We’ve been contacted for help and taken formal instructions forward following customers being notified of the recent Robert Dyas data breach.
We’ve agreed to act for victims affected by the incident on a No Win, No Fee basis. The incident appears to be similar to a number of the group actions we’re already involved with. This includes the British Airways data breach action, which is the first GDPR Group Litigation Order (GLO) in England and Wales; an action we’re on the Steering Committee for. If you’ve received notification that you’re affected by this incident, you can speak to our team now for free, no-obligation advice.
As a leading firm of consumer action and data breach compensation experts, we’re here to help you.
About the Robert Dyas data breach
According to information sent to customers notifying them about the unauthorised access, the company has confirmed the following:
“We became aware on 30th March 2020 that malicious software (malware) had been uploaded on to our ecommerce website by an external third party, which was immediately blocked by our IT Security Team. After detailed investigation it was discovered that the malware had been used to access some customer data on transactions made between 7th March and 30th March 2020.”
Information exposed in the Robert Dyas data breach can include:
- Credit and debit card details.
This suggests that the hackers were targeting this data to be used to commit acts of fraud and theft. As such, victims have been at an immediate risk of criminal activity and should contact their bank immediately for help and assistance. New cards may need to be issued and you should be vigilant for any suspicious activity on accounts or event suspicious contact you may receive.
What’s being done about the data breach?
The Robert Dyas data breach incident has been reported to the Information Commissioner’s Office (ICO). If a finding that they’ve breached the law is established, they could face a significant fine.
According to the breach notification email, Robert Dyas said:
“As soon as we became aware of the suspicious activity, our IT Security Team took immediate steps to close the vulnerability so that no further data could be accessed. We are confident the incident has been resolved and we continue to run regular security scans to keep our site safe for our customers.”
Although it’s early days, this states that there was a vulnerability in place that needed to be closed. As we often do in the aftermath of these kinds of cyberattacks, we ask: why wasn’t this vulnerability resolved before the attack took place? Was this an entirely avoidable incident?
What can victims do about the incident?
Victims of the Robert Dyas data breach could be entitled to make a claim for compensation on a No Win, No Fee basis with our expert team.
We’re confident that there’s a case to answer. Although we can’t be sure at this stage whether the vulnerability could have been resolved before the attack took place, we often find that this is usually the case. However, the fact that the information was exposed for a sustained period for over three weeks and wasn’t immediately identified is an additional factor.
Victims could be entitled to claim compensation for the distress caused by the loss of control of their personal information. If any money has been taken, or where fraud events have occurred, we can also include a claim for expenses and losses. When we negotiate data breach compensation pay-outs, we leave no stone unturned and use our vast wealth of experience to obtain the best outcome we can for our clients. This is the commitment we have always had for the thousands of people who are claiming right now with our leading team of lawyers and experts.
For free, no-obligation advice, please don’t hesitate to get in touch with our expert team today.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on April 29, 2020
Posted in the following categories: Claims GDPR Group Action ICO Security and tagged with compensation | cyber attack | cybersecurity | data breach | Group Action | ico | personal data