FatFace Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

FatFace Data Breach – How To Claim Compensation

By Cat Soong. Last Updated 6th June 2022. FatFace, as a popular UK fashion retailer, also holds its customer’s personal data. Like many clothing retailers, FatFace could collect, store and process lots of personal information relating to employees, customers and potential customers, for example.

Like all organisations that store and process personal data, they have a legal duty to protect it. But what happens if there is a FatFace data breach, and you suffer financial or emotional harm from it? Could you claim data breach compensation, and how would you go about doing so?

My Data Privacy Was Breached By FatFace, Could I Claim Compensation?

FatFace data breach claims guide

We have created this guide to explain what you may need to know about making a claim for breach of GDPR compliance by a clothing retailer.

This guide looks specifically at the FatFace hack, which was reported to have occurred in January 2021. We also look in more general terms at the laws surrounding data protection and how a breach could affect a person.

In addition, we look at the types of compensation victims of a data breach claim could receive. If you’re already convinced you have a claim and would like a data breach solicitor to help you, you can call us on 0800 073 8804.

If you’re not sure about your eligibility then calling our helpline could give you the answers you’re looking for too. You can also read our detailed guide.

Select A Section

A Guide To Claims For FatFace Data Breaches

Has your personal information been affected by a FatFace data breach? Whether you’re an employee or customer, or even a potential customer of this popular fashion retailer, they could hold and process some of your personal data. If they breach that data, it could have a number of unwelcome consequences.

Like other data controllers, FatFace has a legal obligation to protect personal data under the Data Protection Act 2018, which enshrines in UK law the General Data Protection Regulation (GDPR). If they fail to do so, and you suffer material (financial) or non-material (mental) harm, you could be eligible under these laws to claim compensation.

This guide takes you through some information relevant to those impacted by the FatFace data breach. In the sections below we explain how a data breach could happen and discuss the reported FatFace hack from early 2021. We also provide advice on what happens if your data is breached and answer common questions, including:

  • What is an example of a data breach?
  • Where do I report a data breach?
  • What kind of compensation could I claim for a clothing retailer hack?
  • How do I find a data breach lawyer to help me?

We hope the advice in this guide helps you. If you have any questions about starting a claim or would like us to provide you with a solicitor to help you, we’d be happy to talk to you.

What Is A Data Protection Breach Claim Against FatFace?

Before we explain more about how you could claim compensation for a FatFace data breach, let us first explain what personal data is. Personal data, is, according to the Information Commissioner’s Office, information that:

  • People could use on its own to identify you
  • Could be combined with other information to identify you

Examples of personal data that FatFace could have on its customers could include:

What Is A Data Breach?

A data breach is the unlawful/unauthorised loss, theft, alteration, transmission, disclosure, destruction or access of personal information. Data breaches could be the result of a malicious hack, or they could occur by accident.

Examples of the causes of data breaches could include:

  • Phishing attacks
  • Ransomware
  • Theft of computer equipment
  • Malware
  • Spyware
  • Negligence in maintaining security systems such as a firewall or cloud servers, for example
  • DDoS attack
  • A virus

If a FatFace data breach leads to sensitive customer information being accessed, such as confidential information regarding credit card details, this could cause financial harm to a victim of such a breach. But this is not the only way in which a data breach could affect you.

You may sustain psychological harm; as a data breach could cause you distress, anxiety and depression. Data protection law allows for you to claim compensation for a GDPR data breach that causes such harm.

How Does The GDPR Affect Retailers?

GDPR, or the General Data Protection Regulation, is the strictest and most far-reaching data privacy and security law in the modern world. It requires organisations that control or process the data of EU citizens to comply with its 7 principles. These are enshrined into UK law in the form of the Data Protection Act 2018.

These principles are:

  • Accuracy – data must be accurate and up-to-date
  • Limitation of storage – data must be stored for only as long as necessary for its purpose
  • Minimisation of data – data that is collected must be the minimum possible for the purpose.
  • Limitation of purpose – data can only be used for the purpose specified
  • Lawfulness, transparency and fairness
  • Accountability – data controllers and processors must demonstrate compliance
  • Integrity and confidentiality – data controllers and processors must not risk the integrity, confidentiality and security of data when they process it.

Section 168 of the Data Protection Act allows victims of data breaches to claim compensation for non-material or material damage. Non-material damage includes distress. We’ll look at what you can claim for in more detail below.

How Were FatFace Customers And Staff Affected By The Data Breach?

In early 2021, Tech Times reported a huge data breach at FatFace. According to the report, a ransomware attack caused unauthorised access to sensitive customer information. The information accessed was said to include customer names, partial credit card information and addresses.

According to the report, FatFace e-mailed customers to update them on the FatFace hack but asked them to keep the information confidential.

It was further reported that FatFace paid $2 million to the hackers to decrypt their system and delete the stolen data.


