In the second quarter of 2025 alone nearly 94 million data records were leaked in data breaches impacting millions of people worldwide. M&S, Co-op and Jaguar Land Rover (JLR) are among the latest companies targeted by cyberattacks leading to data breaches. Any company or institution holding personal data is a potential or future target.

Data breaches have become such a regular fixture of our everyday lives that it is now a BBC news topic with its own webpage .

The use of AI tools by hackers, the security versus usability trade-off as well as other factors make it increasingly hard for service providers to prevent data breaches. It is no longer a question of if a data breach will happen but rather when it will happen and how we can mitigate its effects on companies but also, most importantly, on the people whose data has been breached.

Impact on victims

Victims of data breaches may face identity theft and phishing and are more likely to have mortgage applications denied. The emotional toll and psychological stress of the experience also leave victims with data hacking anxiety: the fear of your data being stolen, self-blame, trauma and even PTSD.

In our digital-first society customers have no choice in terms of providing their personal information to organisations. When these organisations fail to effectively protect their data, customers are exposed to risks and damages through no fault of their own.

A REPHRAIN study on data breach management shows that the customers affected are generally left to recover without much assistance, in essence the buck stops with them. This enhances the stress and anxiety they experience in the aftermath of the event, erodes their trust in the company, and contributes to data hacking anxiety and self-blame.

Providing support

These effects can be alleviated, or made worse, by the behaviour of the company that has been breached. Communication with customers in the aftermath of a data breach plays an essential part in mitigating the impact.

Studies have shown that a customer-centred approach focused on transparency, clarity and practical measures to support those whose data has been leaked helps both the customers and the company as it contributes to restoring trust in the provider.

However, despite guidelines on how companies should behave in these situations from ICO and financial organisations such as Experian, often their response falls short of what it could, and should, be.

REPHRAIN specialists examined data breach management from the victims’ perspective and have developed a data breach workflow and framework which looks to: a) provide customers with information in terms of the support and guidance they can expect in the aftermath of such an event, b) support companies in containing reputational damage and restoring customer trust and c)enables them to provide customers with advice and guidance appropriate to their actual capabilities.

The workflow covers all stages of the communication process and provides practical advice in terms of timeline, content and structure.

Ultimately, it aims to empower customers to demand a fairer, more equitable treatment from the organisations which have been entrusted with their personal data.

Workflow of customers’ expectations in the aftermath of a data breach