Home / News & Resources / News & Updates / What to do if your employer is hacked

What to do if your employer is hacked

  • Posted on

Legal Director Richard Forrest runs through the steps that you need to take if you learn that your employer has been hacked, including your options for making a data breach claim with Hayes Connor.

Unfortunately, employers are often the target of cybercrime, leading to substantial data breaches, where the information of current and former employees is compromised.

Take the recent Eurocell data breach as an example. Current and former employees were left vulnerable after a cyber-attack led to employees’ data being copied from the internal systems of the company.

If your employer is hacked, leading to a workplace data breach, it is important that you understand what steps you should take and what your rights are.

In this article, we will discuss:

Is my employer responsible for my personal data?

Yes. Every employer has a legal obligation to keep your personal data secure and out of the hands of any unauthorised third parties.

This means that your employer should have strict policies in place for the handling of personal data and will ultimately be responsible if your data is exposed without your permission.

Under current data protection legislation, the data owner or controller must follow the guidelines of the legislation and undertake suitable risk assessments to ensure that the location they store the data in is secure and has suitable privacy measures.

It is important to note that this also includes situations where your employer was hacked. If it can be shown that your employer did not have robust security procedures in place to prevent an attack or did not respond accordingly to a cyber-security threat, they will be deemed responsible.

Can I sue my employer if they were hacked?

You may be able to bring forward a claim for compensation against your employer if they were hacked, leading to your personal data being exposed.

If your data is exposed, compensation can be claimed to cover any direct financial losses caused by the data breach, as well as the distress caused by having your information at risk of falling into the wrong hands.

What is the claims process if my employer is hacked?

If your employer is hacked, leading to your data being exposed, the first step will usually be for one of our expert data breach solicitors to contact the responsible organisation. During this, we can use any findings from the Information Commissioner’s Office (ICO) to assist with the initial dealings with said organisation.

When it has been clearly established that a breach has occurred, and the full impact of the breach has been assessed, our team can then proceed to place a value on your claim for compensation.

Often, workplace data breach claims that occur after your employer is hacked can be resolved without the need for any contentious court proceedings. However, in the event that a settlement cannot be reached, court proceedings could be required to ensure that you are able to access the compensation you deserve.

Whatever the circumstances, our team can guide you through the process of making a claim against your employer if they have been hacked, leading to a data breach.

What can you claim for if your employer is hacked?

If your employer is hacked, leading to a data breach, you may be in a position to make a claim for compensation.

Financial losses

Following the loss of personal data by your employer, there is a chance that the responsible party will be able to access personal data which is stored on internal systems. While the exact data that can be exposed in a data breach will vary, prior data workplace data breaches have shown that payroll information and personal details are often compromised.

With the right information at their disposal, criminals may be able to apply for credit in your name, set up fraudulent bank accounts or access any existing accounts you have.

Direct financial losses like these are likely to be sufficient grounds to make a workplace data breach claim.


There may be a scenario where a data breach caused by your employer being hacked does not necessarily lead to any direct financial losses. Even still, having your personal information exposed is a very distressing event, which means that you may be able to bring forward a claim to account for this.

Knowing that your personal data has been accessed by an unauthorised third party can have an impact on both your physical and mental health. Suffering from a lack of sleep, feeling ill,  being unsettled or stressed are all common symptoms of being the victim of a data breach. Your family, friends and job can also be affected by a data breach.

How do I know if my employer has been hacked?

Any organisation which experiences a cyber-security attack is required to follow a number of steps. They are required to send a report of the incident to the Information Commissioner’s Office (ICO), who will then conduct an independent review of the incident and take appropriate action. This must be done without ‘undue delay’ and within 72 hours.

They should also directly notify anyone whose data has been compromised (this could be anyone such as a customer, client, current employee or former employee).

If you have not received any communication from your employer, but you suspect that they have been hacked or that your data has been compromised, your first port of call should be to get in touch with your employer directly.

You can also speak to the ICO, or one of our data breach specialists, who can provide an independent assessment of the situation and surrounding circumstances.

How long do I have to make a data breach claim against an employer?

If your data is exposed in a data breach, there are strict time limits in place to bring forward a claim for compensation. The current limitation for data protection claims is six years from the date of the breach (or the date when you could have reasonably been aware that a breach took place). This time limit is reduced to one year if it involves a breach of Human Rights.

Can your employer disclose personal information?

The Data Protection Act 2018 details that employers are only able to collect personal data which is “adequate, relevant and necessary”. Any detrimental effects on individual privacy should also be identified.

The Data Protection Act also stipulates that any organisation which uses personal data must demonstrate that:

  • Employees were informed of the purpose of the use of their personal data
  • Employees were given a clear explanation of how their data would be treated

It is also important to note that employees must freely consent to the use of their data. This means that you may be able to take action against your employer in situations where they were not hacked, but willingly disclosed your personal information without your permission.

How Hayes Connor can support you if your employer has been hacked

If your employer has been hacked, leading to a data breach, our solicitors may be able to support you to make a compensation claim. Our team can act for clients on a no win, no fee basis, removing the financial risk of pursuing a claim for compensation.

At Hayes Connor, we are one of the largest teams of data breach claims specialists in the country. Our team have a wealth of combined experience and expertise in securing compensation for victims of data breaches. We can advise you on whether you are likely to have grounds for a claim, the level of compensation you may be entitled to and the steps you need to take to bring forward a claim.

Our goal is to ensure that anyone who is affected by a workplace data breach is able to get the compensation they deserve, while making the claims process as simple and stress-free as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form and we will get back to you shortly to let you know if we believe you have grounds for compensation.

If you would like to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135.