The HMRC plays an important role in collecting taxes and using this money for the collective good of all the people and in providing public services. In such a role, HMRC gains access to a significant amount of personal information, including national insurance numbers and tax returns. This poses a risk of data breaches in the event of any security lapses.
If your data has been breached due to a security attack against the HMRC, you’ve come to the right place. At Data Breach Claims, our panel of experienced solicitors will assist you with HMRC data breach claims and help you regain complete control of your personal and financial information.
The Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR) are the two key legislations that govern data protection in the UK. We will be referring to these laws in our guide.
Contact our advisors now for more information on claiming data breach compensation:
- Call 020 8050 6279.
- Contact us online.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Jump To A Section
- Can I Make A HMRC Data Breach Claim?
- How Much HMRC Data Breach Compensation Could I Get?
- Are HMRC Data Breaches Common?
- The Causes Of An HMRC Data Breach
- How Can I Know If My Information Was Part Of An HMRC Data Breach?
- What Personal Data Could Be Disclosed In An HMRC Breach?
- I Was A Victim In A HMRC Data Breach. What Should I Do To Protect My Data?
- Is There A Time Limit For Claiming After A Data Breach?
- Will I Need Evidence To Support My Data Breach HMRC Claim?
- No Win No Fee HMRC Data Breach Claims
- Learn More
Can I Make A HMRC Data Breach Claim?
In order to make HMRC data breach claims, potential claimants need to prove the following:
- The HMRC had access to any personal data belonging to you, such as bank details, passport number or tax returns.
- Due to a lack of security measures or wrongful conduct, a personal data breach occurred.
- As a result of the breach, you have suffered mental trauma, financial loss or both.
The UK GDPR defines a personal data breach as a security incident involving the accidental or unlawful loss, alteration or destruction, or unauthorised access or disclosure of personal data. On the other hand, personal data is information that can be used to identify an individual, either by itself or in combination with other information.
Do you have any more questions about data breach compensation? Call us now.
How Much HMRC Data Breach Compensation Could I Get?
There is no definitive answer regarding the compensation amounts in HMRC data breach claims. This is due to the subjective nature of every data breach compensation claim. However, data breach solicitors generally refer to the Judicial College guidelines (JCG) to calculate the compensation for the psychological impact you’ve suffered. This psychological impact is also known as ‘non-material damage’ when making a data breach claim.
The table below summarises some of the JCG figures pertaining to data breach claims. However, this is only to provide guidance, and the top row is not from this document.
| Injury | Notes | Compensation Guidelines |
|---|---|---|
| Severe Mental Trauma and Material Damage | Along with serious mental harm, financial hardships are seen, such as a loss of income. | Up to £500,000+ |
| Severe Psychiatric Damage | There is a negative impact on the person's professional and social life and not a good prognosis. | £66,920 to £141,240 |
| Moderately Severe Psychiatric Damage | While there may be a slightly better prognosis as compared to the above entry, there is still some remaining disability. | £23,270 to £66,920 |
| Moderate Psychiatric Damage | There is a positive prognosis along with significant improvement. | £7,150 to £23,270 |
| Less Severe Psychiatric Damage | The duration of disability along with the impact on the person's sleep are some of the factors considered. | £1,880 to £7,150 |
| Severe PTSD | The person is traumatised to such an extent that they are unable to work at the same level. | £73,050 to £122,850 |
| Moderately Severe PTSD | The scope of recovery is better as compared to the above entry with some professional assistance. | £28,250 to £73,050 |
| Moderate PTSD | A major recovery is made without any severe remaining disabilities. | £9,980 to £28,250 |
| Less Severe PTSD | There is a complete recovery within 2 years and only minor symptoms are visible. | £4,820 to £9,980 |
What If I’ve Suffered Financial Losses As A Result Of A HMRC Data Breach?
You may be able to include the financial losses or the material damage as part of your HMRC data breach claim. Some examples of this are:
- Loss of earnings due to any time taken off from work, or having to leave your job due to relocation for safety reasons.
- Relocation costs.
- The costs involved in enhancing home security, such as installing security alarms, CCTV cameras or adding extra doors.
- Psychotherapy due to the mental trauma you’ve undergone.
Contact our advisors now for further guidance on calculating data breach compensation.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Are HMRC Data Breaches Common?
While HMRC data breaches aren’t very common, a recent incident occurred where a phishing scam led to suspicious activity on 100,000 UK taxpayer accounts. This incident resulted in a loss of approximately £47 million in revenue for HMRC. As a result, certain measures were taken, including locking down the affected accounts, notifying account holders, and deleting login details to prevent unauthorised access.
For more information, you can contact our advisors or review some of our data breach compensation case studies.
