Data breaches have become an unavoidable reality. From multinational corporations to local service providers, no organisation is immune to cyberattacks. While headlines often focus on financial penalties, regulatory scrutiny, and technical remediation, a critical dimension remains underexplored: the psychological impact on individuals whose personal data has been compromised.

When a consumer receives a breach notification, the experience is rarely neutral. It triggers a cascade of emotions, fear, anger, helplessness, which can persist long after the technical incident is resolved. Recent developments, such as the Information Commissioner’s Office (ICO) penalty notice(1) judgment on Capita and the Royal United Services Institute (RUSI) report(2) on ransomware victims, underscore the growing recognition of these human consequences. This article examines the psychological toll of data breaches on consumers, explores regulatory trends, and outlines what businesses can do to mitigate harm.