Lister Fertility Clinic data breach puts patients at risk

In 2021, the Lister Fertility Clinic – one of the UK’s leading fertility treatment providers – was hit by a serious data breach. This breach exposed the sensitive medical records of approximately 1,700 patients, putting them at risk of identity theft, fraud, and emotional distress.

The breach occurred due to a ransomware attack on Stor-a-File Limited, a third-party document management provider used by Lister and several other healthcare organisations. When Stor-a-File refused to pay the ransom, cybercriminals leaked thousands of patient files onto the dark web.

What patient data was exposed?

According to various reports, the stolen records included:

  • Patient consent forms
  • Medical histories and test results
  • Fertility treatment records
  • Scanned copies of passports (for both patients and their partners)
  • Personal and contact information

This highly sensitive data should have been securely protected. Instead, it is now feared to be circulating among cybercriminals. To make matters worse, some of the data stolen from Stor-a-File was later published on the dark web.

Why the Lister Fertility Clinic data breach is so serious

Healthcare data breaches are particularly concerning because:

  • Medical records are permanent. Unlike credit card numbers, they can’t simply be changed
  • Personal data can be misused for fraudulent activities such as identity theft and scams.
  • Medical histories, including details of fertility treatments, could be used maliciously against patients.
  • Many patients have expressed anxiety and fear over the exposure of their private medical information.

How Lister Fertility Clinic Responded to the data breach

Lister has apologised to affected patients and stated that their data has not yet been found on the dark web. However, the clinic has admitted that this could still happen, causing further distress to those involved.

Can you claim data breach compensation?

If you are a Lister Fertility Clinic patient whose data was exposed in this breach, you may be eligible to claim compensation.

Find out more

Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.  

This information is for general guidance only and does not constitute legal or financial advice.

You may also like:

  • Environment, News, Vehicle

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.
  • Data Breach, Financial, News

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.
  • News, Vehicle

Jaguar Land Rover DPF claims vs. dieselgate: What you need to know

Confused about Jaguar Land Rover DPF claims vs. Dieselgate? Learn the key differences, legal actions, and how to check if you qualify for compensation.

Latest news & insights

Diverse team of two business people working talking using smart phone walking in corporate office
New guide: everything you need to know about joining a group action claim
Unsure how group litigation works in the UK? Our new guide explains what to expect before joining a group action claim.
Digital Business and Technology concept, Virtual screen showing DATA BREACH.
UK data breaches surge in 2026
Data breaches in the UK have hit 33.2 million, with 4.4 million in just the first quarter of 2026. Here’s what’s driving the surge and what it means for your data.
solutions that serve the optimization and economical use of water.
ICO fines South Staffordshire Water after hackers hid inside systems for almost two years
The ICO has fined South Staffordshire Water £963,900 after hackers remained inside its systems for almost two years, exposing sensitive customer and employee data.
A diverse group of five students happily walk through a university hallway
Canvas data breach explained: what UK students need to know
The major Canvas cyberattack has affected universities around the world, including in the UK. Here’s what students need to know.
Telus logo or sign on a modern building. Telus is a tele-communications company
TELUS Digital breach explained: what we know about the alleged cyberattack
TELUS Digital has confirmed a cybersecurity incident after hackers claimed to have stolen nearly 1 petabyte of data.
Amazon fire tv stick remote in hand with selective focus tv background.
Amazon Fire TV Stick lawsuit: why “bricking” claims matter
Amazon is facing a US lawsuit over claims it “bricked” older Fire TV Sticks. Here’s what’s being alleged and why it matters.
Person holding phone with Microsoft OneDrive is a file hosting service that allows users to sync files.
Microsoft cloud licence claim: what it means for UK businesses
A £2.1bn UK claim against Microsoft over cloud licensing has been allowed to proceed.
concept of using Passkey instead of a code set for maximum security Biometric Lock
Passkeys explained: why the UK is being told to move beyond passwords
The UK’s cyber security agency says passwords are no longer enough. Here’s why passkeys are being pushed as the safer alternative.
photovoltaic solar park renewable energy wind generators blue sky background
Ofgem reforms: what stronger energy consumer protections mean for you
The government is strengthening Ofgem’s powers to protect energy consumers. Here’s what’s changing and what it could mean for households.
Smartphone on surface showing Canva logo.
Canva data leak: what the alleged breach could mean for users
An alleged dataset linked to Canva has surfaced online, containing 900,000 user records. Here’s what’s been reported.
the logo of the brand "Rituals". Rituals is a company for Cosmetics.
Rituals data breach: what it means for UK customers
Rituals has confirmed a data breach affecting customer data across Europe and the UK. 
women travelers,waiting at train station journey,with luggage and large backpacks
Interrail data breach: why some travellers are being told to replace passports
Over 300,000 Interrail travellers had personal data exposed in a cyber incident. Some are now being advised to replace passports.
technician of health with blood tubes in the clinical lab for analytical / hand of doctor holding blood sample in tube test for analysis in laboratory
Nearly 200 Biobank data incidents raise concern as more private health records found online
UK Biobank data has reportedly been leaked nearly 200 times in a year. Here’s what it means for participants.
April calendar 2026 with Join the claim logo
What we’ve been working on at Join the Claim in April
A round-up of what we’ve been working on in April at Join the Claim, including new claims to watch, legal developments and practical consumer guides.
Warning road sign against a stormy sky saying Scam Alert
Scam alert update: April 2026
Stay alert this April with the latest scam warnings from Join the Claim
View all news

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a trading name of Join the Claim Limited, authorised and regulated by the Financial Conduct Authority (FRN: 1053404). Registered in England and Wales, Company No: 16245278. Registered office: 32 Eyre Street, Sheffield, S1 4QZ.

© Join the Claim All Rights Reserved |

2026
Go to claims