Following a data breach in 2017/2018, in January 2020 the ICO fined Dixons Carphone £500,000 for failing to protect confidential customer information. And, while the company initially estimated that 5.9 million people could be at risk, that figure is now closer to 10 million.
Dixons Carphone Warehouse was fined £500,000 by the Information Commissioner’s Office (ICO) for:
- systemic failures in the way DSG Retail Limited safeguarded personal data
- failures relating to basic, commonplace security measures
- a complete disregard for the customers whose personal information was stolen.
- But this payment will not be used to compensate victims.
Moreover, this was not the first time that the company had failed to protect its customers. The Carphone Warehouse, which merged with Dixons, was previously fined £400,000 following another cyber-attack.
What happened in the Dixons Carphone data breach?
An attacker installed malicious software on 5,390 tills in branches of Currys PC World and Dixons Travel stores. The vulnerability went undetected for many months, and hackers were able to access a huge amount of personal data. Both payment card details and non-financial records were compromised.
In an email to customers affected by the data breach, Dixons Carphone admitted that the scale of the non-payment leak reached around 10 million customers. Details stolen during the attack included names, addresses, phone numbers, dates of birth, and email addresses – all of which can be used by cybercriminals to commit further crimes.
Alex Baldock, chief executive of Dixons Carphone, apologised for the breach and admitted that the company had “fallen short” of its duty to protect customers. And, a spokesperson for Dixons Carphone said that: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result.”
However, by downplaying the severity of the hack, it could be argued that Dixons Carphone did not understand either the importance of keeping its customers’ personal data safe, or the sheer scale of damage and distress that can be caused by criminals gaining access to personally identifiable information (PII).
Distress matters in data breach cases
Being the victim of a crime can have a considerable effect on you. Both mentally and physically. Everyone reacts differently, but for some people, the consequences can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So, even if your financial details were not exposed or used, that doesn’t mean the breach should be treated any less seriously.
If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.
Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.
Can you claim compensation for distress in the Dixons Carphone data breach?
Three years later, can you still claim compensation for this breach?
Absolutely. If you have had an email from Dixon’s Carphone informing you that your details were compromised in this attack, you could be entitled to several thousand pounds in compensation. So it’s important to act now.
Data breaches can have severe consequences for those affected, so, customers of Dixons Carphone should now be looking to claim compensation. And, with a history of data negligence at the company, and a clear downplaying of this latest breach, something must be done to hold them to account.
Keller Lenkner UK has launched a group action against Dixons. Group actions can be a powerful tool and can have a bigger impact than a single claim.
IF YOU HAVE BEEN AFFECTED BY THE DIXONS CARPHONE WAREHOUSE DATA BREACH, WE CAN HELP YOU MAKE A NO-WIN, NO-FEE CLAIM FOR COMPENSATION.