South Staffs Water Data Breach – Could I Claim Compensation?

South Staffs Water Data Breach

South Staffs Water Data Breach – Could I Claim Compensation

By Danielle Griffin. Last Updated 24th August 2023. This article provides information about the potential steps you could take if your personal data was involved in the South Staffs Water data breach. Throughout this guide, we will explain what personal data is, who is responsible for keeping this type of data safe and the steps you can take to report any misuse of said data.

When your personal data is compromised, this can not only affect your finances but also your mental health. This guide will look at the ways you could suffer as a victim of a personal data breach.

Read on to learn about what laws govern the processing of your personal data and how these laws allow those affected by a data breach to pursue compensation. Additionally, our advisers are on hand if you’d like to direct your questions to one of our team members. You can reach our team by:

Jump To A Section

  1. South Staffs Water Data Breach – Could I Claim Compensation?
  2. What Could Cause A Data Breach?
  3. How Do I Prove I Was Impacted By The Data Breach?
  4. Calculating Payouts For A Data Breach
  5. Why Contact Our Team If You Think You Were Affected By The South Staffs Water Data Breach?
  6. Information On Claiming Against A Company

South Staffs Water Data Breach – Could I Claim Compensation?

In the summer of 2022, South Staffs Water suffered a cyber attack. The personal data of some customers was accessed unlawfully, leading to the exposure of names, addresses, sort codes and bank account numbers. South Staffs Water has sent out letters of notification to affected customers.


If you received a letter of notification advising you that your personal data could have been compromised in this cyber incident, you may be wondering what you could do. By law, data controllers must inform data subjects if their personal data has been breached without undue delay if their rights and freedoms are at risk.

Personal data is any information that could identify you directly or in combination with other information. A data controller is generally an organisation that determines the reason why personal data is processed and the means to do so. 

Once you have been notified, you can contact the company and ask for more information about what happened, what data was exposed and how the organisation in question plans to rectify this. Additionally, you can inform the Information Commissioner’s Office (ICO) about a data breach if you are unsatisfied with the response from the data controller. The ICO is an independent body that enforces data protection rights. They may have already been informed and started an investigation.

Data Breach Compensation Eligibility Criteria

The UK General Data Protection Regulation (UK GDPR) sits alongside the Data Protection Act 2018 to protect personal data.

In order to claim South Staffs Water data breach compensation your case must meet the requirements found in Article 82 of the UK GDPR.

In order to have an eligible personal data breach claim, you must be able to prove that:

  • A data breach occurred because a data controller or processor failed to adhere to data protection laws. (A controller may appoint a data processor to process data on their behalf).
  • Your personal data was exposed or compromised in this incident.
  • You suffered harm, either to your finances or mental health, as a result of your data being breached.

Additionally, you must start your data breach claim before the time limit expires. This is generally 6 years, but it is reduced to 1 year if the claim is made against a public body.

Contact an advisor to discuss your potential options if you have received a letter of notification stating that your personal data was involved in the South Staffs water data breach. Compensation can only be claimed if you meet all of the eligibility requirements.

What Could Cause A Data Breach?

Potential examples of data breaches could include:

  • Human error could mean a bill is sent to the wrong address, even though the company has the correct address on file.
  • A company could fail to update their security systems in a timely fashion, making it easier for a ransomware attack to steal their customers’ credit card data
  • An employee could accidentally leave their laptop on a train while logged into business accounts, leaving customers’ personal data vulnerable to a data breach.

What Steps Can I Take If My Personal Data Is Involved In A Breach?

If your personal data has been involved in a data breach, there are certain steps you can take to receive answers to your questions. Firstly you can contact the data controller who was responsible for the data that was breached. You can ask them how the breach occurred, what personal data of yours was involved and what they are doing to rectify the situation. If you are unhappy with their response, you can escalate to a complaint internally.

When these avenues have been exhausted, you can ask the ICO to investigate. Do not leave it longer than 3 months from the last correspondence with the data controller to contact the ICO. The ICO cannot award compensation, but it can investigate any data breach.

Statistics On Data Security Incidents

According to the ICO’s data security incident trends;

  • In 2020 4,209 security incidents were reported to the ICO across all sectors
  • Of these, 3,316 were caused by non-cyber means,
  • And 893 were caused by cyber-attacks.

