A group data breach claim against technology outsourcer Capita can proceed after the court rejected a submission that the case was an abuse of process.

The defendant had argued in the High Court that Barings Law, representing more than 8,000 alleged victims of a cyber attack in 2023, had used repetitive or generic terms to describe the mental harm clients had suffered. It was further argued that Barings had influenced claimants’ evidence relating to the mental distress and anxiety they suffered.

In a decision handed down last week, Master Dagnall dismissed the allegation that the solicitors had committed an abuse of process. He said that Capita had failed to prove that an abuse of process had taken place, noting that solicitors ‘had a real basis’ and a ‘wide latitude’ to prepare evidence, and that clients gave their informed consent to Barings in order to proceed with the claim.

Adnan Malik and Robert Whitehead_

Adnan Malik and Robert Whitehead, Barings Law

The judgment further found that striking out the claims would have been a ‘draconian step’, and the strength of evidence would be determined in future proceedings. The full ruling is expected to be published in the coming days.

Barings launched the case against Capita in 2023, following a cyber attack which exposed the personal information of 6.6 million people, such as financial and pension data.

Robert Whitehead, chairman of Barings Law, said the data breach has had an ‘inevitable impact’ on the health and wellbeing of clients. He added: ‘Barings continues to take its fight for consumer privacy to the very highest levels. Despite the stakes, we continue to pursue justice in a way that is affordable and accessible.

‘We are encouraged by the decision handed down in the High Court this morning and see it as a vindication for the rights of our claimants and those in future data breach cases.’

The 2023 cyber attack led to unauthorised access to certain IT systems and disruption of some Capita client services. Since the incident, the company has invested in technology upgrades, testing and monitoring, policy improvements and training and awareness.

Last October, the Information Commissioner’s Office fined Capita £14m for failing to ensure the security of personal data. The regulator said Capita ‘failed in its duty to protect the data entrusted to it by millions of people’, and that the scale of this breach and its impact could have been prevented had sufficient security measures been in place.