Universities hold a range of personal and often highly sensitive data on students, staff and alumni. If your personal information has been exposed in a university data breach, it can be very serious, with the potential for significant emotional distress, financial losses, damage to your career or reputation and other significant consequences.
Like any organisation that holds sensitive data, a university has a legal duty to protect any personal information is collects, processes or stores. This is covered by the Data Protection Act 2018, which is the UK version of the General Data Protection Regulation (GDPR).
Sadly, when data breaches occur, it is all too common that the ultimate cause is an organisation was not meeting its data protection obligations. It may be that they did not have sufficient security measures in place or, more often, that simple human error led to sensitive data becoming exposed. In either case, this is a breach of the Data Protection Act.
If you have suffered financial damage, emotional distress, or a loss of privacy due to a university or other higher education institution breaching any part of the Data Protection Act 2018, you have a right to claim compensation.
At Hayes Connor Solicitors, we have a wealth of combined experience helping people to claim compensation where their personal data has been lost, stolen or otherwise exposed due to breaches of data protection laws.
As one of the largest teams of data breach experts in the UK, we can help you claim for your financial losses, emotional distress and loss of privacy following a university data breach.
Worried that making a claim will be difficult or stressful at an already tough time? Our team will work closely with you, keeping the process as simple and straightforward as possible. We’ll explain everything in plain English and keep you up to date on progress at all times, so you’ll never be left confused or wandering what is happening or what you need to do next.
Where we believe you have a case for claiming university data breach compensation, we may be able to act for you on a no win, no fee basis, removing any financial risk from the process of making a claim.
Think you are entitled to compensation for a university data breach? Use our simple and secure online claim form to share the details of your situation and we will get back to you shortly to let you know whether we can help.
To speak to a member of our team now about what to do if your personal details have been exposed in a university data breach, please call us on 0151 363 5895.
Are you owed compensation for a university data breach?
You will be owed compensation if it is found that your university failed to take sufficient precautions to protect your data. Common examples of such failures include not having effective security in place (e.g. using outdated security software) or university staff not properly follow security procedures.
Whatever the situation, if the organisation failed to meet its obligations under the Data Protection Act 2018, you will have a claim – even if you haven’t suffered as a result.
Where a data breach is suspected, the Information Commissioner’s Office (ICO) will carry out an investigation. ICO will determine whether a breach has occurred, so it is usually necessary to wait for the result of their investigation before making a claim.
What compensation can you get for a university data breach?
The exact compensation available will depend on the impact of the breach on you. While you do not need to show specific harm in order to be entitled to compensation, you are likely to be able to claim substantially more if you can show that you suffered one of the following:
Financial losses
Including situations such as where your financial details have been used for fraudulent payments or where your personal details have been used to fraudulently take out credit in your name.
Distress
Victims of a data breach often experience issues such as difficulty sleeping, as well as feeling ill, unsettled and/or confused. This can affect every aspect of your life, including your job, family and friends and you can claim for this negative impact.
How long do you have to claim compensation for a university data breach?
The basic time limit is 6 years from the date when a data breach occurred to bring a claim. However, it is common that data breaches are only exposed months or even years after they occurred. In such cases, the time limit to claim will usually be extended, giving you longer to pursue compensation.
Therefore, while it important to speak to our team as soon as possible about pursuing a claim, it is also worth speaking to us even if the breach happened several years ago.
How to start a university data breach claim
The first step is to find out whether you have grounds for a claim. Our professional, friendly team will be happy to review your circumstances and advise you on whether we believe you are likely to be entitled to university data breach compensation.
If you are not sure whether your personal details have been misused or mishandled, we can find this out for you.
Once we establish that you have grounds for compensation, we will take care of the whole claims process for you. We will contact the university responsible for the breach and work tirelessly to get you the compensation you deserve.
To get the claims process started, you can use our simple and secure online claim form to share the details of your situation and we will get back to you shortly to let you know whether we can help.
