carphone warehouse compensation
, ,

Join a group action Carphone Warehouse data breach claim

Dixons Carphone is facing legal action from potentially millions of people after it was revealed that hackers have accessed the information of close to 10 million customers. The hackers also got access to the records of 5.9 million payments cards (nearly all of which were protected by chip and pin).

While the company claims that no customers have been the victim of fraud as a result of the hack, you can still claim for any distress you have suffered as a result of the Dixons Carphone data breach.

The National Crime Agency has been investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

As expert data breach solicitors, here at Hayes Connor, we are carefully watching developments unfold in this case, and are preparing to launch a group action Carphone Warehouse data breach claim once the relevant investigations are complete.

What happened in the Carphone Warehouse data breach?

The Dixons Carphone data breach took place in 2017 and resulted in customer records being accessed from Currys PC World and Dixons Travel stores. Both payment card details and non-financial records were compromised.

The Dixons Carphone’s investigation has not uncovered any evidence of additional fraud, but it has revealed that significantly more data was taken than first thought.

Crucially, the details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes.

Dixons Carphone has been criticised for downplaying the severity of the hack. Because today, criminals don’t need payment card or bank account details to cause havoc. Indeed, the sheer scale of damage and distress that can be created by criminals gaining access to personally identifiable information (PII) cannot be underestimated. So, while there is no evidence of financial losses suffered by customers of Currys PC World and Dixons, this doesn’t mean that the impact on victims is any less significant.

To make matters worse, this is not the first time that the company has failed to protect its customers. Earlier this year, the Carphone Warehouse, which merged with Dixons, was fined £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. So, with a history of failures, the relevant authorities will now be looking very carefully at this latest data breach.

What are we doing about a Carphone Warehouse data breach claim?

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information is now at the mercy of cybercriminals. In response, we are now considering launching a group action against Dixons Carphone.

As such, we have appointed Barrister Ian Whitehurst to help in this case. Having developed a practice in the field of data breach claims for individuals and companies who have had their personal and sensitive data breached by third parties, we are confident that our team will get the results our clients deserve.

Why launch a group action Carphone Warehouse data breach claim?

A group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

What’s more, with a group action claimants often share the legal fees. Even better, while the cost of pursuing small claims can be a barrier to justice, by grouping cases together, solicitors are often able to run group actions on a no win-no fee basis.

Find out more about group actions.

What should you do if you have been affected by the Dixons Carphone data breach?

If you are worried that Dixons Carphone has exposed your data, there are a few simple steps you can follow.

  1. Determine what was stolen. To protect yourself as much as possible you need to know what kind of information was accessed in the data breach. Dixons Carphone should be able to advise you on this
  2. Change your passwords. If an online account (such as an email address) has been compromised, change the password right away. You should also change all other accounts that use the same password, and – if your email could be compromised – any accounts that could be accessed via your email. To keep you safe in the future, create a secure, unique password for each account (you might want to consider using a password manager to do this for you)
  3. Deploy additional security measures. If an app or website offers two-factor authentication to protect an account, use it
  4. Contact your bank. If any financial information has been stolen, contact your bank immediately and explain that your account is at risk of fraud. As well as issuing a new card, the bank should be able to advise you if it detects suspicious activity on your account
  5. Be vigilant. Beware of scammers using your stolen data against you. For example, don’t click on any links in emails asserting to be from your bank and always use the numbers they provide on their website if they ask to talk to you
  6. Sign up for a credit and/or identity-monitoring service. This will help you to monitor your financial accounts and sensitive personal information. Many organisations will offer such services free following a data breach but it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  7. Keep a record. Make a list of all the accounts that could have been accessed and note down why you are concerned about them
  8. Inform the Information Commissioner’s Office (ICO) about your concerns. At present the ICO is undertaking an investigation into the Dixons Carphone Data Breach. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  9. Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

To find out more, read our handy step-by-step guide to making a data breach claim

How can you join the Carphone Warehouse data breach claim group action?

If you have had an email from Dixon’s Carphone you could be entitled to several thousand pounds in compensation so it’s important to act now. And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Find out more about no-win, no-fee.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.


Tesco Bank data breach. Are you affected?

Tesco Bank is at the centre of a recent data breach investigation after thousands of customers’ sensitive information was carelessly leaked. The bank has found itself in the spotlight after Travelex – which runs Tesco Bank’s foreign currency exchange service – admitted that a breach had occurred putting 17,000 users at risk.

This data leaked includes full names, dates of birth, phone numbers, delivery/billing addresses, email addresses, IP addresses and partial payment card numbers. Travelex stresses that card information was disguised using industry standards, so ‘no financial information was put at risk’.

It is thought that the cause of this breach is down to human error rather than a cyber-attack, although an investigation is ongoing.

Do you need to worry?

The Travelex breach involves travel money customers who used Tesco Bank’s foreign exchange currency service online between 14 December 2016 and January 2017.

If you have been affected, you can expect to receive a letter from Travelex soon. The company has also set up a special hotline 0800 9758376 (Mon-Fri 9am-5pm) or via email

What should you do now?

While Travelex is adamant that financial information is safe, and that there is no indication that any of the data has yet been used by a third party, your name, date of birth and contact details can be used by cyber-criminals with the aim of committing identity theft and fraud. So the breach is a significant one; particularly if the information finds its way onto the darknet.

As such it is vital that those at risk:

  • Report their concerns to the ICO to ensure a full investigation takes place
  • Review guidance issued by the ICO
  • Review all bank accounts and credit card statements for unusual transactions
  • Be cautious of any unsolicited communications that ask for any personal information or refer you to a website asking for the same
  • If you have been the victim of online fraud or identity theft, you should also contact Action Fraud. You can do this online or via telephone. Action Fraud is the national fraud reporting service and is the starting point for any police investigation into your loss.

While Travelex is offering 12 months complimentary fraud protection to those affected, we advise anyone signing up to be careful that in doing so, they are not inadvertently signing away their rights to pursue a compensation claim against the company. If you are any doubt, please contact us and we can advise on the terms and conditions of this offer.

Can you claim compensation?

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. In this case, we would expect payment of between £1,500 – 2,500 due to the details disclosed. However, this could increase further if you suffer any financial losses because of the breach.

If it is found that the leak was down to human error, there is a case for negligence. What’s more, we are especially concerned that there may have been a delay in disclosing the breach. If this is true, this could lead to aggravated damages being awarded (additional damages caused by the delay).

At Hayes Connor Solicitors we can seek compensation on your behalf. Likewise, if you suspect your data has been mishandled or lost, we can check whether this is the case, and if so, start the claims process.

Because of the number of people involved, we may also be able to mount a group action claim. With this approach, you and the other Claimants collectively bring your cases to court against a Defendant. Where circumstances are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim. As specialists in data law, we are watching this case very carefully and may put together a group action and seek compensation when the investigations are complete.

What now?

If you have been affected by this breach, contact us to start the legal proceedings. Likewise, if you want to be kept up to date on this case, get in touch. We’ll let you know if and when you can claim.