What Are My Rights After A Mortgage Provider Data Breach?

I Suffered A Psychological Injury After A Mortgage Provider Data Breach, What Are My Rights?

mortgage provider data breach

When applying for a mortgage, you may find you need to disclose a lot of personal information on the application form. You’re probably happy to do so if it helps to secure your new home. However, have you thought about what might happen if that information isn’t secure? Well, in this guide about mortgage provider data breach claims we’ll look at the harm that a breach could cause.

We’ll also discuss when you could be eligible to claim compensation for harm and the amount you might seek. As we continue, we will explain how the General Data Protection Regulation (GDPR) offers you (the data subject) more control over the use of your data.

Accident Claims UK is here to offer our help if you do wish to make a claim. Our advisors provide free legal advice about the claims process and offer to review any case on a no-obligation basis.

If your case appears to have strong grounds, we could pass it on to one of our data breach solicitors. Any case that they agree to take on will be managed on a No Win No Fee basis.

If you would like to talk to us today about making a claim, please give us a call on 0800 073 8801. When you call, an advisor will walk you through the claims process, review your options and answer any queries that arise.

To learn more about data breach claims before calling, please read the rest of this article.

Select A Section

A Guide On Mortgage Provider Data Breach Claims

The mortgage application process may involve face-to-face meetings with an advisor or it could be carried out online. However you apply, you can be sure of one thing: you will have to supply the mortgage provider with a lot of information about yourself.

Often it is the type of information you wouldn’t want to get into the wrong hands. If it were to be leaked, you might suffer from worry, anxiety and depression. You may also lose out financially. Luckily, the GDPR and the Data Protection Act 2018 have been introduced to reduce the risk of personal data loss.

When data controllers (such as mortgage providers) wish to use your personal data, there needs to be a lawful basis. There are seven lawful bases including asking for your permission before any data is processed.

The Information Commissioner’s Office (ICO) is the UK watchdog for data protection laws. If a GDPR data breach is reported to them, they can launch an investigation to find out what’s happened. Where laws have been broken, the ICO has powers that allow it to issue fines of millions of pounds.

They can also suggest changes in the way that a company handles data. However, their powers don’t stretch to issuing compensation if you’ve been affected by a breach. For that reason, we’ve written this guide about claiming damages for a mortgage provider data breach.

You should bear in mind that a time limit is in place for data breach claims. Mostly, it is a 6-year limitation period. However, it can be 1 year if the claim centres on a human rights breach. You may wish to confirm how long you have left to claim with a member of our team.

For free legal advice on beginning your claim, please call our team today.

What Personal Data Could My Mortgage Provider Hold About Me?

As mentioned in the last section, mortgage providers ask for all sorts of information about you during the application process. During your time as a customer, the data they hold about you may increase. So, what type of information could your mortgage provider hold about you? It could include:

  • Your personal contact details: names, addresses, email addresses and mobile or home telephone numbers.
  • Website login credentials.
  • Details of previous addresses.
  • Information on your financial history from your credit file.
  • Employment details.
  • Banking details.
  • Transaction history included defaulted payments.

There could be more data held about you than we’ve listed here, in some cases. However, most of the items listed are protected by the GDPR as they could help to identify you.

As well as implementing measures to secure personal data, in most cases, your mortgage provider is not allowed to share your data without your consent (unless in exceptional circumstances). That means, for example, that they couldn’t share information so that a home insurance provider could offer you a quote unless you explicitly agree first.

If you are ready to discuss claiming for a mortgage provider data breach, why not call our advice centre today? We will review your case and provide legal advice for free and without obligation.

What Is A Personal Data Breach Claim Against A Mortgage Provider?

Personal data breaches result from some type of security problem. A breach is where data that could identify somebody is lost, changed, accessed, destroyed or disclosed in a way that is not lawful or authorised. Importantly, compensation for the harm that results from a breach could be claimed whether the incident was accidental, deliberate or illegal.

In many cases, data breaches can be the result of cybercriminals. You may well have read about cases where hacking, ransomware, keyloggers, phishing emails and other similar tactics have been used by criminals to get access to data. However, it is important to understand that the GDPR also covers physical documents as well. For example, if paperwork relating to mortgage applications is left on a train by a broker and a member of the public accesses it, a breach will have taken place.

Here are some scenarios that (if you suffer financially or psychologically as a consequence) could lead to a data breach claim against a mortgage provider:

  • Where your annual mortgage statement is sent to the wrong recipient.
  • If an unencrypted device containing customer information is lost or stolen.
  • Where hackers exploit weak IT security to steal copies of customer data.

When you are ready to discuss your claim with us, please call the number at the top of the page.