Or, if you want to speak to a member of our team, please get in touch.
Credit and debit card data breach FAQs
When any organisation suffers a data breach, they are required to inform anyone whose personal data may have been affected. This duty is defined under the terms of the Data Protection Act 2018.
Unfortunately, this does not always work as planned, for example an email from your university about a data breach might be missed. It is often the case that victims only become aware of a data breach when an organisation is fined by the Information Commissioner’s Office (ICO).
If you are concerned that you may have been the victim of a data breach (e.g. because you have noticed an increase in spam emails and/or cold calls) it is worth checking with a resource such as haveibeenpwned.com which can tell you if your email address has been included in a breach.
If your university or former university has suffered a data breach, they have a legal duty to inform the Information Commissioner’s Office (ICO). At the point where you are likely to find out about a breach, this should already have happened, but it is always worth checking that this has been done.
If you believe you have been the victim of fraud following a data breach i.e. your personal details were used to fraudulently take out credit in your name, then you should report this to the police and Action Fraud.
Following any type of data breach, ICO will normally recommend actions that must be taken to minimise the risk of future breaches. Unfortunately, there is no guarantee that such recommendations will be followed effectively, so the risk of a future breach is something you must be aware of.
If you are concerned about this, it may be possible to have any data that the university in questions holds about you deleted. This can remove the risk to you from any future breaches.
Should you wish to have your data deleted, you can contact your university directly or our data breach experts would be happy to discuss this with you.
Examples of university data breaches
The University of Greenwich fined £120,000 for serious security breach
The University of Greenwich was fined £120,000 by ICO following a serious data breach that led to personal data of nearly 20,000 staff, students and alumni being compromised. The hack related to a university microsite developed for a training conference in 2004 that was never shut down and was compromised in 2013 and again in 2016.
Data exposed in the hack included names, addresses and telephone numbers, as well as more sensitive data about 3,500 people, including information on extenuating circumstances, details of learning difficulties and staff sickness records.
How to stay safe following a university data breach
If you are concerned that your personal details have been stolen or otherwise exposed in a university data breach, the following steps can help to minimise the risk of further harm:
Contact your bank or credit card company – if you believe your financial details may have been exposed.
Change your passwords – both on any affected accounts and anywhere else you’ve used the same ones.
Get up to date cybersecurity software – this can protect you from being targeted by any cybercriminals who get hold of your data.
Register with the Cifas Protective Registration service – they’ll make sure extra checks are carried out if anyone tries to take out products or services in your name.
Report the breach to the Information Commissioner’s Office – they can investigate how the breach happened and take action against the organisation responsible.
Speak to a data breach expert – as well as telling you if you’re entitled to compensation, they can also advise you on having your data removed, so you aren’t at risk from future breaches at the same institution.
At Hayes Connor Solicitors, we help you to claim compensation and steer you through the aftermath of a university data breach – minimising the impact on you as much as possible.
With strict time limits in place for making a university data breach claim, it’s important to act now to make sure you don’t miss out on your right to compensation.
You can find out more about our expertise and how we handle claims here. To have your claim assessed for free, you can use our secure online claim form. Or to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5137.
We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. Clicking Reject All only enables essential cookies. For more detailed information about the cookies we use, see our Cookies page. For further control over which cookies are set, please click here.
Our use of cookies.
You can learn more detailed information in our Privacy Policy
Some cookies are essential, whilst others help us improve your experience by providing insights into how the site is being used. The technology to maintain this privacy management relies on cookie identifiers. Removing or resetting your browser cookies will reset these preferences.
Essential Cookies
These cookies enable core website functionality, and can only be disabled by changing your browser preferences.
Google Analytics Cookies
Google Analytics cookies help us to understand your experience of the website and do not store any personal data. Click here for a full list of Google Analytics cookies used on this site.
Third-Party Cookies
Third-Party cookies are set by our partners and help us to improve your experience of the website. Click here for a full list of third-party plugins used on this site.
