, ,

Dixons Carphone Warehouse fined half a million pounds for huge data breach

Dixons carphone fine

In summer 2018, Dixons Carphone Warehouse (DSG Retail Limited) admitted that millions of its customers had their details exposed in a massive data breach.

  • Hackers got access to 14 million personal data records. This compromised dates of birth, addresses and phone numbers
  • Dixons Carphone also discovered a separate attempt which compromised the records of 5.9 million payments cards.

In response, the Information Commissioner’s Office (ICO) has now fined the company £500,000 for this shocking data privacy failure.

What was the result of the ICO investigation?

An ICO investigation into the breach has found the national retailer guilty of having poor security arrangements and failing to take adequate steps to protect personal data. This included vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing.

Commenting on the breach, Steve Eckersley, ICO’s Director of Investigations, said:

“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR.”

Will victims of the Dixons Carphone Warehouse receive this money?

No, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation.

However, now that the ICO has found Dixons Carphone Warehouse guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim.

Why should you make a data breach compensation claim?

A data breach can lead to financial and identity fraud

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

“The ICO considered that the personal data involved would significantly affect individuals’ privacy, leaving affected customers vulnerable to financial theft and identity fraud.”

The emotional impact of a data breach can be devastating

The impact of data breaches goes much further than financial losses. We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury. Mr Eckersley added:

“Such careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud.

“We recognise that cyber-attacks are becoming more frequent, but organisations have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.”

Crucially, you do not need to have suffered any financial loss or emotional distress to make a claim. If you have suffered a privacy violation caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

It’s essential to hold companies to account if data security is to improve

This is not the first time the company has failed to protect its customers’ data. In fact, there is a history of data negligence at the company.

The Carphone Warehouse (which merged with Dixons) was fined a £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees were put at risk.

Something must be done to hold them to account.

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Making a Dixons Carphone Warehouse data breach compensation claim

If you were affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is at the mercy of cybercriminals following the Dixons Carphone Warehouse data breach.

In response, and in light of the ICO’s findings, we will now be launching a group action to help people claim Carphone Warehouse breach compensation.

We have appointed an expert barrister to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

To become part of this group action, we need you to register with us. This guarantees that you will form part of the Carphone Warehouse breach compensation claim that will be lodged by us.

We can take on your claim on a no-win, no-fee basis so you have nothing to lose.