, ,

Has Dixons got off lightly following data breach fine?

dixons breach

Dixons has been fined half a million pounds for failing to protect its customers’ personal data. But, while £500,00 might seem like a lot of money, Dixons actually dodged a much bigger financial penalty. Because, had the attack happened now, the fine would inevitably have been much higher under new data protection regulations (GDPR). So it’s important that people hold the retailer to account by making a Dixons data breach compensation claim.

What happened in this case?

The data breach saw a hacker install malware on 5,390 cash registers at Dixons Travel stores and Currys PC World. The attack exposed the full names, postcodes, email addresses, credit checks of millions of customers. Payment card data was also compromised in a separate attack.

Data Protection in the UK

The General Data Protection Regulation (GDPR) came into force on May 25th 2018. This means that the breach was considered under the Data Protection Act (DPA) 1998, not the newer Data Protection Act (DPA) 2018 (the UK’s version of GDPR).

These acts have drastically different level of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

So, while the ICO imposed the highest possible fine, Dixons got off lightly.

Is Dixon’s taking responsibility for its data privacy failings?

Not really. In fact, while the company has apologised for the breach, Dixons is “considering our ground for appeal”.

That’s despite the fact an investigation into the breach by the Information Commissioner’s Office (ICO) found:

  • Systemic failures in the way DSG Retail Limited safeguarded personal data
  • Failures relating to basic, commonplace security measures
  • Vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing

So, you could argue that the retailer continues to show a complete disregard for the customers whose personal information was stolen.

What does the ICO fine mean for you?

In truth, while data protection lawyers like to talk about the changes that have occurred since GDPR, for people who had had their data breached, the level of fine doesn’t make much difference. Mainly because, while the ICO can impose a monetary penalty on a company, this isn’t given to victims of the data breach.

The only way for you to hold Dixons to account is to make a data breach compensation claim.

That being said, the ICO fine is good news for victims of the data breach. Because now that the ICO has found Dixons Carphone guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim.

Who can claim compensation for the Dixons data breach?

Everyone who was impacted by the breach should have been contacted by the national retailer and can now make a data breach compensation claim.  You can claim for:

  • Financial losses. A data breach can result in both financial and identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts
  • Distress, anguish and anxiety. Being the victim of a crime can have a significant impact on you mentally and physically. Everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job
  • Loss of privacy. If a company does not protect your data in the way it is legally obliged to do, and you have suffered a loss of privacy, you can make a claim. For example, if your email address was stolen or otherwise put at risk.

Why use Hayes Connor Solicitors to make a Dixons data breach compensation claim?

At Hayes Connor, we are making a group action case against Dixons. A group action allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and make a big organisation take the matter seriously. This increases their chances of settlement or success in litigation.

Crucially, we are data breach and cybercrime experts. A relatively new and evolving area of law, this is all we do, and we have become a true specialist in data breach law. As such, we lead our field when it comes to understanding the complexities involved. And, with over 50 years’ experience helping our clients secure the justice they deserve, our solicitors work tirelessly to ensure the best possible outcome for you.

We have also appointed an expert Barrister to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

We know that making a claim can be difficult. Particularly where your sensitive information has already been breached or another online offence made against you. So, when you work with us, we make sure you are fully protected. And we remove the jargon from the compensation process, so you always know just what’s happening.

To become part of this group action, we need you to register with us. We can take on your claim on a no-win, no-fee basis so you have nothing to lose.