FatFace Data Breach – How To Claim Compensation
By Cat Soong. Last Updated 6th June 2022. FatFace, as a popular UK fashion retailer, also holds its customer’s personal data. Like many clothing retailers, FatFace could collect, store and process lots of personal information relating to employees, customers and potential customers, for example.
Like all organisations that store and process personal data, they have a legal duty to protect it. But what happens if there is a FatFace data breach, and you suffer financial or emotional harm from it? Could you claim data breach compensation, and how would you go about doing so?
My Data Privacy Was Breached By FatFace, Could I Claim Compensation?
We have created this guide to explain what you may need to know about making a claim for breach of GDPR compliance by a clothing retailer.
This guide looks specifically at the FatFace hack, which was reported to have occurred in January 2021. We also look in more general terms at the laws surrounding data protection and how a breach could affect a person.
In addition, we look at the types of compensation victims of a data breach claim could receive. If you’re already convinced you have a claim and would like a data breach solicitor to help you, you can call us on 0800 073 8804.
If you’re not sure about your eligibility then calling our helpline could give you the answers you’re looking for too. You can also read our detailed guide.
Select A Section
- A Guide To Claims For FatFace Data Breaches
- What Is A Data Protection Breach Claim Against FatFace?
- How Does The GDPR Affect Retailers?
- How Were FatFace Customers And Staff Affected By The Data Breach?
- What Is The Role Of The Information Commissioner?
- Possible Compensation Payouts After A Fatface Data Breach
- Calculating Compensation For A Clothing Retailer Data Breach
- How To Make A Clothing Retailer Data Breach Claim
- How Do I Find A Data Breach Lawyer?
- No Win No Fee Claims For A FatFace Data Breach
- Contact Us For A Free Eligibility Check
- Learn More About Data Protection Breaches
- Must Know Data Breach Statistics
Has your personal information been affected by a FatFace data breach? Whether you’re an employee or customer, or even a potential customer of this popular fashion retailer, they could hold and process some of your personal data. If they breach that data, it could have a number of unwelcome consequences.
Like other data controllers, FatFace has a legal obligation to protect personal data under the Data Protection Act 2018, which enshrines in UK law the General Data Protection Regulation (GDPR). If they fail to do so, and you suffer material (financial) or non-material (mental) harm, you could be eligible under these laws to claim compensation.
This guide takes you through some information relevant to those impacted by the FatFace data breach. In the sections below we explain how a data breach could happen and discuss the reported FatFace hack from early 2021. We also provide advice on what happens if your data is breached and answer common questions, including:
- What is an example of a data breach?
- Where do I report a data breach?
- What kind of compensation could I claim for a clothing retailer hack?
- How do I find a data breach lawyer to help me?
We hope the advice in this guide helps you. If you have any questions about starting a claim or would like us to provide you with a solicitor to help you, we’d be happy to talk to you.
Before we explain more about how you could claim compensation for a FatFace data breach, let us first explain what personal data is. Personal data, is, according to the Information Commissioner’s Office, information that:
- People could use on its own to identify you
- Could be combined with other information to identify you
Examples of personal data that FatFace could have on its customers could include:
- Customer name
- Bank account information
- Customer address
- E-mail address
- IP address
What Is A Data Breach?
A data breach is the unlawful/unauthorised loss, theft, alteration, transmission, disclosure, destruction or access of personal information. Data breaches could be the result of a malicious hack, or they could occur by accident.
Examples of the causes of data breaches could include:
- Phishing attacks
- Theft of computer equipment
- Negligence in maintaining security systems such as a firewall or cloud servers, for example
- DDoS attack
- A virus
If a FatFace data breach leads to sensitive customer information being accessed, such as confidential information regarding credit card details, this could cause financial harm to a victim of such a breach. But this is not the only way in which a data breach could affect you.
You may sustain psychological harm; as a data breach could cause you distress, anxiety and depression. Data protection law allows for you to claim compensation for a GDPR data breach that causes such harm.
