Sorry, I don’t speak Legalese: Breach

Share on facebook
Share on google
Share on twitter
Share on linkedin

What is a Breach? 

A breach is the act of someone breaking, of failing to observe, their legal obligations. A contract can be breached in whole or in part. 

In the case of a data breach, a trusted company can violate their legal obligations to a customer by having insufficient data security and not treating your data with the care it deserves. 

Personal Data Breaches

According to the General Data Protection Regulation (GDPR), “a personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

Personal data only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question. Or those who can be indirectly identified from that information in combination with other information.

An individual is ‘identified’ or ‘identifiable’ if you can distinguish them from other individuals. The GDPR gives the following examples of ‘identifiers’:

– Names;

– Addresses;

– Debit and Credit Card Numbers; and

– CVVs.

Personal data breaches can be categorised into:

  1. Confidentiality breach: Where there is an unauthorised or accidental disclosure of, or access to, personal data. This type of breach is most common with patients’ records.
  2. Availability breach:  Where there is an accidental or loss of access to, or destruction of, personal data. 
  3. Integrity breach: Where there is an unauthorised or accidental alteration of personal data.

All three categories can be involved in one single breach, depending upon the circumstances.

Three Famous Data Breaches

1. Marriott Hotels

A 2018 data breach by Marriott hotels led to the compromise of over 300 million guests’ personal data.  Payment card numbers and expiry dates posed the most immediate risks, but passport numbers, dates of birth and email addresses were among other sensitive information left open to cyber attackers.  The ICO fined Marriott £99 million.  

2. Virgin Media

It was announced in 2020 that a Virgin Media database with more than 900,000 clients personal information was left unsecured for 10 months.  Phone numbers, email addresses and home addresses were easily accessed by third-parties during the leak. A formal apology was offered and an email was sent out to all victims affected, but no compensation was given. 

3. British Airways

The BA data breach took place in 2018 and it is estimated that it affected more than 420,000 people throughout the UK and the world.  Full names, debit and credit card numbers (including CVVs), addresses, and email addresses were among the personal data leaked. 

PGMBM is currently seeking justice for thousands of victims involved in the BA data breach. Time is running out, if you’re among the victims then start your claim now. If takes less than one minute to sign-up 

How Can I Protect Myself from a Data Breach?

1. Use strong and unique passwords for each of your accounts

2. Create these strong passwords using a password generator

3. Turn on dual-factor authentication for each account where it is offered

4. Update your devices and ensure they are running the latest operating system versions

5. Backup your data – turn on automatic backups where possible


Head to for more information.

PGMBM (a trading name of Excello Law Limited) – SRA License Number 512898

Excello Law is authorised and regulated by the Solicitors Regulation Authority and complies with the Solicitors Code of Conduct, a copy of which can be located here.