December 23, 2020
December 23, 2020

Sorry, I don’t speak Legalese: Breach

What is a Breach? 

A breach is the act of someone breaking, or failing to observe, their legal obligations. A contract can be breached in whole or in part. 

In the case of a data breach, a trusted company can violate their legal obligations to a customer by having insufficient data security and not treating your data with the care it deserves. 

Personal Data Breaches

According to the General Data Protection Regulation (GDPR), a personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

Personal data only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question. Or those who can be indirectly identified from that information in combination with other information.

An individual is ‘identified’ or ‘identifiable’ if you can distinguish them from other individuals. The GDPR gives the following examples of ‘identifiers’:

  • Names
  • Addresses
  • Debit and Credit Card Numbers
  • CVVs

Personal data breaches can be categorised into:

  1. Confidentiality breach: Where there is an unauthorised or accidental disclosure of, or access to, personal data. This type of breach is most common with patients’ records.
  2. Availability breach:  Where there is an accidental or loss of access to, or destruction of, personal data. 
  3. Integrity breach: Where there is an unauthorised or accidental alteration of personal data.


All three categories can be involved in one single breach, depending upon the circumstances.

Three Famous Data Breaches

1. Marriott Hotels

A 2018 data breach by Marriott hotels led to the compromise of over 300 million guests’ personal data. Payment card numbers and expiry dates posed the most immediate risks, but passport numbers, dates of birth and email addresses were among other sensitive information left open to cyber attackers.  The ICO fined Marriott £99 million.  

2. Virgin Media

It was announced in 2020 that a Virgin Media database with more than 900,000 clients’ personal information was left unsecured for 10 months.  Phone numbers, email addresses and home addresses were easily accessed by third parties during the leak. A formal apology was offered, and an email was sent out to all victims affected, but no compensation was given. 

3. British Airways

The BA data breach took place in 2018, and it is estimated that it affected more than 420,000 people throughout the UK and the world.  Full names, debit and credit card numbers (including CVVs), addresses, and email addresses were among the personal data leaked. 

We are currently seeking justice for thousands of victims involved in the BA data breach.

How Can I Protect Myself from a Data Breach?

  1. Use strong and unique passwords for each of your accounts
  2. Create these strong passwords using a password generator
  3. Turn on dual-factor authentication for each account where it is offered
  4. Update your devices and ensure they are running the latest operating system versions
  5. Backup your data – turn on automatic backups where possible.

You can find out more, here. 

More Opinions

My Finance Claim Mis-sold car finance
Chris Neill: 'How we're putting the consumer first in no-win, no-fee claims'
Pogust Goodhead has this month launched our newest initiative, 'My Finance Claim'. Its purpose is to hold lenders and brokers to account whilst securing...
Read More
Post Office sign
Tom Goodhead in The Lawyer: 'Why we need to protect group litigation'
In a recent article for The Lawyer, Tom Goodhead discussed the Post Office scandal and the role of group litigation in stopping multinational corporations...
Read More
Felipe Hotta at COP28
Felipe Hotta: '5 things I learned at COP28'
For the past two weeks, I have been at the heart of climate negotiations at COP28 in Dubai, UAE.
Read More