FatFace Data Breach – How To Claim Compensation
My Data Privacy Was Breached By FatFace, Could I Claim Compensation?
By Stephen Anderson. Last Updated 26th August 2021. FatFace, as a popular UK fashion retailer, also holds its customer’s personal data. Like many clothing retailers, FatFace could collect, store and process lots of personal information relating to employees, customers and potential customers, for example. Like all organisations that store and process personal data, they have a legal duty to protect it. But what happens if there is a FatFace data breach, and you suffer financial or emotional harm from it? Could you claim data breach compensation, and how would you go about doing so?
We have created this guide to explain what you may need to know about making a claim for breach of GDPR compliance by a clothing retailer.
This guide looks specifically at the FatFace hack, which was reported to have occurred in January 2021. We also look in more general terms at the laws surrounding data protection and how a breach could affect a person.
In addition, we look at the types of compensation victims of a data breach claim could receive. If you’re already convinced you have a claim and would like a data breach solicitor to help you, you can call us on 0800 073 8804.
If you’re not sure about your eligibility then calling our helpline could give you the answers you’re looking for too. You can also read our detailed guide.
Select A Section
- A Guide To Claims For FatFace Data Breaches
- What Is A Data Protection Breach Claim Against FatFace?
- How Does The GDPR Affect Retailers?
- How Were FatFace Customers And Staff Affected By The Data Breach?
- What Is The Role Of The Information Commissioner?
- What Types Of Compensation Could You Be Awarded?
- Calculating Compensation For A Clothing Retailer Data Breach
- How To Make A Clothing Retailer Data Breach Claim
- How Do I Find A Data Breach Lawyer?
- No Win No Fee Claims For A FatFace Data Breach
- Contact Us For A Free Eligibility Check
- Learn More About Data Protection Breaches
- Must Know Data Breach Statistics
- Retail Data Breach FAQs
Has your personal information been affected by a FatFace data breach? Whether you’re an employee or customer, or even a potential customer of this popular fashion retailer, they could hold and process some of your personal data. If they breach that data, it could have a number of unwelcome consequences.
Like other data controllers, FatFace has a legal obligation to protect personal data under the Data Protection Act 2018, which enshrines in UK law the General Data Protection Regulation (GDPR). If they fail to do so, and you suffer material (financial) or non-material (mental) harm, you could be eligible under these laws to claim compensation.
This guide takes you through some information relevant to those impacted by the FatFace data breach. In the sections below we explain how a data breach could happen and discuss the reported FatFace hack from early 2021. We also provide advice on what happens if your data is breached and answer common questions, including:
- What is an example of a data breach?
- Where do I report a data breach?
- What kind of compensation could I claim for a clothing retailer hack?
- How do I find a data breach lawyer to help me?
We hope the advice in this guide helps you. If you have any questions about starting a claim or would like us to provide you with a solicitor to help you, we’d be happy to talk to you.
Before we explain more about how you could claim compensation for a FatFace data breach, let us first explain what personal data is. Personal data, is, according to the Information Commissioner’s Office, information that:
- People could use on its own to identify you
- Could be combined with other information to identify you
Examples of personal data that FatFace could have on its customers could include:
- Customer name
- Bank account information
- Customer address
- E-mail address
- IP address
What Is A Data Breach?
A data breach is the unlawful/unauthorised loss, theft, alteration, transmission, disclosure, destruction or access of personal information. Data breaches could be the result of a malicious hack, or they could occur by accident.
Examples of the causes of data breaches could include:
- Phishing attacks
- Theft of computer equipment
- Negligence in maintaining security systems such as a firewall or cloud servers, for example
- DDoS attack
- A virus
If a FatFace data breach leads to sensitive customer information being accessed, such as confidential information regarding credit card details, this could cause financial harm to a victim of such a breach. But this is not the only way in which a data breach could affect you.
You may sustain psychological harm; as a data breach could cause you distress, anxiety and depression. Data protection law allows for you to claim compensation for a GDPR data breach that causes such harm.
GDPR, or the General Data Protection Regulation, is the strictest and most far-reaching data privacy and security law in the modern world. It requires organisations that control or process the data of EU citizens to comply with its 7 principles. These are enshrined into UK law in the form of the Data Protection Act 2018.
These principles are:
- Accuracy – data must be accurate and up-to-date
- Limitation of storage – data must be stored for only as long as necessary for its purpose
- Minimisation of data – data that is collected must be the minimum possible for the purpose.
- Limitation of purpose – data can only be used for the purpose specified
- Lawfulness, transparency and fairness
- Accountability – data controllers and processors must demonstrate compliance
- Integrity and confidentiality – data controllers and processors must not risk the integrity, confidentiality and security of data when they process it.
Section 168 of the Data Protection Act allows victims of data breaches to claim compensation for non-material or material damage. Non-material damage includes distress. We’ll look at what you can claim for in more detail below.
In early 2021, Tech Times reported a huge data breach at FatFace. According to the report, a ransomware attack caused unauthorised access to sensitive customer information. The information accessed was said to include customer names, partial credit card information and addresses.