  • https://www.techtimes.com/articles/258384/20210324/uk-fatface-massive-breach-hack-discreet-email-customers.htm
  • https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/

How Clothing Retailer Data Breaches Could Happen

This is just one example of how a clothing retailer data breach could occur. Other examples of incidents that could breach customer information could include:

  • A member of staff sending confidential information to someone in error
  • The loss of computer equipment, such as USB drives or laptops
  • Failure to update encryption software that protects personal data
  • A cyber attack, such as a hacking, a virus, phishing attacks or malware

Whether you’ve been a victim of the FatFace hack, or another type of FatFace data breach, we could assess your case for free and advise you on your rights. Get in touch to learn more.

What Is The Role Of The Information Commissioner?

The Information Commissioner is the party responsible for enforcing data protection law in the UK. You can raise a complaint with the ICO and ask them to investigate a suspected FatFace data breach, but the ICO asks that you attempt to resolve the issue with the organisation responsible first.

Their guidance is to:

  • Raise your concerns without delay so the organisation can look into them thoroughly
  • Send it to the correct place – to find out where to report a FatFace data breach, you could look at their website or call them to get the right address.
  • Give them specifics – if you know how the breach occurred, you should include this information.
  • Request timescales for responses.

If you are not happy with the organisation’s response, you could contact the ICO directly to ask them to investigate. Whether or not you inform the ICO of the breach, if 3 months pass with no meaningful contact from the organisation, you could seek legal advice in order to claim compensation.

Possible Compensation Payouts After A Fatface Data Breach

A personal data breach could occur following a potential Fatface security breach. Should a data breach at Fatface occur, you may be able to claim compensation if you can prove that the breach caused you psychological or financial harm.

There are two types of compensation you can claim under:

  • Material damages: Material damages provide compensation for any financial harm you have suffered as a result of the breach. For example, if a hypothetical Fatface hack were to occur and your credit card details were stolen as a result, this could lead to identity theft, a damaged credit score, and misplaced debt. In this case, you could claim compensation back under material damages.
  • Non-material damages: Following the Court of Appeals ruling of Vidal-Hall vs Google Inc. [2015], you can now claim for psychological damages without having suffered any pecuniary damages. This means that if you suffer stress and anxiety as a result of your details being exposed, you can still make a claim even if you experience no financial harm. For example, if your address is leaked in a personal data breach, this could cause considerable stress and anxiety.

If you have evidence that a Fatface data breach caused you harm, you could contact our advisors to find out what steps to take next. They can offer free legal advice, and a free estimate of the value of your claim.

Calculating Compensation For A Clothing Retailer Data Breach

Lawyers and courts assess all the evidence surrounding the facts and circumstances of a case before coming to an appropriate compensation payout for claims.

Evidencing financial damages could involve assessing documents such as bank statements, for example. It would therefore be wise to keep any documentary evidence of financial expenses safe, so you can submit it when necessary as part of your claim.

The evidence of your non-material damages would usually involve a medical report. You’d need to undergo an independent medical assessment with an expert so they could assess how the data breach has affected your mental health. They could ask you questions about the breach, and write a report detailing their opinion of your injuries and prognosis. Crucially, this report should prove that your condition was caused by the data breach.

Calculating Non-Material Damage

If you’re wondering how to get an idea of how much compensation a FatFace data breach claim could bring, you might find the below table useful. We have taken some figures from the Judicial College Guidelines to give you some insight into guideline compensation amounts for psychological injuries.

The Judicial College Guidelines is a publication that solicitors and courts could use to hone in on appropriate values for specific injuries. While these are only approximations, they could give you some idea of the level of compensation that could be appropriate for you.

Injury typeLevel of severityCompensation Bracket (Approximate)
General psychological injurySevere£54,830 to £115,730
Post-traumatic stress conditions/PTSDSevere£54,830 to £115,730
Post-traumatic stress conditions/PTSDModerately severe£19,070 to £54,830
General psychological injuryModerately severe£19,070 to £54,830
Post-traumatic stress conditions/PTSDModerate£5,860 to £19,070
General psychological injuryModerate£5,860 to £19,070
Post-traumatic stress conditions/PTSDLess severe£1,540 to £5,860
General psychological injuryLess severe£1,540 to £5,860

For a more specific estimate relevant to your case, please get in touch with our team of advisers.

How To Make A Clothing Retailer Data Breach Claim

To make a clothing retailer data breach claim, you could first write to the organisation concerned and tell them how the data breach has affected you. You could mention how you think the breach occurred and what damage you’ve suffered because of it.

For example, if you’ve been affected by the FatFace hack, you could explain any stress and anxiety this has caused you, and ask for compensation. If the organisation declines your request or does not respond to your satisfaction, you could contact the Information Commissioner’s Office (ICO) to report the FatFace data breach to them.

The ICO advise you to report any breaches to them when around 3 months have passed after getting nowhere with the defendant. If you leave it too long to contact them, they may choose not to investigate your claim.

Whether you choose to report the data breach to the ICO or not, if three months have gone by since any meaningful contact with the company, and they have not responded to your satisfaction, you could take things further.

