My Customer Billing Data Was Accessed From A Data Breach – Can I Claim?

By Lewis Prince. Last Updated 22nd December 2022. If you have suffered harm because your customer billing data was accessed in a data breach, you may be wondering if you can claim compensation.

customer billing data accessed data breach

Customer billing data accessed in a data breach claims guide

The data rights of UK residents are set out by the Data Protection Act 2018 (DPA) as well as the UK General Data Protection Regulation (UK GDPR).

The Information Commissioners Office (ICO), upholds these legislations. The ICO has the authority to investigate and, if necessary, fine organisations for poor data protection.

In this guide, we will discuss how to make a personal data breach claim. We will explain what personal data is and how your data could be unlawfully accessed in a data breach. If you have any further questions regarding personal data breach claims, contact our team of advisors. They can tell you if your claim is valid, as well as how to proceed. To get in touch:

Choose A Section

  1. Can I Claim If My Customer Billing Data Was Accessed In A Data Breach? – A Guide
  2. How Could My Customer Billing Data Be Accessed In A Data Breach?
  3. How Quickly Should A Data Breach Be Reported?
  4. Evidence For Customer Billing Data Accessed In A Data Breach
  5. What Data Breach Payout Could I Receive From A Successful Claim?
  6. Why Use No Win No Fee Data Breach Solicitors To Claim?
  7. Learn More About Data Breach Claims

Can I Claim If My Customer Billing Data Was Accessed In A Data Breach? – A Guide

Your personal data is any information that, when used independently or alongside other details, could reveal or infer your identity. This means that personal data can range from basic details, such as your name, address and contact details, up to special category data relating to your health, religion, trade union memberships, political beliefs or your sexuality. Special category data is a kind of personal data that needs extra protection due to its sensitive nature.

A data controller is responsible for establishing the purpose of using your data, as well as how they intend to process it. A data processor then processes this data by following the controller’s instructions.

A personal data breach is a security incident that affects your data and its confidentiality, its integrity, or its availability. In order to claim for a personal data breach, however, it must be a result of the data controller or processor’s wrongful conduct, and it must cause you to suffer harm.

To learn more about what to do if your customer billing data was accessed in a data breach, get in touch with our team of advisors.

How Could My Customer Billing Data Be Accessed In A Data Breach?

Below are some example scenarios of positive wrongful conduct that could give rise to a data security incident involving customer billing information:

  • Data misdelivery: If an online retailer sends your receipt or invoice to the wrong email address, this could allow a third party to access your personal data.
  • Cyberattack: If a retailer fails to utilise adequate cybersecurity policies, then this could leave your credit card or debit card information vulnerable to cybercriminals.
  • Verbal disclosure: Your customer billing data could be accessed through verbal disclosure. For example, a bank employee could disclose your billing information over the phone without first conducting an identity or security check.

These are just a few examples of how wrongful conduct can lead to a personal data breach. To learn more, get in touch with our advisors today. Or, read on to find out how to report a data breach.

How Quickly Should A Data Breach Be Reported?

If you are a customer and your billing data is accessed in a breach, you might wonder, ‘how quickly should a data breach be reported?’.

When an organisation first becomes aware of a data protection breach that has had an impact on your freedoms or rights, the ICO must be notified within 72 hours. Additionally, they should inform you of the breach without undue delay.

After being notified that you have been affected by a breach, if you are concerned that your personal data may have been compromised, you could get in touch with the organisation. They should offer an explanation of how the breach occurred and what personal data was breached.

However, should the organisation offer no response, or you are not satisfied with how they respond, you can report a breach to the ICO. Whilst the ICO offers no compensation, they can begin an investigation into the breach and could subsequently fine the organisation.

Our advisors are available 24/7 and can offer you free legal advice on data breach claims.

Evidence For Customer Billing Data Accessed In A Data breach

Collecting evidence can be helpful when starting a personal data breach claim. This is because it can help strengthen your case. You can do this yourself, or you can seek evidence with the help of a solicitor. Some examples of this evidence can include:

  • Communication with the organisation responsible for the breach
  • Communication with the ICO
  • A notification letter from the responsible organisation
  • Medical records that prove psychiatric harm
  • Bills, bank statements, or invoices that prove financial harm

To learn more about collecting evidence, get in touch with our advisors. Or, to learn more about data breach compensation payouts, read on.

What Data Breach Payout Could I Receive From A Successful Claim?

Material and non-material damage are the two areas of harm that you could claim compensation for. Non-material damage refers to the psychological injuries you suffer because of the breach. For example, if you suffer from anxiety, depression, or distress following the breach, you could be able to claim non-material damage compensation.

The table below showcases figures from the Judicial College Guidelines (JCG). This is a document legal professionals such as solicitors and judges use to help in settling claims. The JCG provides guideline award brackets for various illnesses and injuries.

Type of InjuryDefinitionJC Guideline Award Bracket
Psychological & Psychiatric DamageThe injured person will have marked issues in the areas of work, personal relationships and education with a poor future prognosis.(a) Severe - £54,830 to £115,730
Psychological & Psychiatric DamageA better prognosis than the bracket above, though symptoms are similar.(b) Moderately Severe - £19,070 to £54,830
Psychological & Psychiatric DamageAn improvement is seen by the time the case may need to be heard in court, leading to a better prognosis. (c) Moderate - £5,860 to £19,070
Psychological & Psychiatric DamageAn award bracket that takes into account the length of injury and how it affects daily life.(d) Less Severe - £1,540 to £5,860
Post-Traumatic Stress Disorder (PTSD)Severe and permanent effects impact all aspects of the person's life, leaving no remaining ability to work or function at the pre-trauma level.(a) Severe - £59,860 to £100,670
PTSDStill a significant level of injury but some improvement is seen after professional treatment.(b) Moderately Severe - £23,150 to £59,860
PTSDLargely a recovery with any residual symptoms not being grossly disabling.(c) Moderate - £8,180 to £23,150
PTSDAlmost a full recovery within a 24-month period, and any issues persisting beyond this being minor.(d) Less Severe - £3,950 to £8,180

Please note that these are guideline compensation amounts and not guaranteed payouts.

Can I Claim For Material Damage?

Material damage compensation looks at the financial harm that you suffer because of a data breach. Material damage compensation could cover:

  • Funds stolen from your bank account
  • Damage to your credit score
  • The cost of counselling to deal with the stress

Personal data breach compensation payouts are unique to every claim. To find out how much your claim could be worth, get in touch. Our advisors can offer a free consultation, as well as free legal advice.

Why Use No Win No Fee Data Breach Solicitors To Claim?

One of our panel’s No Win No Fee data breach solicitors could start working on your claim with a Conditional Fee Agreement (CFA). Usually, a solicitor that works under a CFA will not require any upfront fees or ongoing costs to be paid to them for their services.

If your claim is successful, then the only fee your solicitor will request is a success fee. This is taken from your compensation directly as a percentage with a legal cap. But, in the event that your personal data breach claim isn’t successful, then your solicitor will not require a fee for their work.

To find out how a solicitor from our panel could benefit your claim, contact our team of advisors.

Contact Us For Free To See If You Can Claim When Customer Billing Data Was Accessed From A Data Breach

If you want to learn more about how a No Win No Fee agreement could help you start a claim, please get in touch:

  • Find out more by calling our advisors on 0800 408 7827
  • Or contact us online
  • Use the live support chat option below

Learn More About Data Breach Claims

The articles below offer further reading on similar topics:

Or, for more resources:

Contact our team for more questions on how to claim if your customer billing data was accessed in a data breach.

Writer Jeff Wilders

Editor Cat Hunt