The Causes Of A HMRC Data Breach
Under the UK GDPR, two distinct groups, referred to as data controllers and processors, have been defined. The controller is any legal entity which determines the purposes for which personal data is to be processed. On the other hand, processors are the entities which process personal data on behalf of the controller. For the purpose of HMRC data breach claims, HMRC would be considered the controller.
Here are some examples of how HMRC data breaches may occur:
- An employee divulged an individual’s personal details over the phone to unauthorised parties.
- There was a failure to update the security settings on electronic devices, leading to a cyberattack that compromised the salary payment details of citizens.
- A letter containing the taxation details of a person was sent to the wrong address, causing undue stress to both parties involved.
- A document containing the credit card details of a citizen was saved without applying password protection, or an employee mistakenly divulged the password through an email.
Our advisory team can provide you with additional examples of data breach claims if you would like to learn more about them.
How Can I Know If My Information Was Part Of A HMRC Data Breach?
Under the UK GDPR, the data controller is required to notify you immediately as soon as they discover that any of your data has been compromised. In the event that this data breach results in any risk to your freedom and rights, they must report it to the Information Commissioner’s Office (ICO) as well. The ICO is the UK’s regulatory body on data privacy and protection. However, if the controller decides not to report the breach to the ICO, they must provide documentary justification for this decision.
For more information on reporting a data breach, please call us now.
What Personal Data Could Be Disclosed In A HMRC Breach?
The following details could be disclosed in a HMRC data breach:
- Personal contact details, including name, address, phone number, and email address.
- Marital status and dependents’ information,
- National insurance number.
- Bank account details.
- Driving license and passport information.
- Employment and income details.
- Information regarding properties and business activities.
Occasionally, HMRC may also collect biometric data, such as voice recognition or health data. These fall under the category of special category data, a type of personal data that requires protection due to its sensitive nature.
Are you wondering what types of personal data breaches you could claim for? Book a consultation with our advisors now.
I Was A Victim In A HMRC Data Breach. What Should I Do To Protect My Data
If you have noticed any suspicious activity on your HMRC account or you have been informed of a data breach, you should take the following steps:
- Report the data breach to the Information Commissioner’s Office (ICO). While the ICO cannot grant you any compensation, it can investigate your complaint and impose penalties on the organisation if it is deemed that they breached your data.
- Monitor your bank accounts and credit cards for any unauthorised transactions.
- Change the passwords to all your banking and social media applications.
- Set up two-factor authentication for the above applications to enhance security.
- If you suspect any fraudulent activity on your debit or credit card, consider blocking the card and placing a security freeze. This will prevent any new accounts from being opened until you remove the freeze.
- Check your email accounts for any suspicious activity and forward any phishing emails to report@phishing.gov.uk.
Call our advisors now for more information on data protection laws and tips on securing your data.
Is There A Time Limit For Claiming After A Data Breach?
You generally have up to 6 years to start a data breach claim.
Contact our advisors now for more information on determining the time limits for HMRC data breach claims.
Will I Need Evidence To Support My Data Breach HMRC Claim?
In HMRC data breach claims, collecting evidence is a crucial step to highlight the harm you’ve suffered. Some examples of the evidence include:
- Payslips to illustrate a loss of earnings.
- Invoices and bank statements to show additional expenses, such as those undertaken to enhance home security.
- Records of a psychological assessment and a letter from a psychotherapist.
- Letter of Notification. The organisation must inform you if your data has been breached. They will generally do so via letter or email.
- Copies of correspondence between you and the organisation that relates to the data breach.
Our advisors will create a checklist outlining the type of evidence you need for your data breach claim. Call us now.
No Win No Fee HMRC Data Breach Claims
While it isn’t compulsory, it is always better to instruct a solicitor for HMRC data breach claims. The solicitors on our panel offer the following services:
- Explaining the complex terms related to data protection.
- Calculating your data breach compensation.
- Creating a checklist for the evidence you need to support your claim.
- A complementary initial consultation on the eligibility of your claim.
If you decide to work with a data breach solicitor from our panel, they will offer their services through a Conditional Fee Agreement (CFA). This is a kind of No Win No Fee agreement which entails the following:
- You won’t have to pay your solicitor for their work upfront or during your data breach claim.
- If you lose your case, they won’t charge for their work.
- You will have to pay them only a percentage of the data breach compensation in case of success. This percentage represents the success fee, which is subject to a legal cap to ensure fairness to you.
Contact Data Breach Claims’ Advisors
Get in touch with our advisors now:
- Call 020 8050 6279.
- Contact us online.
- Ask a question in our live chat.
.
Learn More
Here are some other articles from our website:
- Our guide on university data breach compensation.
- Information on bank data breach claims.
- Details on making a police data breach claim.
Here are some external links for more information:
- Government guidance on making a HMRC subject access request.
- Information on NHS mental health services.
- Details from the government on the personal information that an employer can keep about an employee.
To discuss HMRC data breach claims, speak to one of our advisors now.