Big data breaches can affect you

Data breaches occur all the time. Hackers are out there trying to find your personal information and stealing it from companies is a way to find out all sorts of things about you that then fall into the dark web. From there, data is sold to scammers and others interested in carrying out identity theft.

Rightly Protect is 100% free

  • No downloads
  • No trial
  • No subscriptions
  • No ads

To lower the chances of you being targeted by scammers, you can get your personal data deleted from any company you choose. Then, if they get hacked, your personal information can’t be stolen and used against you.

Here are some examples of personal data that could be compromised in a data breach:

  • Name, address and contact details
  • Bank and insurance details
  • IP Address & Cookie identifiers
  • Marital status and number of children
  • Political opinions and affiliations

Who’s getting breached?

Here are some of the biggest data breaches of recent times

Marriott International

In 2022, hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information. This follows several other big data breaches 2014, 2018 and 2020.

Virgin Media

Virgin Media failed to protect personal data of some 900,000 people when a database was left exposed between April 2019 and February 2020.

Network Rail wifi

Network Rail confirmed that one of their free WiFi hotspot provider’s, C3UK, has suffered a personal data breach that leaked the email addresses and travel details of about 10,000 people online.


In May 2020, low-cost airline EasyJet revealed that a "highly-sophisticated attacker" stole the personal data of 9 million customers.


In October, retail giant H&M was fined €35.3m (£32.1m) for the illegal surveillance of several hundred employees. This is the second-largest fine a single company has faced under EU GDPR rules.

MGM Grand Hotels

In February 2020, the personal details of more than 10.6 million users who stayed at MGM Resorts hotels were published on a hacking forum. This affected both normal tourists and a huge number of celebrities, tech CEOs, government officials and reporters.


In April 2020, the news broke that 500,000 stolen Zoom passwords were up for sale, and more than half a million Zoom account credentials had been shared.

Boots advantage card

Boots had the data of approximately 150,000 people stolen. The type of information breached was mainly usernames and passwords.

Clearview AI

The facial-recognition software maker’s entire list of customers was stolen in a huge data breach. A security flaw meant that an unauthorised person was able to access every search made by each of Clearview AI’s customers – and how many accounts each customer had set up.

Koodo Mobile

The Canadian brand’s customer data was breached by an unauthorised person and sold online. The information that was stolen was from August and September 2017.


Brighton and Sussex University Hospitals NHS Foundation Trust was fined £325,000 by the ICO in 2012 for the loss of sensitive personal information about patients and staff.

The Trust hired a contractor to destroy some old hard drives which contained sensitive information. But the contractor instead sold the hard drives on eBay.


At the end of 2019, currency exchange firm Travelex found itself the victim of a ransomware attack. Cybercriminals locked Travelex out of its own files, and halted currency transactions across the UK, and demanded almost £5 million in exchange for the return of 5GB of stolen personal data.


After hackers stole the personal information of 2.7 million Uber customers, the ridesharing company paid the attackers $100,000 in exchange for a pledge to destroy the data. Uber did not inform anyone of the breach for more than a year. It was this failure to notify customers and regulators, as well as the size of the breach, that resulted in a £385,000 fine.

The attackers gained access to the information by using “credential stuffing”, in which usernames and passwords have already been compromised, and the attacker simply tries them on a multitude of websites until they manage to gain access to an account.

You can minimise your chances of having your identity stolen by deleting your data with as many companies as possible. Doing this cleanses the amount of information about you online and makes it much harder for companies and scammers to know how to contact you.

Remember, it's your legal right to decide how your information is being used and what for.

The easiest way to reduce the amount of scams you receive, from email phishing to phone scams, is by minimising your personal data online. You can do this with Rightly Protect, quickly and for free.

If you have personal data in a company’s database it’s at risk of being lost or stolen in a data breach. If that happens, it can make you more vulnerable by it being used against you in a scam.

If you don’t want a company to have your data any more, or they simply no longer need it, then use Rightly Protect to get it deleted. If a company doesn’t have your data, they can’t lose it or have it stolen. With Rightly Protect you can delete your data from any company’s site, in one go and for free.

As featured on
  • LBC logo
  • daily_mail_logo2x.format-webp.original
  • you_and_yours_logo2x.format-webp.original
  • daily_express_logo2x.format-webp.original
Delete, don't unsubscribe

Unsubscribing doesn’t delete your data.

Even if you’ve hit ‘unsubscribe’ in an email, your personal info can still be exposed in a data theft and could fall into the hands of criminals, because unsubscribing from emails doesn’t delete your data.

Be in control of your data

Rightly Protect is quick and easy

  • find 100s of companies that hold your data in a minute

  • send a deletion request with a click of a button

  • delete your account with us anytime

  • How it works - Discover NEW


    We help you find companies that shouldn't have your data

  • Product screen Gambling

    2. SELECT

    Easily choose which companies should delete your data

  • How it works - Delete 1 NEW

    3. DELETE

    We make it easy to tell them to delete it using your GDPR rights

Our privacy promise

You can delete your Rightly account at any time.

We know there’s an irony to creating an account with Rightly, just at the moment we’re helping you delete your data from lots of companies. But as Champions of Data, we make it easy for you to delete your Rightly account too.

  • Verified by Google
  • ISO27001 certified
  • Registered with the ICO

Sometimes, it’s helpful to have your data shared. But not without your consent. What happens to your data and who it's shared with often isn't made clear, and in particular, that it gets sold on and used to better target you with advertising.

Understandably, many people find this extremely invasive.

Why should I delete the data held by companies?

The data that apps and websites store is private.

In a data breach, or if a company sells your data, it can fall into the wrong hands and be used in a scam against you.

What happens to your data should be up to you.

    • shield

      Data Collection

      Collecting all this personal data might help the app or website present offers or deals that interest you. But when you’re done with the app or website, the data you leave behind puts you at risk.

    • shield

      Data loss

      Many apps and websites sell personal data to third parties, and many have a long history of data breaches. Don't get stung by a data theft.

    • shield

      Protect yourself

      The easiest way to stop apps and sites using your personal data is to use Rightly Protect to send a deletion request. We'll connect you to as many companies as you need and request erasure of your personal data, in one go. And for free.

    Some common questions