Marks And Spencer Data Breach Compensation | Capita Advice

This year, the outsourcing group Capita suffered a data breach caused by a cyber-attack. This attack compromised the personal data of various clients, potentially including the data of some Marks and Spencer employees and their pension. 

You may be wondering when it could be possible to claim Marks and Spencer data breach compensation following the Capita incident. In this guide, we’ll explore the criteria for making a personal data breach claim, including important definitions and explaining the roles of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) in protecting the personal data of UK residents. 

Our guide will also explore the Capita data breach in further detail, and explain how it occurred, and how to find out if you’ve been affected. Following this, we will discuss how a personal data breach could impact you. 

Finally, we will explain what a No Win No Fee agreement is and how working with a No Win No Fee solicitor could benefit your claim. To learn more about what you can do following the Marks and Spencer data breach, compensation claims and the Capita breach, contact our team today:

marks and spencer data breach compensation capita

Browse Our Guide

  1. When Can You Claim Marks And Spencer Data Breach Compensation?
  2. What Led To The Capita Data Breach Happening?
  3. How To Find Out If You’re Impacted By The Marks And Spencer Data Breach
  4. How Much Compensation Could You Receive For The Marks And Spencer Data Breach?
  5. Make A No Win No Fee Claim For Marks And Spencer Data Breach Compensation
  6. Read More About Claiming Data Breach Compensation

When Can You Claim Marks And Spencer Data Breach Compensation?

Before we discuss when you could claim Marks and Spencer data breach compensation in relation to the Capita incident, let’s explore what a personal data breach is.

Personal data is any information that could identify you as a living person; this can range from your email address to your passport information. The personal data of all UK residents is protected by the UK GDPR and the DPA.  

A personal data breach occurs when a security incident compromises your personal data’s integrity, availability, or confidentiality. This definition is used by the Information Commissioner’s Office (ICO), which is an independent data protection watchdog.

In order to make a claim for a personal data breach, you must be able to prove that:

  • The breach is the result of wrongful conduct
  • It affects your personal data
  • It has caused you mental or financial harm 

Wrongful conduct occurs when a data controller or data processor does not fulfil their responsibilities as set out by the UK GDPR and the DPA. A data controller decides how and why they will use your data; a data processor then processes it on their behalf. For example, in this case, Marks and Spencer are the data controller, and Capita are the data processor. 

To get more information on the Marks and Spencer data breach and compensation claims as a whole, get in touch with our team of advisors today.

What Led To The Capita Data Breach Happening?

The Capita data breach was caused by a group of cyber criminals who launched an attack on Capita through their Microsoft Office 365 software in March 2023. This allowed them to access the data of both Capita employees and their clients. 

Capita administers the pension funds of scores or organisations, some of them with thousands of employees. It’s understood Marks and Spencer was one of those companies.

In a statement made by the Marks and Spencer Pension Scheme, they confirmed the possibility that the personal data of its members may have been accessed. While they could not confirm what data was impacted or accessed, the statement read that it could lead to malicious emails, fraud, or identity theft.

The ICO also made a statement regarding the Capita breach, stating that they were investigating the matter. They also reiterated that any organisation made aware of a breach must report it to the ICO within 72 hours.

To find out more about the Capita/Marks and Spencer data breach and compensation claims, contact our team for free.

(Source: https://www.theguardian.com/business/2023/aug/04/cyber-attack-to-cost-outsourcing-firm-capita-up-to-25m )

How To Find Out If You’re Impacted By The Marks And Spencer Data Breach

The statement issued by the Marks and Spencer Pension Scheme noted that all affected members would be informed via letter. If you have not received this letter, you can reach out to your employer directly for confirmation.

It is the responsibility of every organisation in the UK to inform those affected by a data breach without undue delay. The organisation affected must also notify the ICO within 72 hours. 

Suspicious activity on your bank statements or involving your credit or debit card could be indicators that your personal data was affected in a breach. Similarly, monitoring your email account for any suspicious emails and being wary of unsolicited texts and phone calls can also help you identify whether you were affected by a breach.

To learn more about the Marks and Spencer data breach and compensation in general, contact our team. Or, read on to find out what a customer data breach compensation payout could be made up of. 

How Much Compensation Could You Receive For The Marks And Spencer Data Breach?

Generally, a data breach compensation payout can account for two types of harm. These are material damage and non-material damage. 

Non-material damage is the psychological harm you suffer as a result of the breach. If you suffer from anxiety, depression, general distress, or post-traumatic stress disorder (PTSD) after a breach, you could claim compensation for this. 

When solicitors value non-material damage compensation, they can refer to the Judicial College Guidelines (JCG). The JCG is a document that provides solicitors with guideline compensation brackets for different psychological illnesses. You can find some examples of these guidelines below, but please note that this table is for illustrative purposes only.

InjuryBracket Notes
Severe Psychiatric Harm£54,830 - £115,730The prognosis here is very poor, because there are severe symptoms that affect ever area of life.
Moderately Severe Psychiatric Harm£19,070 - £54,830Even though there are still severe symptoms, the prognosis here is slightly better.
Moderate Psychiatric Harm£5,860 - £19,070In this bracket, symptoms are expected to show significant improvement, leading to a good prognosis.
Less Severe Psychiatric Harm£1,540 - £5,860The severity of symptoms, as well as how long they last and how they affect you, are all considered under this bracket.
Severe PTSD£59,860 - £100,670Due to severe symptoms, there is no remaining ability to function or work at the level you would have before the trauma.
Moderately PTSD£23,150 - £59,860With professional help, there is some chance of improvement in your symptoms, allowing for a better prognosis.
Moderate PTSD£8,180 - £23,150Remaining symptoms are not grossly disabling, and there is a good prognosis.
Less Severe PTSD£3,950 - £8,180Within two years there is an almost full recovery. Any remaining symptoms are not severe.

Material Damage

Material damage is the harm you suffer financially. A data breach can have a number of negative effects on your finances, and material damage compensation could help you cover the cost of:

  • Fraudulent purchases made on your credit card or debit card
  • Debt accrued in your name 
  • Damage to your credit score
  • Money withdrawn from your bank account

To learn more about the potential consequences of a data breach, contact our advisors today. Or, read on to find out how a No Win No Fee solicitor could help you should you be eligible for Marks and Spencer data breach compensation following the Capita incident.

Make A No Win No Fee Claim For Marks And Spencer Data Breach Compensation

If you are ready to start a personal data breach claim, one of the solicitors we work with on our panel could help. Our panel solicitors offer their services on a No Win No Fee basis by providing their clients with a Conditional Fee Agreement (CFA). Under a CFA, your solicitor won’t ask for an upfront payment or ongoing payments to continue their work. Similarly, they won’t take a fee if your claim fails. 

If your claim is a success, then your solicitor takes a small success fee. They take this fee directly from your compensation, though there is a legal cap in place. The legal cap puts a limit on what your solicitor can take, which helps to ensure that the larger share goes to you. 

To find out if you could be eligible to work with a solicitor from our panel, contact our team of advisors. They can offer more information on the Marks and Spencer data breach, compensation payouts, and the data breach claims process. They can also evaluate your claim for free, and could potentially connect you with a solicitor. To get in touch:

Read More About Claiming Data Breach Compensation

For more helpful articles:

Or, for further resources:

Thank you for reading our guide on the Capita/Marks and Spencer data breach and compensation claims.