This data includes all types of incidents, including alteration of personal data, incorrect disposal of paperwork, unauthorised access, loss or theft of devices holding personal information, and others.

How Do I Prove I Was Impacted By The Data Breach?

Certain evidence of a data breach could help support a claim. For instance, you could collect:

  • Communications between you and the entity responsible for the data breach
  • Financial evidence regarding any material damage you experience
  • Medical assessments to demonstrate any non-material damage you experience

Speak to our team of advisers to learn more about evidence that may help support a potential data breach claim.

Calculating Payouts For A Data Breach

Compensation for a data breach could involve a settlement that includes two different heads of claim. These are intended to reflect different aspects of the suffering you may experience due to a data breach. The first head of claim is intended to help compensate you for the non-material damage, or psychological injury, you experience as a result of a personal data breach.

This head of claim could include mental health problems such as anxiety or post-traumatic stress disorder. To help them assess how much a claim could be worth in terms of non-material damage, a solicitor will typically check the Judicial College Guidelines (JCG), which contain compensation brackets for different types and severity of injuries.

The table below contains some examples of non-material damage you could receive compensation for. However, these figures are intended as guidelines only.

Examples of Non-Material Damage Compensation

Non-Material Harm Compensation Brackets (JCG) Severity More Information
(a) Psychiatric Harm £54,830 to £115,730 Severe Distinct problems coping with family/friend relationships, work, life and education.
(b) Psychiatric Harm £19,070 to £54,830 Moderately Severe Significant problems in relation to the factors mentioned above, although overall prognsis is more optimistic.
(c) Psychiatric Harm £5,860 to £19,070 Moderate Some problems in relation to the factors mentioned above, though there is a distinct improvement by the time of the trial.
(d) Psychiatric Harm £1,540 to £5,860 Less Severe Award considers the extent to which activities such as sleep are affected and length of time a disability is experienced.
(a) Post-Traumatic Stress Disorder £59,860 to £100,670 Severe Individual is prevented from functioning at pre-trauma levels by the presence of permanent effects.
(b) Post-Traumatic Stress Disorder £23,150 to £59,860 Moderately Severe Better prognosis for recovery when recovering with professional help. Effects likely to be felt for the foreseeable future.
(c) Post-Traumatic Stress Disorder £8,180 to £23,150 Moderate Individual experiences a near recovery, with continuing effects that are not grossly disabling.
(d) Post-Traumatic Stress Disorder £3,950 to £8,180 Less Severe Individual experiences a virtual full recovery within 1-2 years. Only minor symptoms persist beyond this point.

Could You Receive Compensation For Material Damage?

A compensation award could also benefit from a payout for the material damage you experience. This involves financial losses incurred due to the personal data breach, such as loans taken out in your name or funds stolen from your bank account.

Why Contact Our Team If You Think You Were Affected By The South Staffs Water Data Breach?

A solicitor can bring a great deal of experience to the claims process, using their knowledge to navigate this particular legal area.

Furthermore, our data breach compensation claim solicitors may be able to offer you a specific kind of No Win No Fee agreement called a Conditional Fee Agreement (CFA). When hiring a solicitor under these terms, you can avoid paying upfront charges for the services of that solicitor.

Additionally, you wouldn’t have to pay for the lawyer’s services if your claim fails. Instead of charging ongoing service fees, they would take a success fee at the end of the claim, but only if it succeeds. This fee is legislatively capped.

Getting In Touch With Our Experts

Our team of advisers are available to answer questions if your personal data was involved in the South Staffs Water data breach. To get in touch:

Information On Claiming Against A Company

Articles about personal data breaches:

Medical Conditions Data Breach – How To Claim Compensation

How To Claim For Workplace Discrimination Due To A Data Breach

Text Message Data Breach Compensation Claims

Information from third parties:

Make A Complaint – Information from the UK Government describing how to complain if you suspect your data is being misused

72 Hours – ICO guidance about what should happen following a data breach

Our team of advisers are available to answer questions if your personal data was involved in the South Staffs Water data breach. Speak to our team using the details above.