Fashion retailer Fat Face recently released an email to customers which has brought a data breach from earlier this year to the public’s attention. It is routine for companies to notify customers of data protection breaches, but this email comes a long time after the Fat Face data breach occurred, and reportedly included a request that customers keep the details of the breach private.
It has also been claimed that Fat Face paid a ransom to a cybercrime gang after the data breach occurred in January, but this allegation has yet to be confirmed by Fat Face itself or by ICO investigators.
Nevertheless, it is worrying that customers remained unaware of the breach for over two months, as it may mean that they may not have been vigilantly monitoring potential security risks or data misuse. If it emerges that Fat Face can be held liable for the breach, those who were notified of their involvement in the data breach may be eligible to claim compensation.
The immediate impact of the Fat Face data breach
The Fat Face data breach was revealed following the retailer’s decision to notify customers that their data had been compromised. Sent to customers in the penultimate week of March, the email revealed that Fat Face had engaged in investigations with cybersecurity experts after their suspicions were raised on 17th January. The investigations identified that an unauthorised third party had been able to access certain Fat Face systems, putting customer and employee data at risk.
Customers were told that their names, email addresses, home addresses, and partially redacted credit card details may have been compromised. It is understood that a similar email was sent to employees, whose National Insurance numbers and bank account details may have been put at risk.
The implications for the victims
UK regulations normally require that data controllers notify victims of data breach incidents within 72 hours of their occurrence. As such, on the face of it, it would appear that Fat Face has not followed this guidance. However, it may be that it did indeed take the company over two months to establish that customers were affected by the data breach, which could be the reason for the perceived delay.
Nevertheless, to discover this news at such a late stage could likely be worrying to victims of the data breach, and with good reason. During this time, customers may have remained unaware of the potential data misuse that they may have been exposed to, meaning that they may have failed to recognise suspicious activity or scams.
Some press coverage has alleged that negotiations with a ransomware gang resulted in Fat Face paying a $2m ransom to the gang, but Fat Face has not suggested that the breach arose as a result of a ransomware attack.
Making data breach compensation claims
If you received notification that your information was affected by the Fat Face data breach, you may have a compensation claim to make. It has been reported that thousands of customers were sent the notification email, so if Fat Face is found to be at fault for the vulnerability of their systems, there may be many claims to bring against the company.
Contact us today to receive free, no-obligation advice on any data breach claim inquiries you may have.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked * are required.
First published by Matt on April 13, 2021
Posted in the following categories: Data Breach Claims Data Breach Compensation Data Group Actions Latest and tagged with class actions | compensation claims | data breach | group action