According to the report, FatFace e-mailed customers to update them on the FatFace hack but asked them to keep the information confidential.
It was further reported that FatFace paid $2 million to the hackers to decrypt their system and delete the stolen data.
How Clothing Retailer Data Breaches Could Happen
This is just one example of how a clothing retailer data breach could occur. Other examples of incidents that could breach customer information could include:
- A member of staff sending confidential information to someone in error
- The loss of computer equipment, such as USB drives or laptops
- Failure to update encryption software that protects personal data
- A cyber attack, such as a hacking, a virus, phishing attacks or malware
Whether you’ve been a victim of the FatFace hack, or another type of FatFace data breach, we could assess your case for free and advise you on your rights. Get in touch to learn more.
The Information Commissioner is the party responsible for enforcing data protection law in the UK. You can raise a complaint with the ICO and ask them to investigate a suspected FatFace data breach, but the ICO asks that you attempt to resolve the issue with the organisation responsible first.
Their guidance is to:
- Raise your concerns without delay so the organisation can look into them thoroughly
- Send it to the correct place – to find out where to report a FatFace data breach, you could look at their website or call them to get the right address.
- Give them specifics – if you know how the breach occurred, you should include this information.
- Request timescales for responses.
If you are not happy with the organisation’s response, you could contact the ICO directly to ask them to investigate. Whether or not you inform the ICO of the breach, if 3 months pass with no meaningful contact from the organisation, you could seek legal advice in order to claim compensation.
As we mentioned, Section 168 of the Data Protection Act 2018 allows victims of contraventions of GDPR to claim compensation. There are different types of damages you could claim for a FatFace data breach, depending on how it has affected you.
Material Damage – If a hacker has managed to exploit your sensitive financial information obtained during a data breach, they may have stolen money from you. Or, they may have made purchases using your details. It could also impact your credit rating. This could be classed as material damage.
Non-Material Damage – Some victims of data breaches suffer damage that has no definitive price tag. These could relate to distress and depression. In Vidal-Hall and others v Google Inc  – Court of Appeal, the subject of compensating victims of data breaches for psychological harm was discussed. The Court decided that compensation could be sought for mental harm even in the absence of financial harm. Before this decision, financial damage was required in order to claim compensation for mental damage.
Lawyers and courts assess all the evidence surrounding the facts and circumstances of a case before coming to an appropriate compensation payout for claims.
Evidencing financial damages could involve assessing documents such as bank statements, for example. It would therefore be wise to keep any documentary evidence of financial expenses safe, so you can submit it when necessary as part of your claim.
The evidence of your non-material damages would usually involve a medical report. You’d need to undergo an independent medical assessment with an expert so they could assess how the data breach has affected your mental health. They could ask you questions about the breach, and write a report detailing their opinion of your injuries and prognosis. Crucially, this report should prove that your condition was caused by the data breach.
Calculating Non-Material Damages
If you’re wondering how to get an idea of how much compensation a FatFace data breach claim could bring, you might find the below table useful. We have taken some figures from the Judicial College Guidelines to give you some insight into guideline compensation amounts for psychological injuries.
The Judicial College Guidelines is a publication that solicitors and courts could use to hone in on appropriate values for specific injuries. While these are only approximations, they could give you some idea of the level of compensation that could be appropriate for you.
|Injury type||Level of severity||Compensation Bracket (Approximate)|
|General psychological injury||Severe||£51,460 to £108,620|
|Post-traumatic stress conditions/PTSD||Severe||£56,180 to £94,470|
|Post-traumatic stress conditions/PTSD||Moderately severe||£21,730 to £56,180|
|General psychological injury||Moderately severe||£17,900 to £51,460|
|Post-traumatic stress conditions/PTSD||Moderate||£7,680 to £21,730|
|General psychological injury||Moderate||£5,500 to £17,900|
|Post-traumatic stress conditions/PTSD||Less severe||Up to £7,680|
|General psychological injury||Less severe||Up to £5,500|
For a more specific estimate relevant to your case, please get in touch with our team of advisers.
To make a clothing retailer data breach claim, you could first write to the organisation concerned and tell them how the data breach has affected you. You could mention how you think the breach occurred and what damage you’ve suffered because of it.
For example, if you’ve been affected by the FatFace hack, you could explain any stress and anxiety this has caused you, and ask for compensation. If the organisation declines your request or does not respond to your satisfaction, you could contact the Information Commissioner’s Office (ICO) to report the FatFace data breach to them.
The ICO advise you to report any breaches to them when around 3 months have passed after getting nowhere with the defendant. If you leave it too long to contact them, they may choose not to investigate your claim.
Whether you choose to report the data breach to the ICO or not, if three months have gone by since any meaningful contact with the company, and they have not responded to your satisfaction, you could take things further.
You could find a data breach lawyer to help you make a compensation claim for the harm you’ve suffered because of a breach of data protection.
Finding a data breach lawyer to help you with a FatFace data breach claim is easy when you call Legal Expert. Our friendly advisors will talk to you about your case and ask you a few questions.
Based on your answers, we could check your eligibility to make a claim for compensation for a data breach under the GDPR. If we believe you could be eligible for compensation, we could provide you with a lawyer to help you get the compensation you deserve.
Why Choose Us?
We recognise that you could choose from many legal firms across the UK to help you with your data breach claim. However, we believe we could be a great choice to help you claim GDPR data breach compensation.
Here at Legal Expert, we help claimants get compensation for a wide range of incidents, from data breach claims to personal injury claims. We have plenty of great reviews that attest to our attention to detail, great customer service, and ability to get the compensation our clients deserve. We’d be very happy to help with your claim too.
Would you be interested in using a data breach lawyer for your claim but aren’t sure about how to pay them? If so, you might want to consider working with a No Win No Fee data breach solicitor. They would not require any payment of legal fees until your claim ended and compensation came through.
How Does The No Win No Fee Claims Process Work?
Usually, the process follows the below steps:
- Your data breach lawyer sends you a No Win No Fee Agreement which contains details of the success fee you’d pay from your total compensation payout. This is a small percentage of your total settlement. It is only payable in cases where your lawyer achieves compensation for you. The fee has a legal cap.
- You sign and return the agreement and the data breach solicitor begins to put together the paperwork for your claim. They would usually attempt to negotiate a settlement for you without going to court. If the liable party refuses or disputes your claim, your lawyer could file legal paperwork with the courts. A great number of claims settle outside of the court. However, if it becomes necessary, your lawyer would help you fight through the courts for compensation.
- Your compensation payout comes through. Your lawyer deducts their fee, and you benefit from the balance.
If your solicitor doesn’t achieve a payout for you, you don’t pay the success fee. You don’t have to cover your solicitor’s costs either.
To read our handy No Win No Fee claims guide, simply click here. Or, if you’d like to ask us anything about the process, we’d be happy to talk to you.
Would you like us to check your eligibility to claim for a FatFace data breach? Or do you already have evidence and want to take action? Either way, we’d be glad to speak to you. You can get in contact with the Legal Expert team in a number of ways, including:
- By telephone: 0800 073 8804
- Using our Live Chat service
- By e-mail email@example.com
- Filling out our contact form
Getting Help With Data Loss Claims – If you’re interested in making a claim for a data loss that has affected you, this guide could be useful.
Compensation For A GDPR Data Breach Causing Stress – Learn more about making a claim for GDPR data breach compensation for stress and distress.
Breach Of Data Protection By An Employer – If you have suffered harm because of an employer’s data breach, you can find out more about making a claim against them here.
Cyber Security Protection Steps –The National Cyber Security Centre (NCSC) provides guidance for organisations on how to protect the security of their computerised data.
ICO Guide For Data Protection – This guide is aimed at organisations that process data. It explains more about data protection law and how companies can ensure their compliance.
Using IPsec For Data Protection – The NCSC also provides guidance on using IPsec to protect data by establishing a VPN (a virtual private network).
According to the Cyber Security Breaches Survey 2020, cyber attacks have become more frequent as they have evolved. You can find the following statistics in the survey:
- 46% of businesses have had a cybersecurity breach or a cyber attack in the 12 months ending early 2020
- 26% of charities have suffered breaches or attacks
- Large businesses have the highest prevalence of attacks (75%), followed by medium businesses (68%) and large charities (57%)
- Among those businesses that have suffered attacks, 19% have suffered a loss of data or money
Data breach statistics 2021
The more recent Cyber Security Breaches Survey from 2021 provides insight into how UK businesses have been affected by cyber attacks and data breaches between March 2020 and March 2021. 1,419 UK businesses were surveyed during this time period. Findings from the 2021 survey included the following:
- 654 of the businesses surveyed experienced a data breach or cyber attack at least once during the surveyed period.
- By far the most commonly reported type of cyber attack was phishing attempts. 83% of the businesses which were subjected to cyber attacks reported being subjected to this particular method.
- 27% of the businesses which reported experiencing cyber attacks experienced a method which involves individuals impersonating an organisation through emails or other methods in order to get access to sensitive data.
- 9% of the businesses which experienced cyber attacks were affected by malware, spyware or viruses.
- 27% of the businesses which reported experiencing cyber attacks said they experienced them at least once a week.
- 66% of the surveyed businesses said they had a formalised incident response process in place for when a cyber security incident occurred.
- Among the large businesses surveyed, only 45% confirmed they had communications and public engagement plans set up for when cyber security incidents occur.
How Many Data Breaches Happened In 2019?
According to IT Governance, 61% of UK organisations reported data breaches in 2019. This represents an increase of 16% from the preceding 12 months.
According to the 2019 SonicWall Report, there were a staggering 10.52 billion malware attacks in the preceding 12 months too.
How Many Data Breaches Are There In 2020?
IT Governance reported in December 2020 that there were 103 cybersecurity incidents in November 2020, which led to leaks of 586,771,602 records. According to the report, the majority of these came from a data leak at GO SMS Pro and a stuffing attack against Spotify.
How Common Are Data Breaches?
According to a global survey by IBM and the Ponemon Institute in 2020, the probability that an organisation will have a data breach rose to 27.7% compared to the previous year’s figure of 25.6%.
Thank you for reading our guide to the FatFace data breach.