News & Resources

What to do if your data has been stolen in a data breach

  • Posted on

Finding out that your data has been stolen, lost or otherwise exposed in a data breach can be very worrying, upsetting and confusing. Where there is the possibility that your personal or financial data may be in the hands of cybercriminals, you could be at risk of identify fraud and other types of cybercrime which could have a significant impact on your life.

If you find yourself in this situation, there are several things you should do immediately to protect yourself against the risk of fraud. There are also a number of steps you will need to take in the longer term to minimise the risk of ongoing threats from cybercriminals.

What to do immediately following a data breach

Contact your bank and/or credit card company

If you believe your financial details may have been exposed due to a data breach, you should contact your bank and/or credit card company immediately to let them know. They will be able to cancel any affected cards and prevent any large transactions that may be fraudulent.

You should also carefully check your statements yourself to check for any suspicious transactions.

Change your passwords

One of the first and simplest steps to take is to change your passwords, both for the company and organisation that suffered the breach and anywhere that you may have used the same password.

Ideally, you should always use different passwords for every place your data is held. If you are concerned about remembering multiple passwords, you can use a password manager to securely remember them for you.

Get up to date internet security software

Internet security software is increasingly focused on defending people against a wider range of threats than just viruses. Most providers now include options to help protect customers against fraud, so making sure you have up to date internet security software is essential.

Register with the Cifas Protective Registration service

If you have been informed that your data has been stolen or you are worried about this possibility, you can register with the Cifas fraud prevention service.

This means your name and personal details will be flagged in their National Fraud Database which is used by a wide range of companies to check for people at risk of fraud. Companies that use the Cifas National Fraud Database will then perform additional checks when your details are used to apply for products and services, reducing your risk of fraud.

The Cifas Protective Registration service currently costs £25 for two years.

Find out more about Cifas protective registration.

Report the breach to Action Fraud

Whether you have been notified by an organisation that your data has been exposed or you have reason to suspect your data has been stolen, you should consider reporting this to Action Fraud, which is the UK’s national reporting centre for fraud and cyber crime.

The service is run by the City of London Police in partnership with the National Fraud Intelligence Bureau (NFIB), so making a report to Action Fraud can help to ensure the breach is investigated and that criminal proceedings can be initiated where appropriate.

Find out more about reporting fraud and cybercrime to Action Fraud.

Consult a data breach claims specialist

If your data has been breached, it is a good idea to speak to a specialist in data breach claims. Not only will they be able to advise you if you are owed compensation, but they can also potentially assist with getting an apology from the company that allowed your data to become exposed, making sure your data is held more securely in future and/or having your data erased from the database of the organisation that suffered the breach.

Compensation for a data breach can cover specific financial losses as well as your emotional distress. However, you do not necessarily need to have suffered financial losses or emotional distress in order to be entitled to compensation for a data breach.

In general, you will likely be entitled to compensation if you have suffered a privacy violation caused by an organisation breaching any part of the General Data Protection Regulation (GDPR) or the Data Protection Act.

Find out more about making a data breach claim.

Other important steps to take following a data breach

Be alert for scam emails

If your email address has been stolen in a data breach, it is likely that cybercriminals will attempt to get further information from you (such as your bank details) by using scam emails.

Always be wary of any unsolicited emails you receive asking for personal details, even if they appear to be from a reputable source. A technique known as 'email spoofing' can allow scammers to make it appear as an email comes from a trusted email address, even though it is actually a scam.

There is no legitimate reason to be sharing your personal details via email – no reputable company should ever ask you to do this. If you do need to share personal details with a company, always do so over the phone (using their publicly listed phone number) or via their website

Also be wary of suspicious requests, such as being asked to move money to a different account. Cybercriminals will often claim that this needs to be done for anti-fraud reasons, knowing that you are likely to be worried about fraud after a data breach.

Keep an eye on your credit score

It is possible fraudsters will attempt to take out credit in your name, so you should make sure you can monitor any attempts to do so.

By registering with the three major credit reference agencies, Equifax, Experian and TransUnion, you can see if any credit checks are made against your details and, therefore, whether anyone is attempting to take out credit in your name.

You can register with these credit agencies for free and they will tell you the name of any company that has run a credit check against you. You can then contact those companies to make sure any attempts to take out credit in your name are rejected or cancelled.

Contact the Information Commissioner's Office (ICO)

If you are concerned about the way a company or organisation has dealt with your data, you may want to consider making a complaint to the Information Commissioner's Office (ICO).

ICO will be able to investigate and determine whether your data has been handled properly. If a company or organisation has informed you of a breach, then they should already have informed ICO about this, but it is a good idea to check. This can help to make sure the party that held your data is dealt with properly and the risk of future breaches can be minimised.

How Hayes Conner can help with data breaches

Hayes Connor is home to the largest team of data breach claims specialists in the country. We can guide you through dealing with any situation where your data has been lost, stolen or otherwise exposed, helping you to secure fair compensation.

Our data breach claims team can help with:

  • Advising you on if have grounds to claim compensation
  • Making a claim on your behalf
  • Securing an apology
  • Seeking assurance that your data will be stored more securely in future
  • Having your data erased from the breached database (where appropriate)

We know how distressing dealing with these situations can be, as well as how confusing and intimidating the idea of making a claim can seem. However, with over 50 years of experience and an excellent track record of success for our clients, we can help to keep the process of pursuing a data breach claim simpler, more straightforward and less stressful.

Please be assured: our claims process is fully compliant with ICO guidance and we will never put your details at risk.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form or, to speak to a member of our team, please do not hesitate to give us a call on 0151 363 5895.

Contact us