Boots staff data breach

Were you affected by the Boots staff data breach?

If you worked at Boots and received news that your personal details were exposed in a data breach, you’re not alone. And you could be entitled to compensation.

In June 2023, a global cyberattack made headlines after hackers exploited a vulnerability in a popular file transfer tool called MOVEit. Among the organisations affected was payroll provider Zellis – a company used by major UK employers, including Boots.

The result? Sensitive information belonging to current and former Boots employees was potentially exposed. Understandably, many people were left shocked, worried, and wondering what their options were.

Here’s what you need to know.

What happened in the Boots data breach?

MOVEit is a file transfer tool used by businesses around the world to securely move sensitive data. But in May 2023, hackers found a way in – and they exploited it on a huge scale.

Zellis, which handles payroll services for Boots, was among those affected. In the weeks that followed, Boots began informing employees that their data may have been compromised.

Investigators have since linked the cyberattack to a Russian criminal group known as ‘Clop’. This group has claimed responsibility for similar breaches at other global companies.

What personal data was exposed?

The data breach impacted the PAYE details of Boots employees. This includes:

  • Names and titles
  • Employee numbers
  • Dates of birth
  • Email addresses
  • Partial home addresses
  • National Insurance numbers
  • Employment start and end dates

 

This kind of information could be enough for criminals to commit identity theft, commit fraud, or simply cause distress. Even if your finances weren’t affected directly, the emotional toll of knowing your data is out there can be significant. 

Can I claim compensation if I worked at Boots?

If you were employed by Boots on or before June 2023 and your data was compromised in the Zellis breach, you may be eligible to join a group legal action.

You don’t have to prove financial loss to make a claim. UK data protection laws allow for compensation based on the emotional impact of a breach – such as anxiety, stress or inconvenience. In many previous group actions, claimants have received hundreds or even thousands of pounds in damages.

Data breaches like this can leave people feeling powerless – especially when they involve trusted employers. But UK law is on your side. If you’ve been affected, you have every right to explore your options and seek justice.

Find out more

Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.  

This information is for general guidance only and does not constitute legal or financial advice.

You may also like:

  • Environment, News, Vehicle

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.
  • Data Breach, Financial, News

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.
  • News, Vehicle

Jaguar Land Rover DPF claims vs. dieselgate: What you need to know

Confused about Jaguar Land Rover DPF claims vs. Dieselgate? Learn the key differences, legal actions, and how to check if you qualify for compensation.

Latest news & insights

Close-up of a person using a smartphone with the ChatGPT app open.
Are ChatGPT conversations appearing in Google search results? Here’s what we know.
Reports claim ChatGPT conversations are appearing in Google search results. We examine what's really happening.
Woman holding iPhone with logo of application Booking.com on the screen, using mobile application
Booking.com faces proposed £2 billion consumer claim over hotel prices
A proposed £2 billion claim alleges Booking.com's pricing practices inflated hotel costs for millions of UK travellers. Here's what we know so far.
Warning to supermarket store workers: If you want equal pay compensation, you’ll need to claim it!
Many UK supermarket workers are confused about equal pay claims. Learn why backpay isn’t automatic and what opt-in group actions really mean.
Close-up of the NHS - National Health Service logo on the exterior of St. Thomas Hospital in London, UK
What is the NHS Single Patient Record, and why is it being debated?
Plans for a NHS Single Patient Record moved a step closer last week. But there are important questions about privacy & data security.
Teenagers with smartphones on social media near white wall indoors
Social media is facing growing scrutiny. Here’s why.
Explore the growing debate around social media safety, online harms, platform accountability, child safety, addictive features and digital rights.
An expert hacker is decrypting data while hiding their face
Hackers are changing tactics – and it could mean more data breaches
Hackers are increasingly exploiting software vulnerabilities rather than stealing passwords. Here's what that could mean for UK consumers.
Managing the validity of digital document checklists
New data complaint rules are coming in June 2026
New data protection complaint rules take effect on 19 June 2026. Find out what organisations must do and what the changes mean for consumers.
Hand holding a digital ID card with user profile symbol.
Digital ID plans move into next phase — but key questions remain
The government's digital ID plans have entered a new phase with the launch of a 120-member People's Panel. 
Text STUDENT LOAN visible through magnifier, money and stack of books on light table against blackboard
Why plain English matters in financial agreements
A new parliamentary inquiry found thousands of graduates did not properly understand their student loan terms. Here’s why plain English matters in financial products and legal agreements.
Woman is shocked from the rising energy costs and the bill she received for heat and electricity for her household.
UK energy bills to rise again as Iran conflict hits gas prices
UK household energy bills are set to rise by 13% from July 2026 after global gas prices surged during the Iran conflict. Here’s what it could mean for households.
Black British passport on UK Union Jack flag close up
UK visa portal data leak exposes passports and personal documents 
Thousands of passport scans and personal documents were reportedly exposed online after a third-party UK Visa Portal website left files publicly accessible.
boy scrolling through social media on his mobile phone
Is social media the next “big tobacco”?
The UK government is considering tougher social media restrictions for children. Could this lead to large-scale legal claims against tech platforms?
What we’ve been working on at Join the Claim in May
A round-up of what we’ve been working on in May at Join the Claim, including claims to watch, legal developments and practical consumer guides.
A business person using laptop with visual screen Scam Alert warning sign for scams with icons
Scam alert update: May 2026
Stay alert this May with the latest scam warnings from Join the Claim
Office, serious and business woman on laptop for class actions
Could opt-out class actions expand in the UK? What consumers need to know
The UK is reviewing whether opt-out class actions could expand beyond competition law. Here’s what the proposed reforms could mean.
View all news

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a trading name of Join the Claim Limited, authorised and regulated by the Financial Conduct Authority (FRN: 1053404). Registered in England and Wales, Company No: 16245278. Registered office: 32 Eyre Street, Sheffield, S1 4QZ.

© Join the Claim All Rights Reserved |

2026
Go to claims