Young non binary person checking his smartphone worried.

Understanding special category data following the M.A.D Mobile dating app breach

The exposure of nearly 1.5 million private images from dating apps developed by M.A.D Mobile has prompted widespread concern – but one crucial legal question remains: does this breach involve “special category data” under UK GDPR?

The answer, while not straightforward, is likely to be yes.

What is special category data under UK GDPR?

Under Article 9 of the UK GDPR, special category data refers to information that is particularly sensitive and requires a higher level of protection. This includes data relating to:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data
  • Health
  • A person’s sex life or sexual orientation

In this case, although names and identifying information were not directly attached to the leaked images, the content itself could arguably fall within the definition of special category data.

Many of the exposed images were sexually explicit. Others may reveal sexual orientation, gender identity, or involvement in alternative sexual practices such as BDSM. When combined with the context – namely, that they were hosted on apps specifically catering to LGBTQ+ and kink communities – it becomes clear that this is the unauthorised exposure of intimate, sensitive, and highly personal information.

Legal obligations and potential failings

The UK GDPR is clear: where special category data is processed, the data controller must implement not just general security safeguards, but measures appropriate to the heightened sensitivity of the data. These include stricter technical and organisational controls, explicit user consent for processing, and robust responses to any breach.

M.A.D Mobile appears to have failed on all fronts. The storage was unencrypted, unauthenticated, and left exposed for months. Despite being warned about the issue in January 2025, the company only acted after media intervention – a delay that could have allowed unknown parties to access and store the data.

Who can claim for M.A.D mobile data breach?

This potential mishandling of special category data may give rise to more serious legal consequences, including enforcement by the Information Commissioner’s Office and the amount of compensation awarded to those affected if a compensation claim goes ahead. The fact that the data may qualify as special category data strengthens the seriousness of the breach and, potentially, the value of any resulting claim.

If you used one of the affected platforms, it is worth registering your interest in a group claim.

Register now

You may also like:

Thousands of drivers given permission to sue BMW for illegal emissions devices

In January 2024, the High Court ruled that drivers could sue BMW for fitting some diesel vehicles with devices that tricked emissions tests. The illegal devices made it seem like BMW’s diesel cars were less-polluting than they actually were.

Asda equal pay claim: Can store workers fight for fair wages?

Asda store workers may be underpaid. Check if you qualify for an equal pay claim and take action to seek the compensation you deserve.

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.

You might also like

See more resources

Several bottles of Johnson's baby powder on a store shelf, symbolising the Johnson and Johnson talc lawsuit over alleged asbestos contamination and cancer risks.
  • Health & Medical, News

Johnson & Johnson talc lawsuit in the UK: What you need to know

A UK lawsuit claims Johnson & Johnson’s talc products cause cancer. Learn about the case,...
Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

Flight cancelled or delayed for 3+ hours? You could be due compensation!

Flight delays and cancellations can completely disrupt your travel plans, costing you time, money, and...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ

© Join the Claim All Rights Reserved | 2025

Go to claims