GDPR, or the General Data Protection Regulation, is the strictest and most far-reaching data privacy and security law in the modern world. It requires organisations that control or process the data of EU citizens to comply with its 7 principles. These are enshrined into UK law in the form of the Data Protection Act 2018.
These principles are:
- Accuracy – data must be accurate and up-to-date
- Limitation of storage – data must be stored for only as long as necessary for its purpose
- Minimisation of data – data that is collected must be the minimum possible for the purpose.
- Limitation of purpose – data can only be used for the purpose specified
- Lawfulness, transparency and fairness
- Accountability – data controllers and processors must demonstrate compliance
- Integrity and confidentiality – data controllers and processors must not risk the integrity, confidentiality and security of data when they process it.
Section 168 of the Data Protection Act allows victims of data breaches to claim compensation for non-material or material damage. Non-material damage includes distress. We’ll look at what you can claim for in more detail below.
In early 2021, Tech Times reported a huge data breach at FatFace. According to the report, a ransomware attack caused unauthorised access to sensitive customer information. The information accessed was said to include customer names, partial credit card information and addresses.
According to the report, FatFace e-mailed customers to update them on the FatFace hack but asked them to keep the information confidential.
It was further reported that FatFace paid $2 million to the hackers to decrypt their system and delete the stolen data.
How Clothing Retailer Data Breaches Could Happen
This is just one example of how a clothing retailer data breach could occur. Other examples of incidents that could breach customer information could include:
- A member of staff sending confidential information to someone in error
- The loss of computer equipment, such as USB drives or laptops
- Failure to update encryption software that protects personal data
- A cyber attack, such as a hacking, a virus, phishing attacks or malware
Whether you’ve been a victim of the FatFace hack, or another type of FatFace data breach, we could assess your case for free and advise you on your rights. Get in touch to learn more.
The Information Commissioner is the party responsible for enforcing data protection law in the UK. You can raise a complaint with the ICO and ask them to investigate a suspected FatFace data breach, but the ICO asks that you attempt to resolve the issue with the organisation responsible first.
Their guidance is to:
- Raise your concerns without delay so the organisation can look into them thoroughly
- Send it to the correct place – to find out where to report a FatFace data breach, you could look at their website or call them to get the right address.
- Give them specifics – if you know how the breach occurred, you should include this information.
- Request timescales for responses.
If you are not happy with the organisation’s response, you could contact the ICO directly to ask them to investigate. Whether or not you inform the ICO of the breach, if 3 months pass with no meaningful contact from the organisation, you could seek legal advice in order to claim compensation.
A personal data breach could occur following a potential Fatface security breach. Should a data breach at Fatface occur, you may be able to claim compensation if you can prove that the breach caused you psychological or financial harm.
There are two types of compensation you can claim under:
- Material damages: Material damages provide compensation for any financial harm you have suffered as a result of the breach. For example, if a hypothetical Fatface hack were to occur and your credit card details were stolen as a result, this could lead to identity theft, a damaged credit score, and misplaced debt. In this case, you could claim compensation back under material damages.
- Non-material damages: Following the Court of Appeals ruling of Vidal-Hall vs Google Inc. , you can now claim for psychological damages without having suffered any pecuniary damages. This means that if you suffer stress and anxiety as a result of your details being exposed, you can still make a claim even if you experience no financial harm. For example, if your address is leaked in a personal data breach, this could cause considerable stress and anxiety.
If you have evidence that a Fatface data breach caused you harm, you could contact our advisors to find out what steps to take next. They can offer free legal advice, and a free estimate of the value of your claim.
Lawyers and courts assess all the evidence surrounding the facts and circumstances of a case before coming to an appropriate compensation payout for claims.
Evidencing financial damages could involve assessing documents such as bank statements, for example. It would therefore be wise to keep any documentary evidence of financial expenses safe, so you can submit it when necessary as part of your claim.
