From major data breaches to tech lawsuits, several high-profile cases are developing across the UK and beyond. Some could affect millions of people, while others focus on specific groups of customers, students, businesses or service users.
Here’s a round-up of the claims worth keeping an eye on this month.
UK Biobank data breach
Data linked to around 500,000 UK Biobank participants was reportedly listed for sale on Chinese e-commerce platforms in April 2026. UK Biobank says direct identifiers such as names and addresses were not included, but the data was highly detailed and linked to health, lifestyle and demographic information.
You could be affected if:
You took part in UK Biobank.
What to do now
Register your interest and we’ll keep you informed if one of our regulated UK partner law firms is able to investigate potential legal action.
Booking.com data breach
Booking.com has confirmed a data breach involving customer reservation information. The company says it detected suspicious activity, updated reservation PINs and contacted affected users. Financial information is not said to have been accessed, but reservation details and contact information can still be used to create convincing scams.
You could be affected if:
You used Booking.com for recent or upcoming travel.
What to do now
Stay alert for messages claiming to be from hotels, apartments or Booking.com, especially if they ask for payment or personal details. You can also register for updates with Join the Claim.
South Staffordshire Water data breach
The ICO has fined South Staffordshire Water and its parent company £963,900 after a cyberattack exposed the personal data of more than 633,000 customers and employees. The regulator said attackers had access for nearly two years before the breach was discovered.
You could be affected if:
- You are or were a South Staffordshire Water or Cambridge Water customer
- You worked for South Staffordshire Water or its parent company.
What to do now
ICO fines do not go directly to affected individuals. However, people affected by serious data breaches may be entitled to compensation in some circumstances. Register your interest to stay informed.
TELUS Digital breach
TELUS Digital has confirmed it is investigating unauthorised access to a limited number of systems. Hackers linked to ShinyHunters have claimed they stole a huge volume of data.
You could be affected if:
Your data was handled through TELUS Digital’s customer support or operational systems.
What to do now
If contacted, follow the guidance in the notification and stay alert for phishing emails, scam calls and fake payment requests. Find out more.
Amazon Fire TV Stick lawsuit
Amazon is facing a lawsuit in California over claims that older Fire TV Stick devices were effectively “bricked” after software support ended. The case alleges that some users were left with slow, glitchy or unusable devices and were pushed towards upgrading.
You could be affected if:
- You owned an older Fire TV Stick
- Your device became difficult or impossible to use after support ended.
What to do now
This is currently a US case, not a UK claim. If similar legal action emerges in the UK, affected users could potentially seek compensation. Find out more.
Microsoft cloud licence claim
A £2.1 billion UK claim against Microsoft has cleared an early hurdle. The case alleges that Microsoft overcharged around 60,000 UK businesses for using Windows Server on rival cloud platforms, including Amazon Web Services, Google Cloud and Alibaba Cloud. Microsoft denies the allegations and has said it plans to appeal.
You could be affected if:
- Your business used Windows Server
- You ran it on a non-Microsoft cloud platform
- You may have paid higher licensing costs as a result.
What to do now
This is a business-focused competition claim rather than a consumer claim, but it reflects the wider rise in UK group actions against major technology companies. Find out what it means for UK businesses.
Rituals data breach
Rituals has confirmed a data breach affecting customer membership records. The company says there was an unauthorised download of member data, which may include names, dates of birth, addresses, email addresses, phone numbers, preferred stores and account types.
You could be affected if:
- You have a Rituals account
- You are part of the My Rituals membership programme.
What to do now:
Be cautious with unexpected emails or texts, especially messages asking you to click links or provide account information. Keep hold of any notification you receive. Find out more.
Canvas data breach
Canvas, the online learning platform used by universities and colleges, has been affected by a major cyberattack. Instructure, the company behind Canvas, has said stolen data was returned and deleted as part of an agreement with the hackers, although experts have warned that risks may remain.
You could be affected if:
You are a UK student or staff member at an institution using Canvas.
What to do now
Watch out for phishing emails, fake password reset messages and suspicious links. We’ll continue monitoring whether this leads to potential UK legal action.
Stay in the loop and don’t miss a thing with Join the Claim
Join the Claim keeps you informed about potential compensation claims.
Want the latest claim news delivered straight to your inbox?
Sign up to our newsletter for quick updates, breaking developments, and insider info on what claims are heating up next.
