The Greencore data breach – why the delay in notification matters

The Greencore data breach was first detected in December 2021, but employees were not informed until February 2022. This two-month delay sparked concern over how businesses handle cyberattacks and the potential risks that arise when affected individuals are left in the dark.

Why did it take two months to inform Greencore employees?

After a data breach, companies are legally required to act quickly. Under UK data protection laws, organisations must:

  • Assess the severity of the breach as soon as it is discovered.
  • Notify affected individuals without undue delay if their data is at risk.
  • Report the incident to the ICO within 72 hours of detection if it poses a serious risk.

Greencore took two months to inform employees, which has raised questions about transparency and employee protection.

What does this delay mean for affected employees?

During the two-month gap, employees were:

  • Unaware their personal data had been exposed.
  • Unable to take preventative action, such as monitoring their financial accounts.
  • Potentially at risk of fraud or scams without knowing it.

Cybercriminals often act quickly once they obtain stolen data. This delay may have given hackers a head start, increasing the risk of:

  • Bank fraud – If account details were exposed.
  • Identity theft – Using passport or National Insurance details.
  • Phishing scams – Targeted emails or phone calls using personal information.

Even though Greencore later claimed there was no evidence of data misuse, the delay put employees at unnecessary risk.

The emotional impact of delayed notification

Beyond the practical risks of fraud and identity theft, the psychological toll of a delayed notification can be significant. Once they were made aware of the hack, employees who were affected by the Greencore data breach may have suffered heightened anxiety and distress for several key reasons:

  • Increased uncertainty and anxiety: Employees had two months of potential exposure without being aware of the breach. After being notified, many were left wondering whether their data had already been misused. For some, this resulted might have caused difficulty sleeping, increased stress, or even paranoia about online safety.
  • Loss of control: Not knowing their personal data had been stolen means employees had no opportunity to take protective measures. Once they were informed, many likely felt powerless as well as exposed.
  • Erosion of trust: A two-month delay in notification raises questions about transparency and whether the company prioritised its own reputation over employee safety. This can create mistrust between employees and their employer.

For many employees, financial harm is not the only consequence of a data breach. The emotional distress caused by uncertainty and vulnerability can be just as damaging.

Are you eligible for compensation?

If you were affected by the Greencore data breach, you may be entitled to compensation for the increased risks and emotional distress caused by the delayed notification.

At Join the Claim, we help employees hold businesses accountable for data protection failures.

Check your eligibility today and take action.

Check my eligibility

You may also like:

Thousands of drivers given permission to sue BMW for illegal emissions devices

In January 2024, the High Court ruled that drivers could sue BMW for fitting some diesel vehicles with devices that tricked emissions tests. The illegal devices made it seem like BMW’s diesel cars were less-polluting than they actually were.

Asda equal pay claim: Can store workers fight for fair wages?

Asda store workers may be underpaid. Check if you qualify for an equal pay claim and take action to seek the compensation you deserve.

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.

You might also like

See more resources

Several bottles of Johnson's baby powder on a store shelf, symbolising the Johnson and Johnson talc lawsuit over alleged asbestos contamination and cancer risks.
  • News, Product Liability

Johnson & Johnson talc lawsuit in the UK: What you need to know

A UK lawsuit claims Johnson & Johnson’s talc products cause cancer. Learn about the case,...
Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

Flight cancelled or delayed for 3+ hours? You could be due compensation!

Flight delays and cancellations can completely disrupt your travel plans, costing you time, money, and...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ

© Join the Claim All Rights Reserved | 2025

Go to claims