The evidence of your non-material damages would usually involve a medical report. You’d need to undergo an independent medical assessment with an expert so they could assess how the data breach has affected your mental health. They could ask you questions about the breach, and write a report detailing their opinion of your injuries and prognosis. Crucially, this report should prove that your condition was caused by the data breach.
Calculating Non-Material Damage
If you’re wondering how to get an idea of how much compensation a FatFace data breach claim could bring, you might find the below table useful. We have taken some figures from the Judicial College Guidelines to give you some insight into guideline compensation amounts for psychological injuries.
The Judicial College Guidelines is a publication that solicitors and courts could use to hone in on appropriate values for specific injuries. While these are only approximations, they could give you some idea of the level of compensation that could be appropriate for you.
|Injury type||Level of severity||Compensation Bracket (Approximate)|
|General psychological injury||Severe||£54,830 to £115,730|
|Post-traumatic stress conditions/PTSD||Severe||£54,830 to £115,730|
|Post-traumatic stress conditions/PTSD||Moderately severe||£19,070 to £54,830|
|General psychological injury||Moderately severe||£19,070 to £54,830|
|Post-traumatic stress conditions/PTSD||Moderate||£5,860 to £19,070|
|General psychological injury||Moderate||£5,860 to £19,070|
|Post-traumatic stress conditions/PTSD||Less severe||£1,540 to £5,860|
|General psychological injury||Less severe||£1,540 to £5,860|
For a more specific estimate relevant to your case, please get in touch with our team of advisers.
To make a clothing retailer data breach claim, you could first write to the organisation concerned and tell them how the data breach has affected you. You could mention how you think the breach occurred and what damage you’ve suffered because of it.
For example, if you’ve been affected by the FatFace hack, you could explain any stress and anxiety this has caused you, and ask for compensation. If the organisation declines your request or does not respond to your satisfaction, you could contact the Information Commissioner’s Office (ICO) to report the FatFace data breach to them.
The ICO advise you to report any breaches to them when around 3 months have passed after getting nowhere with the defendant. If you leave it too long to contact them, they may choose not to investigate your claim.
Whether you choose to report the data breach to the ICO or not, if three months have gone by since any meaningful contact with the company, and they have not responded to your satisfaction, you could take things further.
You could find a data breach lawyer to help you make a compensation claim for the harm you’ve suffered because of a breach of data protection.
Finding a data breach lawyer to help you with a FatFace data breach claim is easy when you call Legal Expert. Our friendly advisors will talk to you about your case and ask you a few questions.
Based on your answers, we could check your eligibility to make a claim for compensation for a data breach under the GDPR. If we believe you could be eligible for compensation, we could provide you with a lawyer to help you get the compensation you deserve.
Why Choose Us?
We recognise that you could choose from many legal firms across the UK to help you with your data breach claim. However, we believe we could be a great choice to help you claim GDPR data breach compensation.
Here at Legal Expert, we help claimants get compensation for a wide range of incidents, from data breach claims to personal injury claims. We have plenty of great reviews that attest to our attention to detail, great customer service, and ability to get the compensation our clients deserve. We’d be very happy to help with your claim too.
Would you be interested in using a data breach lawyer for your claim but aren’t sure about how to pay them? If so, you might want to consider working with a No Win No Fee data breach solicitor. They would not require any payment of legal fees until your claim ended and compensation came through.
How Does The No Win No Fee Claims Process Work?
Usually, the process follows the below steps:
- Your data breach lawyer sends you a No Win No Fee Agreement which contains details of the success fee you’d pay from your total compensation payout. This is a small percentage of your total settlement. It is only payable in cases where your lawyer achieves compensation for you. The fee has a legal cap.
- You sign and return the agreement and the data breach solicitor begins to put together the paperwork for your claim. They would usually attempt to negotiate a settlement for you without going to court. If the liable party refuses or disputes your claim, your lawyer could file legal paperwork with the courts. A great number of claims settle outside of the court. However, if it becomes necessary, your lawyer would help you fight through the courts for compensation.
- Your compensation payout comes through. Your lawyer deducts their fee, and you benefit from the balance.
