Some victims of a data breach which leaked thousands of tenants’ personal details say they have become victims of fraud, been under threat of physical harm, and some claim they were forced to relocate.

The blunder was made by Watford Community Housing when it sent out an email on March 23 to all tenants to inform them of changes to services during the coronavirus outbreak.

But attached to the email was a spreadsheet that contained personal information of the housing association's 3,545 tenants.

The information included full names, gender, addresses, mobile numbers, email addresses, ethnic origins, religion, and sexual orientation.

One tenant, Sasha, previously told the Observer that the leaked information put many vulnerable tenants in “life changing and life-threatening situations”.

Now Aman Johal, a lawyer and director of Your Lawyers which is representing nearly 200 clients affected, has claimed that many vulnerable people were put into psychological, physical, and financial threat from the data being in the public domain.

Mr Johal said: “I think there’s a lack of understanding about how serious and significant these breaches can be on individuals.

“Many of these individuals are vulnerable, some of the clients for example have been victims of domestic violence – and this data breach now puts them at further risk essentially in terms of violence.”

The lawyer exemplified one client who had their identity stolen after the breach, which included a bank account and credit card being taken out in her name and her email account compromised by fraudsters.

The incident is being investigated by Action Fraud.

But Watford Community Housing say the risk of identity or financial fraud is low.

Other clients claim they have had to be rehomed with the assistance of UK authorities due to the leak causing a “real risk”.

Under the General Data Protection Regulation (GDPR), it is specified there should be “appropriate technical or organisational measures” ensuring the “appropriate security of personal data”.

Read more:

Mr Johal said: “In terms of families having to move location and change jobs, that’s going to have significant impact on their mental health as well as financially.

“Some commenters said you need to prove consequential loss for compensation – that’s just incorrect, that’s not right in the law. People affected by a data breach are entitled to claims for injuries to feelings, we call it distress.

“And when talking about the lower levels impacted by the breach, you don’t have to show the psychiatric injuries or financial loss.

“Watford Community Housing have a real obligation to take care of that personal data, particularly when they have vulnerable individuals that they hold data for – they’ve not learnt from highly publicised data breaches which have occurred.”

Mr Johal constantly made parallels to similar major data breaches which the firm helped its victims – including the personal details leaked of 400,000 British Airways customers in 2018, and the 56 Dean Street breach which leaked nearly 800 patients who attended HIV clinics.

The Dean Street breach was claimed to be a result of “human error”, a term previously used by Tina Barnard, the chief executive of Watford Community Housing.

Around 39 per cent of the Dean Street claims were settled to an average of £10,562.50 – which was settled against the advice of the firm.

Your Lawyers expect to recover around £30,000 for most of the other Dean Street claimants, as the cases are still ongoing.

Mr Johal believes a similar amount could also be claimed for many of the Watford Community Housing claimants, but some of the more significantly impacted victims could claim even more.

Fletchers Data Claims, another firm representing clients affected, said most victims could claim a minimum settlement between £1,000 to £5,000, while others seriously affected by the breach could earn up to £15,000.

What did Watford Community Housing say?

Watford Community Housing say they are “continually reassessing” their systems and procedures to guard against an error like this happening.

The Information Commissioner’s Office (ICO) has carried out a review of the incident.

Watford Community Housing say the ICO issued some recommendations to prevent a similar incident happening but does not consider any regulatory action should be taken at this stage.

Tina Barnard, the chief executive said: “The security of customer information is extremely important to us. We have clear safeguards in place around the usage and protection of customer data, and this incident was the result of human error.

"We have taken a variety of steps to assess the potential impact on those affected, including identifying any safeguarding concerns, and we are providing comprehensive support.

“We have written to everyone affected to provide information and guidance. This support package includes access to free credit monitoring services to help give our customers peace of mind."

She continued: "However, it is worth noting that the risk of identity or financial fraud is low as no personal passwords, national insurance numbers or financial information, such as bank details or payment history, were affected by the incident.

“The ICO has carried out a review of the incident and has issued some recommendations but does not consider that any regulatory action should be taken at this stage.

"We take our obligations towards data protection extremely seriously and we are working to implement the ICO’s recommendations.”

Anyone impacted by the incident and feels they are vulnerable to anti-social behaviour, domestic abuse, harassment, hate crime or anything else is asked to email CustomerRelationsTeam@wcht.org.uk.

The trust have also launched a website and FAQ about the incident at https://www.wcht.org.uk/data-incident/

If you were affected and would like advice from Your Lawyers, visit their page here.