Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
In the penultimate week of March, retail chain Fat Face reportedly sent an email to customers notifying them of a breach that had first been identified in mid-January. Reportedly sent to thousands of affected customers, the email revealed that private data had been accessed by an unauthorised user for a limited period of time. It has also been alleged that customers were told to keep the notification of the Fat Face data breach private, and that the company has allegedly paid a ransom to a cybercrime gang.
These claims have yet to be fully verified, but there are still several issues arising out of the Fat Face data breach. The company’s notification to customers appears to be delayed at best, which raises questions about whether Fat Face followed the correct data breach notification procedures. At this stage, we do not know, and we will need to find out.
In any case, the victims whose private information was exposed could now fall victim to data misuse. If it emerges that Fat Face was at fault, victims may be eligible to make compensation claims, and we are already taking claims forward for this incident.
At the end of March, the Fat Face data breach became public knowledge when a notification email was sent out to thousands of affected customers. It described a breach, initially detected on 17th January, where a hacker is understood to have accessed data including customers’ names, postal addresses and email addresses, as well as the last four digits of their credit cards. According to reports, staff were contacted with a similar email, instead telling them that their bank account details and National Insurance numbers may have been compromised.
Fat Face asserts that they began an investigation immediately in association with cybersecurity specialists, who established that an unauthorised third party had gained access to data for short period of time. It is not clear when this conclusion was reached, but it took Fat Face over two months to notify customers that their data had been affected.
Typically, UK laws require companies to disclose data breaches within 72 hours of the incident occurring, or knowledge of it occurring. Customers faced a long delay before they were notified of the personal information affected in the Fat Face data breach and, on top of this, the company reportedly made the following request to customers:
“keep this email and the information included within it strictly private and confidential”
As specialists in data protection law, we want to reassure those affected that they are still entitled to seek independent legal advice. Your Lawyers – The Data Leak Lawyers – as a leading firm of data breach lawyers, can tell you now that this statement is an unusual one to have been made.
Some reports have alleged that Fat Face paid a $2m ransom to a ransomware gang following the data breach. If this is found to be true, Fat Face may have gone against the standard advice given by cybersecurity experts to not give in to such demands.
The ICO is now investigating the Fat Face data breach, so the allegation of ransom payment may not be proven or disproven until the regulator comes to a conclusion.
Nevertheless, the customers and employees who have had their personal data exposed may likely have been distressed to receive this news. Those affected may be able to claim compensation for the harm caused, so contact us for free, no-obligation advice if Fat Face notified you of your involvement in the breach.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.