If your solicitor doesn’t achieve a payout for you, you don’t pay the success fee. You don’t have to cover your solicitor’s costs either.
To read our handy No Win No Fee claims guide, simply click here. Or, if you’d like to ask us anything about the process, we’d be happy to talk to you.
Would you like us to check your eligibility to claim for a FatFace data breach? Or do you already have evidence and want to take action? Either way, we’d be glad to speak to you. You can get in contact with the Legal Expert team in a number of ways, including:
- By telephone: 0800 073 8804
- Using our Live Chat service
- By e-mail firstname.lastname@example.org
- Filling out our contact form
Getting Help With Data Loss Claims – If you’re interested in making a claim for a data loss that has affected you, this guide could be useful.
Compensation For A GDPR Data Breach Causing Stress – Learn more about making a claim for GDPR data breach compensation for stress and distress.
Breach Of Data Protection By An Employer – If you have suffered harm because of an employer’s data breach, you can find out more about making a claim against them here.
Cyber Security Protection Steps –The National Cyber Security Centre (NCSC) provides guidance for organisations on how to protect the security of their computerised data.
ICO Guide For Data Protection – This guide is aimed at organisations that process data. It explains more about data protection law and how companies can ensure their compliance.
Using IPsec For Data Protection – The NCSC also provides guidance on using IPsec to protect data by establishing a VPN (a virtual private network).
According to the Cyber Security Breaches Survey 2020, cyber attacks have become more frequent as they have evolved. You can find the following statistics in the survey:
- 46% of businesses have had a cybersecurity breach or a cyber attack in the 12 months ending early 2020
- 26% of charities have suffered breaches or attacks
- Large businesses have the highest prevalence of attacks (75%), followed by medium businesses (68%) and large charities (57%)
- Among those businesses that have suffered attacks, 19% have suffered a loss of data or money
Data breach statistics 2021
The more recent Cyber Security Breaches Survey from 2021 provides insight into how UK businesses have been affected by cyber attacks and data breaches between March 2020 and March 2021. 1,419 UK businesses were surveyed during this time period. Findings from the 2021 survey included the following:
- 654 of the businesses surveyed experienced a data breach or cyber attack at least once during the surveyed period.
- By far the most commonly reported type of cyber attack was phishing attempts. 83% of the businesses which were subjected to cyber attacks reported being subjected to this particular method.
- 27% of the businesses which reported experiencing cyber attacks experienced a method which involves individuals impersonating an organisation through emails or other methods in order to get access to sensitive data.
- 9% of the businesses which experienced cyber attacks were affected by malware, spyware or viruses.
- 27% of the businesses which reported experiencing cyber attacks said they experienced them at least once a week.
- 66% of the surveyed businesses said they had a formalised incident response process in place for when a cyber security incident occurred.
- Among the large businesses surveyed, only 45% confirmed they had communications and public engagement plans set up for when cyber security incidents occur.
More Useful Resources
- Rochdale Council Data Breach
- Bracknell Council Data Breach
- Derbyshire County Council Data Breach
- Derbyshire Dales District Council Data Breach
- Durham County Council Data Breach
- Durham University Data Breach
- Easyleads Limited Data Breach
- Edinburgh Napier University Data Breach
- EE Data Breach Compensation Claims
- Falmouth University Data Breach
- Employer Personal Data Breach Compensation Claims
- Flagship Group Data Breach Compensation Claims
- Glasgow Caledonian University Data Breach
- Go Compare Data Breach Compensation Claims
- Gordons Chemist Pharmacy Data Breach
- Greater London Authority Data Breach
- Greater Manchester Combined Authority Data Breach
- Halton Borough Council Data Breach
- Harlow District Council Data Breach
- Harper Adams University Data Breach
- Medical Data Breach Compensation Claims
- GP Data Breach Compensation Claims
- I Suffered Stress Due To A Data Breach, Can I Claim?
- My Personal Data Has Been Lost, What Are My Rights?
Thank you for reading our guide to the FatFace data breach.