as the time limits can be complicated, so you might still have time to claim.
How to start a hotel data breach claim
You first need to find out whether you have grounds for a claim. Our professional, friendly team will be happy to discuss a potential hotel data breach compensation claim with you and provide clear advice on whether we believe you may be owed compensation.
If you are not sure whether your personal details have been misused or mishandled, we can find this out for you.
Where we determine there is likely grounds for a claim, we will take care of the whole claims process for you. We will contact the organisation responsible for the breach and work tirelessly to ensure you get the compensation you are owed.
To get the claims process started, you can use our simple and secure online claim form to share the details of your situation and we will get back to you shortly to let you know whether we can help.
Or, if you want to speak to a member of our team, please get in touch.
Hotel data breach FAQs
Under the terms of the Data Protection Act 2018, any organisation that suffers a data breach is obliged to notify anyone whose data may have been affected. This does not always work out in practice, however, as organisations do not always meet this legal obligation and, even if they do, the relevant emails can easily be missed.
In many cases, victims only find out about a data breach when an organisation is fined by the Information Commissioner’s Office (ICO).
If you think you may have been the victim of a data breach (e.g. you are suddenly getting more spam emails and/or cold calls) you can check with haveibeenpwned.com to see if any emails you use have been compromised in a data breach.
Where a hotel (or any other organisation) suffers a data breach, they have a legal duty to inform the Information Commissioner’s Office (ICO). If you have been notified or a breach, this should already have happened, but it is a good idea to check.
If you believe you have been the victim of fraud following a data breach, you should report this to the police and Action Fraud.
In the wake of a data breach, ICO will normally recommend that the organisation responsible takes various actions to reduce the risk of future breaches. Sadly, such recommendations are not always acted upon, so there is no guarantee an organisation that has suffered one data breach will not experience another in future.
One option to prevent your data being exposed against is to request that an organisation delete any data is holds about you. You can then be confident there is no risk of them allowing your data to be exposed again in future.
You can contact a hotel directly to ask them to delete your data or our data breach experts would be happy to discuss how we can help with this.
Examples of hotel data breaches
Millions of people’s payment details at risk from booking.com and Expedia data breach
The payment details of millions of hotel customers may have been leaked due to a data breach affecting the software company behind a major hotel reservation system.
In a breach first uncovered on 6 November 2020, it was found that a cloud-based system used by leading hotel booking companies including booking.com and Expedia to process bookings had no security in place.
The data at risk covers bookings as far back as 2013 and includes highly sensitive data, including credit card and CVV numbers, full names, addresses and ID numbers of guests, as well as details about customers’ reservations.
How to stay safe following a hotel company data breach
If you are concerned that your personal details have been stolen or otherwise exposed in a hotel data breach, the following steps can help to minimise the risk of further harm:
Contact your bank or credit card company – if you believe your financial details may have been exposed.
Change your passwords – both on any affected accounts and anywhere else you’ve used the same ones.
Get up to date cybersecurity software – this can protect you from being targeted by any cybercriminals who get hold of your data.
Register with the Cifas Protective Registration service – they’ll make sure extra checks are carried out if anyone tries to take out products or services in your name.
Report the breach to the Information Commissioner’s Office – they can investigate how the breach happened and take action against the organisation responsible.
Speak to a data breach expert – as well as telling you if you’re entitled to compensation, they can also advise you on having your data removed, so you aren’t at risk from future breaches at the same company.
At Hayes Connor Solicitors, we help you to claim compensation and steer you through the aftermath of a hotel data breach – minimising the impact on you as much as possible.
With strict time limits in place for making a hotel data breach claim, it’s important to act now to make sure you don’t miss out on your right to compensation.
You can find out more about our expertise and how we handle claims here. To have your claim assessed for free, you can use our secure online claim form. Or to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5137.
Handled my Data Breach Claim case very professionally, kept me informed throughout, would definitely use again if needed and would recommend to friends and family
Hayes Connor dealt with my data breach claim in a professional manor, they kept me up to date with my claim and there representatives were always polite and clear in there instructions. Hayes Connor also exceeded my expectations with the amount of compensation I received. I would highly recommend this firm and would certainly use them again.
I instructed Hayes Connor to deal with a serious personal data breach.... I have dealt with many legal firms over the years and, without question and in every respect, Hayes Connor stands apart; head and shoulders above all others I have ever worked with and who, so often, have disappointed.
Many thanks for your swift and professional dealing of this matter. I am very grateful for all your help and can get on with life a bit better.
Personal details of more than 400 University of Essex students have been exposed in a data breach, the university has confirmed in a statement. Hayes Connor is already representing a...
To speak to one of our experts please call 0330 041 5134 or fill out our form to make a claim.
Get in touch
Your choice regarding cookies on this site
Some cookies are essential, whilst others help us improve your experience by providing insights into how the site is being used. The technology to maintain this privacy management relies on cookie identifiers. Removing or resetting your browser cookies will reset these preferences.
These cookies enable core website functionality, and can only be disabled by changing your browser preferences.
Google Analytics Cookies
Google Analytics cookies help us to understand your experience of the website and do not store any personal data. Click here for a full list of Google Analytics cookies used on this site.
Third-Party cookies are set by our partners and help us to improve your experience of the website. Click here for a full list of third-party plugins used on this site.