Our policy is zero-tolerance on breaches. As soon as we find out that a breach has occurred we will:
Evaluate the extent of the damage.
2. Report it to ICO as a DPA security breach.
3. Let our users know along with the necessary course of action.
You can find our ICO registration here.