Legal help for data breach compensation claims

Ffrees customer personal information has been exposed in a data breach

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Ffrees is an online banking service that lets customers transfer money into their Ffrees account for discounted shopping, where users may benefit from discounts on purchases in various shops

Recently, they have come under fire for data protection and compliance issues.

Ffrees have previously come under scrutiny for their terms and conditions, but now it seems the company has failed to secure their customers’ personal information following a cyber security incident.

The breach

We’ve been approached for advice following customers receiving emails from Ffrees admitting to an “information security incident”.

The company are notifying its users that certain personal information was “temporarily exposed” on their systems. As data breach specialists, we know that even the smallest opening for a data breach is all that’s needed for cyber criminals to access and obtain vast amounts of information. Even “temporary” exposure can lead to significant problems because, once information is accessed, closing the source does not retract the information.

The information that may have been breached includes the users’:

Title Full name
Date of birth Gender
Address Email address
Home & Mobile telephone numbers Ffrees account number
Ffrees encrypted account password Ffrees points transactions

Huge risks

With this amount of information possibly compromised, there can be a big risk of harm and identity theft. Users are urged to be extremely vigilant as criminals with even a small amount of the information listed can target the data owner to phish for more information. People may need to be wary of anyone trying to contact them as a service provider using the above information to verify their identity.

Apparently the information that may have been exposed was held between 2012 and 2014. We assume this means the information was gathered between 2012 and 2014 but Ffrees offers no further explanation, and has yet to confirm when the breach actually happened.

ICO notified

The Information Commissioner’s Office has been notified of the incident and will be conducting their own investigation into the data breach. The ICO is the governing authority who monitor and enforce data protection compliance in the U.K. If they find Ffrees did not have adequate security measures in place, and therefore risked the safety of customers’ personal information, the ICO has the power to issue penalty fines of up to £400,000 along with other sanctions.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Author on June 19, 2017
Posted in the following categories: Latest and tagged with

Most UK businesses expect to be a data breach victim this year
DocuSign data breach puts users at risk