Customers reportedly told to keep quiet about Fat Face data breach


Reports have recently emerged detailing the events of the Fat Face data breach, following the company’s decision to send out an email to affected customers. Victims were reportedly told to keep the information about the incident private.

The data breach itself is understood to have occurred in January, but it was not until the end of March that customers learned of the exposure of their information. Investigations by Fat Face has established that some systems were reportedly subjected to unauthorised access, affecting both customer and employee data. It has also been alleged that Fat Face paid a ransom to a cybercrime gang, though neither the company nor the ICO, the data protection regulator, appear to have confirmed this claim.

Those who have had their private information exposed in the Fat Face data breach may be able to recover compensation for the harm caused. Everyone has a right to adequate data protection. If companies fail in this duty, they can be liable to issue pay-outs to those affected.

What private information was affected in the Fat Face data breach?

The Fat Face data breach is understood to have exposed private customer data that included names, postal addresses, email addresses, and the last four digits of credit card numbers. It is believed that staff were also affected, having received a notification email warning them that their National Insurance numbers and bank account information may have been exposed to unauthorised access.

Fat Face’s response

Having become aware of a potential incident in January, Fat Face assert that they engaged the assistance of cybersecurity experts immediately, who ascertained that an unauthorised user had been able to access a certain number of systems for a select period of time. However, it was not until the penultimate week of March that the affected customers learned of the Fat Face data breach.

In the notification email, customers were allegedly told not to disclose the data breach to anyone else, with Fat Face telling them to “keep this email and the information included within it strictly private and confidential”. This is, in our experience, an unusual approach to take, and victims are entitled to seek independent legal advice to address what they can do as a victim of the breach.

Certain reports have claimed that Fat Face also broke with recommended procedure by paying a $2m ransom to a cybercrime gang. The company has not yet linked their data breach to ransomware, but some news outlets have alleged that negotiations took place between Fat Face and a ransomware gang.

Fat Face data incident claims

If it emerges that Fat Face is responsible for the breach of their systems by an unauthorised third party, the company could be liable to pay compensation to the victims of the breach. In a data breach claim, victims can be eligible to recover compensation for the distress they have suffered, as well as for any financial losses or expenses incurred.

Victims of the Fat Face data breach may have been made vulnerable to distress and security risks in the wake of the incident. If you were notified of your involvement in the breach, you can come to use for free, expert advice on your potential compensation claim.

We have already agreed to take cases on with our No Win, No Fee legal representation.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.