fbpx

Don’t miss out on Currys PC World/Dixons Travel data breach compensation

Currys PC World Carephone Warehouse store at a retail park UK
Facebook
Twitter
LinkedIn

Following a data breach in 2017/2018, in January 2020 the ICO fined DSG Retail Limited (Currys PC World/Dixons Travel) £500,000 for failing to protect confidential customer information. This fine was later reduced to £250,000. And, while the company initially estimated that 5.9 million people could be at risk, that figure is now closer to 10 million.

DSG Retail Limited was fined by the Information Commissioner’s Office (ICO) for:

  • systemic failures in the way DSG Retail Limited safeguarded personal data
  • failures relating to basic, commonplace security measures
  • a complete disregard for the customers whose personal information was stolen.
  • But this payment will not be used to compensate victims.

Moreover, this was not the first time that the company had failed to protect its customers. The Carphone Warehouse, which merged with Dixons, was previously fined £400,000 following another cyber-attack.

What happened in the Currys PC World/Dixons Travel data breach?

An attacker installed malicious software on 5,390 tills in branches of Currys PC World and Dixons Travel stores. The vulnerability went undetected for many months, and hackers were able to access a huge amount of personal data. Both payment card details and non-financial records were compromised.

In an email to customers affected by the data breach, DSG Retail Limited admitted that the scale of the non-payment leak reached around 10 million customers. Details stolen during the attack included names, addresses, phone numbers, dates of birth, and email addresses – all of which can be used by cybercriminals to commit further crimes.

Alex Baldock, chief executive of DSG Retail Limited, apologised for the breach and admitted that the company had “fallen short” of its duty to protect customers. And, a spokesperson for DSG Retail Limited said that: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and we have no confirmed instances of customers falling victim to fraud as a result.”

However, by downplaying the severity of the hack, it could be argued that DSG Retail Limited did not understand either the importance of keeping its customers’ personal data safe, or the sheer scale of damage and distress that can be caused by criminals gaining access to personally identifiable information (PII).

Distress matters in data breach cases

Being the victim of a crime can have a considerable effect on you. Both mentally and physically. Everyone reacts differently, but for some people, the consequences can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So, even if your financial details were not exposed or used, that doesn’t mean the breach should be treated any less seriously.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

Can you claim compensation for distress in the  data breach?

Three years later, can you still claim compensation for this breach?

Absolutely. If you have had an email from DSG Retail Limited informing you that your details were compromised in this attack, you could be entitled to several thousand pounds in compensation. So it’s important to act now.

Data breaches can have severe consequences for those affected, so, customers of DSG Retail Limited should now be looking to claim compensation. And, with a history of data negligence at the company, and a clear downplaying of this latest breach, something must be done to hold them to account.

Our firm has launched a group action against DSG Retail Limited. Group actions can be a powerful tool and can have a bigger impact than a single claim.

IF YOU HAVE BEEN AFFECTED BY THE DATA BREACH, WE CAN HELP YOU MAKE A NO-WIN, NO-FEE CLAIM FOR COMPENSATION.

Register to become part of our Currys PC World/Dixons Travel data breach group action. 

In February 2024, our firm changed its name to KP Law. 

Share this article: