Private company data breaches

Your personal data is valuable. Companies have a legal duty to protect your personal data under the GDPR Data Protection Act 2018. Yet private companies often do not protect your personal information as well as they should. As a result of this failure to offer adequate data protection, data breaches can occur.

Many popular and well-known companies are private companies. The businesses you shop with every day are most likely private companies including those within the retail, automotive, clothing, airline, energy, and food industries. When dealing with these companies, it is likely that you will at some point share your personal information with them. Personal information shared with private companies can include your credit card details, full name, address, email address and passport information. If these personal details are leaked, it could have distressing financial or emotional effects.

If you have experienced financial or emotional distress due to a private company data breach, please complete our data breach claim form to find out how we can help you claim compensation.

How private company data breaches occur

As private businesses collect your personal data in-person and online, it is important that they have secure measures in place to protect your information. Unfortunately, this is not always the case. There are many reasons why data breaches can happen including:

  • Improper and insecure data storage
  • Data leaks
  • Cybercrime and hackers
  • Accidental exposure, sharing or misplacement of personal data
  • Malicious exposure or sharing of personal data

Almost every week a major data breach is reported to the ICO – the independent regulatory office responsible for upholding information rights. In today’s digital world, UK businesses are at greater risk of data leaks. Yet, human error still remains as one of the primary causes for private company data breaches.

Examples of data breaches caused by human error include:

  • Emailing personal information to the wrong recipients
  • Failure to use BCC when sending a mass email
  • Posting personal data to the incorrect recipient
  • Using non-GDPR compliant visitor books or forms to collect personal data in-person
  • Losing or misplacing personal data files
  • Misconfiguration of, or failure to update, data security software

Along with the above examples of human-related data breaches, private companies may also experience data breaches as a result of cybercrime or online hacking. By using inappropriate data handling policies and procedures or lacking vigilant data security measures, private companies may inadvertently be putting themselves, and their customers, at risk of a data security breach.

What to do if you are a victim of a private company data breach

If you notice that you have fallen victim to a personal data breach committed by a private company, do not panic. At DRM Legal, our expert team of data breach lawyers can help you claim compensation for any private company data breach that may have affected you.

Prior to a data breach happening, there are other things that you can do to help protect your personal data and minimize the risk of any further personal data violations.

Here are some steps you can take to further protect your personal data:

Check for recent data breaches

If you suspect an online retailer or private company that has your personal data has been comprised, you can check for a recent data breach by entering your email address on the Have I Been Pwned website. This website will then search through known databases of leaked email addresses to let you know if your email address has been compromised.

If you use Chrome as your main web browser, Chrome will now warn you if your stored username or passwords have been compromised in a data breach on the site or app you are visiting. You can then use this to determine which company may have breached your personal data. When receiving a message that your email address and password has been comprised, make sure you then update your password to ensure safe browsing going forward.

Update your passwords

If you are aware of your data being breached by an online company, it is important that you update your password for the affected site and any other site where you use the same password.

Your passwords are not invincible. Even if you haven’t fallen victim to a data hack, it is wise to make sure that you use high-strength passwords that cannot be easily guessed. When updating your passwords, avoid using identifiable information. Instead, opt for a random string of letters, symbols and numbers and be sure to use different passwords for each website you have an account with. While this may raise concerns about remembering your password, you can use password storage software to recall your log-in credentials for you.

Check your bank statement for unusual activity

Banks are normally quite good at informing customers about unusual activity. However, fraudulent card usage can sometimes fly under the radar. Therefore, it is a good idea to frequently check your bank statements to make sure no unusual charges are appearing. If you do notice unusual activity following a data breach, contact your bank to ask them to block the fraudulent payment and make plans to update your affected credit or debit card.

Submit a data breach claim

At DRM Legal, we can help you gain the compensation you deserve for a data breach. Under GDPR, businesses have a legal requirement to inform you in they have breached your personal data. Unfortunately, this does not always happen. If you are worried that your personal data may have been misused or breached by a private business, we can help you assess the situation and determine whether you have a claim for compensation.

We are experienced in handling data breach claims against a wide range of private businesses including retailers, telecommunication companies, leisure companies, newspaper and other media publications, small businesses and energy companies. If your data has been breached, leaked, misused or hacked, complete our short compensation claim form to find out whether you have a valid data breach claim.


Our dedicated team is here to assist you with any questions you may have regarding personal data breaches. Please feel free to contact us if you believe that you have suffered fiancial or emotional distress as a result of a data breach within the past 6 years. If you would like to know whether you are eligible to make a compensation claim, please complete our claim enquiry form.