You could find a data breach lawyer to help you make a compensation claim for the harm you’ve suffered because of a breach of data protection.

How Do I Find A Data Breach Lawyer?

Finding a data breach lawyer to help you with a FatFace data breach claim is easy when you call Legal Expert. Our friendly advisors will talk to you about your case and ask you a few questions.

Based on your answers, we could check your eligibility to make a claim for compensation for a data breach under the GDPR. If we believe you could be eligible for compensation, we could provide you with a lawyer to help you get the compensation you deserve.

Why Choose Us?

We recognise that you could choose from many legal firms across the UK to help you with your data breach claim. However, we believe we could be a great choice to help you claim GDPR data breach compensation.

Here at Legal Expert, we help claimants get compensation for a wide range of incidents, from data breach claims to personal injury claims. We have plenty of great reviews that attest to our attention to detail, great customer service, and ability to get the compensation our clients deserve. We’d be very happy to help with your claim too.

No Win No Fee Claims For A FatFace Data Breach

Would you be interested in using a data breach lawyer for your claim but aren’t sure about how to pay them? If so, you might want to consider working with a No Win No Fee data breach solicitor. They would not require any payment of legal fees until your claim ended and compensation came through.

How Does The No Win No Fee Claims Process Work?

Usually, the process follows the below steps:

  • Your data breach lawyer sends you a No Win No Fee Agreement which contains details of the success fee you’d pay from your total compensation payout. This is a small percentage of your total settlement. It is only payable in cases where your lawyer achieves compensation for you. The fee has a legal cap.
  • You sign and return the agreement and the data breach solicitor begins to put together the paperwork for your claim. They would usually attempt to negotiate a settlement for you without going to court. If the liable party refuses or disputes your claim, your lawyer could file legal paperwork with the courts. A great number of claims settle outside of the court. However, if it becomes necessary, your lawyer would help you fight through the courts for compensation.
  • Your compensation payout comes through. Your lawyer deducts their fee, and you benefit from the balance.

If your solicitor doesn’t achieve a payout for you, you don’t pay the success fee. You don’t have to cover your solicitor’s costs either.

To read our handy No Win No Fee claims guide, simply click here. Or, if you’d like to ask us anything about the process, we’d be happy to talk to you.

Contact Us For A Free Eligibility Check

Would you like us to check your eligibility to claim for a FatFace data breach? Or do you already have evidence and want to take action? Either way, we’d be glad to speak to you. You can get in contact with the Legal Expert team in a number of ways, including:

Learn More About Data Protection Breaches

Getting Help With Data Loss Claims – If you’re interested in making a claim for a data loss that has affected you, this guide could be useful.

Compensation For A GDPR Data Breach Causing Stress – Learn more about making a claim for GDPR data breach compensation for stress and distress.

Breach Of Data Protection By An Employer – If you have suffered harm because of an employer’s data breach, you can find out more about making a claim against them here.

Cyber Security Protection Steps –The National Cyber Security Centre (NCSC) provides guidance for organisations on how to protect the security of their computerised data.

ICO Guide For Data Protection – This guide is aimed at organisations that process data. It explains more about data protection law and how companies can ensure their compliance.

Using IPsec For Data Protection – The NCSC also provides guidance on using IPsec to protect data by establishing a VPN (a virtual private network).

Must Know Data Breach Statistics

According to the Cyber Security Breaches Survey 2020, cyber attacks have become more frequent as they have evolved. You can find the following statistics in the survey:

  • 46% of businesses have had a cybersecurity breach or a cyber attack in the 12 months ending early 2020
  • 26% of charities have suffered breaches or attacks
  • Large businesses have the highest prevalence of attacks (75%), followed by medium businesses (68%) and large charities (57%)
  • Among those businesses that have suffered attacks, 19% have suffered a loss of data or money

Data breach statistics 2021

The more recent Cyber Security Breaches Survey from 2021 provides insight into how UK businesses have been affected by cyber attacks and data breaches between March 2020 and March 2021. 1,419 UK businesses were surveyed during this time period. Findings from the 2021 survey included the following:

  • 654 of the businesses surveyed experienced a data breach or cyber attack at least once during the surveyed period.
  • By far the most commonly reported type of cyber attack was phishing attempts. 83% of the businesses which were subjected to cyber attacks reported being subjected to this particular method.
  • 27% of the businesses which reported experiencing cyber attacks experienced a method which involves individuals impersonating an organisation through emails or other methods in order to get access to sensitive data.
  • 9% of the businesses which experienced cyber attacks were affected by malware, spyware or viruses.
  • 27% of the businesses which reported experiencing cyber attacks said they experienced them at least once a week.
  • 66% of the surveyed businesses said they had a formalised incident response process in place for when a cyber security incident occurred.
  • Among the large businesses surveyed, only 45% confirmed they had communications and public engagement plans set up for when cyber security incidents occur.

More Useful Resources

Thank you for reading our guide to the FatFace data breach.

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.