Is a cold call about a data breach compensation claim a scam?
Very often yes. Unsolicited calls about data breach claims are lead generation for unregulated claims companies or outright fraud.
Last reviewed: 1 June 2026
Explanation
After major data breaches, cold callers claim to be law firms or claims management companies and tell you that you are entitled to significant compensation. They ask you to confirm personal details to 'register your claim', charge an upfront fee, or ask you to sign documents giving them a large percentage of any payout. In reality, genuine data breach compensation in most jurisdictions requires you to have suffered documented harm, is typically small, and any legitimate claim can be made through official channels or regulated solicitors without unsolicited calls. Unregistered claims management companies are illegal in the UK under the Financial Guidance and Claims Act. Providing your personal details to cold callers also puts you at risk of further fraud.
Common red flags
- You received a call about compensation for a breach you did not enquire about
- Caller asks for personal or financial details to 'register' your claim
- Upfront fee required before you receive any compensation
- Company cannot show their regulatory authorisation number
- Promised payout seems disproportionately large
What to do now
- Do not provide personal or financial details to unsolicited callers
- If interested in a legitimate claim, contact the relevant data protection authority yourself
- Verify any claims company through the relevant regulatory register
- Report unsolicited calls to your national spam or fraud reporting service
Frequently asked questions
Can I actually claim compensation for a data breach?
In the UK and EU, individuals can claim compensation for material or non-material harm caused by a data breach under GDPR. However, not all breaches lead to individual payouts. Consult a regulated solicitor or the ICO rather than responding to cold callers.