Legal help for data breach compensation claims

Arup data breach affects employee payroll information

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Arup, an international professional services firm, has reportedly suffered a recent data breach, after their third-party payroll provider succumbed to a cybersecurity incident.

The payroll information of current and former employees is understood to have been affected, with Arup contacting those whose details have been compromised. We cannot yet put a number on the scale of the breach but, based on the information disclosed to customers, the Arup data breach may have affected many of the company’s employees.

We have already begun taking on cases for affected claimants, who may be entitled to recover compensation for the exposure of their personal data. If you have been notified of your involvement in the Arup data breach, please do not hesitate to contact us for free, no-obligation advice on your potential compensation claim.

What information has been exposed?

According to the data breach notification letter sent by Arup, the cybersecurity incident which hit their third-party payroll provider has caused the exposure of many different kinds of employee details.

For those who were paid by Arup between 1st November 2018 and 31st January 2020, the following details may have been affected:

  • first names and surnames;
  • bank account numbers;
  • sort codes;
  • addresses;
  • National Insurance numbers;
  • Gender details;
  • dates of birth.

Meanwhile, those who began working at Arup between 1st February 2020 and 31st January 2021, and were paid via payroll during this time, may have had their surnames, bank account numbers and sort codes compromised.

Potential implications of the Arup data breach

The wide variety of details exposed in the Arup data breach could mean that the incident has severely breached the victims’ privacy rights. The compromised information is highly sensitive in nature and could open victims up to data misuse.

In particular, if any of the bank account information has fallen into the wrong hands, victims could be at a high risk of fraud.

Arup has advised employees to contact their banks to inform them of the data security incident, so that the banks can take any action required to protect the data breach victims from fraud. It is also recommended that all victims of the Arup data breach closely monitor their accounts for any unauthorised transactions.

Arup has stated that they are working with their payroll provider to try to understand what may have caused the cybersecurity incident to have occurred.

Making a data breach compensation claim

Anyone affected by the Arup data breach could be at an immediate risk of data misuse and fraud, so this will understandably be a very difficult time for the victims. We are here to support anyone affected to claim the compensation they deserve for any distress that they have suffered, and for any financial losses or expenses that may have been incurred as a result of the data breach as well.

By making a compensation claim, you could achieve some form of justice for any data protection negligence that may have arisen due to actions of Arup or their third-party payroll provider.

Your Lawyers – The Data Leak Lawyers – as leading experts in data breach claims, we currently sit on the Steering Committee for the group action against British Airways, which is the first GDPR Group Litigation Order in England and Wales. We are determined to hold third-party organisations to account for any data protection failures.

Please do not hesitate to contact us for free, no-obligation advice now on your potential claim.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.


Midlands News Association data breach exposes journalists’ private information
Careless approach to data protection – rights for victims