Okay, if they've admitted liability (albeit only verbally) then you're in a strong position.
I would write to them setting out your complaint and giving details of the specific breach, state that you consider you have suffered significant distress as a result and have lost confidence in them. If they have credited your account with a sum of money in respect of the breach then ask them why this was done without your knowledge. Ask how they propose to constructively resolve the situation.
It is a breach of the Data Protection Act to released your banking details without your consent (state this in the letter) and you can claim compensation under the DPA is you suffered damage or distress. Plainly, if you have suffered specific loss then you should seek this from them in your letter.
Were you to take the matter to Court then the difficulty would be proving that you have suffered damage and distress if there is no direct financial loss. The burden would be on you to prove this and you would be liable to pay their costs if unsuccessful.
If you have not suffered an direct financial loss then I would do some sabre-rattling in correspondence and see how much 'give' that figure of £100.00 as in it, but probably knowing that I would not issue a claim at Court. It seems a very token amount.
Naturally you should wait some time to see if there are any transactions that you did not authorise so you can establish if you have actually suffered direct financial loss.
If this is useful please kindly click accept so that I may be rewarded for my time. It will be gratefully received and you will be free to ask follow up questions.