Steps A Mortgage Provider Should Take If Affected By A Data Breach

It is imperative that companies that process personal data have an action plan ready in case a data protection breach occurs. If they are made aware of such a breach, they need to take action. This includes:

  • Investigating what has happened and what caused the breach.
  • Keeping the ICO informed about the breach (if it causes risk to the victims’ rights and freedoms).
  • Informing customers about what’s happened if the breach has the potential to cause them harm.

Importantly, if you are informed about a breach involving your data, the letter or email you are sent could be used as evidence in your claim. However, you must also be able to demonstrate that the breach has caused you to suffer. We’ll explain what evidence could help with this later on.

What Action Could The Information Commissioner’s Office Take?

As explained earlier, the ICO has the powers to carry out investigations into organisations involved in data breaches. They can take enforcement action if the rules are found to have been broken. Additionally, they can issue fines that could rack up to millions of pounds.

Having a watchdog is an important data protection measure. That’s especially true when you consider one news story that highlighted a 1000% increase in cyber incidents relating to the financial sector. The report suggests that the number of reports went up from 69 in 2017 to 819 in 2018.

The increase doesn’t necessarily mean hackers have increased their efforts, though. It can also be explained by the fact that all incidents must now be reported and investigated, which is a very good thing.

Article: https://www.bbc.co.uk/news/technology-48841809

When Do I Have The Right To Claim Damages?

If a GDPR data breach causes you to suffer, you could be entitled to seek damages. Also, the GDPR offers data subjects further rights as well. They include the right to:

  • Be informed about the processing of your personal information.
  • Have access to information companies hold about you.
  • Ask for any inaccuracies to be corrected.
  • Request that personal data is erased.
  • Restrict how your personal information is used.
  • Be given copies of your data in a format that you can use easily.
  • Object to the use of your personal data.

You also have rights that govern how your data is used in automated decision making or profiling. Of course, the rules aren’t as black and white as we have shown them here. To learn about your rights in full, please visit the ICO’s website.

Evidence And Documentation Which May Support A Data Breach Claim

It would be nice if you were able to just tell the defendant that you’d like compensation and request a figure. However, the process isn’t that easy. You need to supply evidence to prove how you’ve been affected and that the breach took place. To help do this, you could provide:

  • A letter or email from the mortgage provider telling you that your data was involved in a personal information breach.
  • A report from the ICO that confirms that the breach took place.
  • Financial statements to demonstrate the amount of money you’ve lost because of the breach.
  • Medical reports to show what psychological or emotional injuries the data breach has caused.

Don’t worry if you don’t have all of the above. If you call our team, an advisor will review your evidence and let you know if anything else is needed. If the case appears to be strong enough, they could refer you to one of our data breach lawyers.

Mortgage Provider Data Breach Compensation Calculator

We are now going to concentrate on how much compensation could be paid for psychological or emotional injuries caused by a mortgage provider data breach. We have listed some example figures in our compensation table below. However, for a more personalised compensation estimate, please call our team for a thorough review of your case.

The case of Vidal-Hall and others v Google Inc [2015] had an impact on compensation for data breach claims. During the hearing, the judge found that:

  1. Claims are allowed to be made for injuries resulting from data breaches in cases where no financial losses have been sustained.
  2. Payments for injuries should be made in line with personal injury compensation parameters.

Therefore, we’ve used data from the Judicial College Guidelines in our table. This is a document that helps legal professionals determine compensation amounts in personal injury claims.

InjurySeveritySettlement BracketInformation
General Psychiatric InjurySevere£51,460 to £108,620There will serious issues coping with relationships and life in general. A very poor prognosis will be offered due to there being little chance of treatment helping.
Moderately Severe£17,900 to £51,460The issues will be similar to the above but there will be a more optimistic prognosis.
Moderate£5,500 to £17,900Due to a number of improvements already made, there will be a good prognosis.
Less Severe£1,440 to £5,500The level of award would factor in how long the condition lasted and how it affected sleep and everyday activities.
PTSDSevere£56,180 to £94,470The claimant will suffer permanent symptoms of PTSD. As a result, they won't be able to function at pre-trauma levels or return to work.
Moderately Severe£21,730 to £56,180Although significant issues will exist (as above), the claimant is likely to benefit from specialist treatment. Therefore a more positive prognosis will be offered.
Moderate£7,680 to £21,730The claimant has largely recovered.
Less Severe£3,710 to £7,680A practically full recovery within 1 to 2 years and only minor symptoms remain.

To prove the psychological effect the breach had on you, we recommend a report from a medical assessment. You need evidence that shows the level of suffering the data breach has caused. To prevent excessive travelling, our data breach solicitors can usually book you in for a local appointment.

