“Dixons Carphone warned to brace for lawsuits after data breach” – James Castro-Edwards comments for The Times’ Brief

14 / 06 / 2018

Dixons Carphone warned to brace Dixons Carphone warned to brace Dixons Carphone warned to brace Dixons Carphone warned to brace Dixons Carphone warned to brace for lawsuits after data breach for lawsuits after data breach for lawsuits after data breach for lawsuits after data breachfor lawsuits after data breach for lawsuits after data breach for lawsuits after data breach for lawsuits after data breach By The Brief team on Jun 14, 2018 Dixons Carphone should expect a flood of legal claims after it revealed that hackers tried to access the bank card details of more than five million customers, lawyers said yesterday.

The cyberattack triggered an investigation by a British intelligence agency into what could be the biggest leak of citizens’ financial information on record. The National Cyber Security Centre, part of GCHQ, is working alongside police and the Information Commissioner’s Office to assess the impact on customers after the retailer discovered the unauthorised access, including an attempt to compromise 5.9 million payment cards.

The company admitted that non-financial personal data of 1.2 million customers, such as names, addresses and email addresses, had also been accessed.

It said that it had no evidence that any of the cards had been used fraudulently following the breach, or that the loss of personal data had resulted in any fraud. It has re-secured the data.

“This is a huge data breach made all the more serious because customers’ financial information has been hacked,” Sean Humber, a partner at the London law firm Leigh Day, said. “Those affected are likely to have claims for compensation not only for any financial losses that they may have suffered but also for the anxiety and distress caused by the breach.”

Other lawyers said that the incident highlighted a new regulatory environment under the recently implemented EU general data protection regulation. James Castro-Edwards, a partner at London firm Wedlake Bell, said the incident was “the way of things to come as data breach reporting became a mandatory obligation”. He said the information commissioner’s office would probably want to know “how difficult it would have been for the affected organisation to prevent the breach, and how sophisticated the hacker would have needed to be to carry out the attack”.

Mark Weston, a partner at regional law firm Hill Dickinson, said that Dixon Carphone’s immediate apology and claim of responsibility “is typical of the more mature approach we can expect to see going forwards as businesses scramble to avoid the new high fines by demonstrating how seriously they take protection of personal data.”

This article was first published by The Times’ Brief