In the absence of a more generous approach by the courts when assessing quantum and costs, the pursuit of data breach claims on behalf of individuals will prove to be a question of financial risk for claimant representatives. Recent decisions have demonstrated the difficulty in succeeding in data breach actions where minimal distress or loss has been caused to a claimant. Alternatively, claimant representatives may look to pursue actions on behalf of numerous individuals in a class action. However, these actions are by no means a guaranteed route to success. The decision in Farley v Paymaster saw a significant percentage of data breach actions in a mass claim dismissed for not meeting the appropriate threshold of seriousness, and Adams v Ministry of Defence demonstrated the challenges of using an 'omnibus' Claim Form, where multiple claimants are added to a single claim. The Civil Procedure Rule Committee is considering this method of pursuing multiple claims, and this route may be closed off or narrowed significantly upon further guidance. Nonetheless, we still expect that claimant practitioners will explore other avenues to pursue data breach actions in response to judicial guidance and other pressures, as they have done in the past.