The meeting would be between you and an independent specialist. They’d try to work out how you have suffered by asking questions and reading available medical records. Once they have finished, the medical report would be prepared. It’d show what injuries have already been sustained and also offer a prognosis for the future.

What Are Non-Material Damages Under The GDPR?

When seeking compensation, it is important to consider any future suffering as well as the harm that has already happened. That’s because only one claim is possible and you can’t request additional compensation for something you hadn’t considered.

There are normally two heads of compensation you could seek in a data breach claim: material and non-material damages. The first relates to the financial impact that results from the data breach. It can include costs, losses and expenses. Initially, you would calculate how much the breach has already cost you.

You may also need to look at future losses as well. For instance, if your credit card details have been sold online by criminals, you might suffer additional losses until the card has been blocked and replaced.

Non-material damages relate to any suffering that results from the breach. This would include conditions that have already been diagnosed. If your medical report states that suffering will continue in the future, you could add that to your claim as well.

Our advice about claiming compensation is that having a legal representative could improve the chances of winning your case. Moreover, it could mean you stand a better chance of being compensated fairly.

If your case is accepted by one of our data breach solicitors, they will conduct a deep review. They will try to establish exactly how you’ve been affected so that nothing is omitted from your claim. If you are thinking about claiming or have any queries, why not give us a call today?

No Win No Fee Claims For A Data Breach By Your Mortgage Provider

We understand that some people worry about claiming because they don’t want to lose money on lawyer fees. We know that could be the case for you, and it is the reason that our data breach solicitors provide a No Win No Fee service.

Unfortunately, not all claims are suitable. Therefore, a solicitor will need to consider your case before it’s taken on. If they are happy, and you wish to proceed, a Conditional Fee Agreement (CFA) would be drafted for you. This contract explains what your solicitor must achieve before they are paid for their work. Also, it will clarify that:

  • You don’t need to pay your solicitor’s fee in advance of the case.
  • Your solicitor won’t ask you to pay their fee while the case continues.
  • If a claim fails, you will not be charged any solicitor’s fees.

Where a positive outcome is achieved and you are paid compensation, your solicitor will retain a percentage of it to cover their fee. This is listed in the CFA as a success fee. To prevent overcharging, success fees are capped by law.

If you want to find out whether a No Win No Fee service is suitable for your claim, please call an advisor today.

Speak To Our Specialist Team

Thanks for visiting Accident Claims UK today. We do hope that you have found out why mortgage provider data breach claims are possible. If you have decided to make a claim and would like our help, you can:

  • Call our free legal advice line on 0800 073 8801 to discuss your case with a specialist.
  • Send us an email to explain what’s happened to office@accidentclaims.co.uk.
  • Tell us about your case and how you have suffered in our live chat.
  • Request a call back from a specialist by completing our online claims form.

For your convenience, we operate our advice line 24 hours a day. When you get in touch, you’ll receive free legal advice on claiming and we’ll assess the merits of your claim. While you’re not obliged to make a claim, we could partner you with one of our data breach lawyers. Should they take your case on, they will manage it on a No Win No Fee basis.

GDPR Data Breach FAQs

As we have almost completed this article, we are going to use this section to answer some common questions. If you need to ask us anything else in relation to mortgage provider data breach claims, please get in touch today.

Can you sue a company for a data breach?

On its own, a GDPR data breach won’t entitle you to claim compensation. However, if you are harmed by the breach, a claim could be possible. For example, you could claim for any money lost because of the breach or any psychological injuries sustained.

Who is liable for a data breach?

While an individual may have caused the data breach to happen, the data controller or processor could be held to account for the incident. You can search the ICO’s data protection register to find out details about any registered company.

What constitutes a breach of data protection?

A data protection breach will have occurred if a security problem leads to information about you being changed, lost, destroyed, disclosed or accessed in a way that you have not agreed to. Data breaches can happen deliberately, illegally or accidentally.

Related Guides

We have reached the end of this article on claiming for a mortgage data breach. To help you further, this section contains links to some other articles that could help. If you have any other requirements, please contact our free legal advice centre.

Financial Conduct Authority: The FCA regulates how mortgage lenders and intermediaries operate in the UK.

Clinical Depression: In this article, the NHS explains the symptoms, causes and treatment of depression.

Panic Attacks And Anxiety: Advice on how to deal with anxiety from the charity Mind.

Finally, we have provided links to a few of our articles below:

Private Healthcare Data Breach: A detailed look at when you might receive compensation following private healthcare data breach.

Your Rights After A Medical Data Breach: Information about claiming if you’ve suffered due to a medical data breach.

A Guide To Data Breach Distress: Advice on the claims process if you have suffered data breach distress.

Thank you for reading our guide to mortgage provider data breach claims. 

Guide by BH

Edited by RV