Did Currys PC World/Dixons Travel get off lightly following data breach fine?

Currys PC World Carephone Warehouse store at a retail park UK

Currys PC World/Dixons Travel has been fined £250,000 for failing to protect its customers’ personal data. But, while £500,00 might seem like a lot of money, Currys PC World/Dixons Travel actually dodged a much bigger financial penalty. Because, had the attack happened now, the fine would inevitably have been much higher under new data protection regulations (GDPR). So it’s important that people hold the retailer to account by making a Currys PC World/Dixons Travel data breach compensation claim.

What happened in this case?


The data breach saw a hacker install malware on 5,390 cash registers at Dixons Travel stores and Currys PC World.

The attack exposed the full names, postcodes, email addresses, credit checks of millions of customers. Payment card data was also compromised in a separate breach.

Data Protection in the UK


The General Data Protection Regulation (GDPR) came into force on May 25th, 2018. This means that the breach was considered under the Data Protection Act (DPA) 1998 not the newer Data Protection Act (DPA) 2018 (the UK’s version of the GDPR).

These acts have drastically different level of fines. The first up to a maximum of £500,000 and the second up to £17 million (or 4% of an organisation’s annual turnover, whichever is higher).

So, while the ICO imposed the highest possible fine it could, you could argue that Currys PC World/Dixons Travel got off lightly.

Is Currys PC World/Dixons Travel taking responsibility for its data privacy failings?


Not really. In fact, while the company has apologised for the breach, Currys PC World/Dixons Travel successfully appealed an initial fine of £500,000. That’s despite the fact an investigation into the breach by the Information Commissioner’s Office (ICO) found:

  • Systemic failures in the way DSG Retail Limited safeguarded personal data
  • Failures relating to basic, commonplace security measures
  • Vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing

So, you could argue that the retailer continues to show a complete disregard for the customers whose personal information was stolen.

What does the ICO fine mean for you?


In truth, while data protection lawyers like to talk about the changes that have occurred since GDPR, for people who had had their data breached, the level of fine doesn’t make much difference. Mainly because, while the ICO can impose a monetary penalty on a company, this isn’t given to victims of the data breach.

The only way for you to hold Currys PC World/Dixons Travel to account is to make a data breach compensation claim.

That being said, the ICO fine is good news for victims of the data breach. Because now that the ICO has found Currys PC World/Dixons Travel guilty of failing to protect your data, you can use this evidence to support a data breach compensation claim.

Who can claim compensation for the Currys PC World/Dixons Travel data breach?


Everyone who was impacted by the breach should have been contacted by the national retailer and can now make a data breach compensation claim.  You can claim for:

Financial loss

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts


Cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy.

Why use Keller Postman UK to make a Dixons data breach compensation claim?

At Keller Postman UK, our expert data breach lawyers help people to make successful cybercrime claims against companies that have failed to protect their data from fraudsters and hackers.

Specialists in data breach law, we understand what it takes to make a successful data breach claim, regardless of the type of organisation involved.

Register to become part of our Currys PC World/Dixons Travel data breach group action. 

Share this article: