Data breach

A large company has had a data breach and written to me to let me know that my details have also been leaked. What can I do?

Normally when companies contact people like this they include advice as to what steps you should take. Did they not provide any?

Did they at least tell you what details had been compromised? Name and address? Password? Credit card details? Bank details?

yes they did. They won't specify the date of the incident and it seems it might have been a while before notifying us. They have given general advice etc. Not happy as too much personal stuff out there now.

OK. Was your "What can I do?" question seeking advice on how to protect yourself from identity theft and other issues associated with the data breach? Or were you asking for advice on seeking some sort of redress or compensation from the company concerned.

If the former, it's impossible to give accurate advice without knowing anything about the nature of the data which has been compromised. (Your phrase "personal stuff" doesn't really tell us much.)

If the latter, then you could write to them asking for financial compensation. You could contact a trade body they're a member of. You could contact the relevant ombudsman. You could contact the Information Commissioner's Office (ICO). You could contact your MP.

Thanks. I have the experian account and a lot of my data literally everything, name, address, dob, etc. has been leaked onto the dark web. This is making me very worried and stressed. What can I do?

They are not a member of anything and their emails said that the ICO is aware. How can the MP help?

What financial compensation can I ask for?

Thanks. I have the experian account and a lot of my data literally everything, name, address, dob, etc. has been leaked onto the dark web. This is making me very worried and stressed. What can I do?

They are not a member of anything and their emails said that the ICO is aware. How can the MP help?

What financial compensation can I ask for?

Well, if you're worried about you bank account(s) you can contact your bank(s) and alert them to the issue. I did that a couple of years ago and two separate banks both added an extra security question to their telephone banking service (which I rarely used anyway, to be honest). It's a bit more of a pain if I call them up, but reduces the risk of someone being able to impersonate me.

I also registered with CIFAS to inform them that I might be subject to identity theft. Companies use CIFAS when customers open bank accounts, take out loans, etc. and so by registering it makes it harder for someone to open a new account / take out a new loan etc. in my name. (Because those companies are altered to the risk, via CIFAS, and so double-check the identity of the new customer.)

Well, that's how it's supposed to work, anyway. I had no issues in the end, but don't know whether that was because I'd registered with CIFAS or not. Doing so costs £25 for 2 years (details here) - so you could ask the company who were subject to the breach (Experian?) to cover that cost. If you do end up suffering any financial loss as a result of the breach, you could attempt to claim that from them too.

You could complain to the ICO yourself.

https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/

Thanks. They are already aware as it was a big data breach and the email says that too. What would be the benefit of me doing this as well?

Thanks. That is very useful. It is not Experian that has leaked the data but I am registered with them for alerts. It is another company. I am confused as I thought CIFAS was for those that were scamming people and not victims of data breach? I am worried if I put that on my account I will have issues when I apply for any credit or mobile contracts etc? Have I got this wrong? Does CIFAS stay on my account permanently?

CIFAS is just a fraud prevention service. They can record different kinds of markers, some voluntary and some time-limited that relate to you being the potential victim of fraud or account takeovers.

As noted above, it may mean that companies do extra diligence to make sure they are really dealing with you, but it shouldn't affect your ability to get new financial products/lending.

may also be worth contacting your bank(s) directly just to let them know about this. If they have a fraud team, they may be able to give advice.

To get compensation -

I don't think they do this. I think they deal with the organisation to get things sorted.

They make sure compensation is awarded ...

Ok. I will take your word for this. Thanks

In my case I informed them of the data breach as it only affected me but I would contact them to share your concerns.

Oh I see. How were you the only one affected? Normally they go and steal a whole shed load, right?

CIFAS is just a fraud prevention service. They can record different kinds of markers, some voluntary and some time-limited that relate to you being the potential victim of fraud or account takeovers.

As noted above, it may mean that companies do extra diligence to make sure they are really dealing with you, but it shouldn't affect your ability to get new financial products/lending.

may also be worth contacting your bank(s) directly just to let them know about this. If they have a fraud team, they may be able to give advice.