In 2021, DivideBuy, a prominent interest-free credit provider, experienced a data breach that exposed sensitive customer information. While the company has taken steps to address the issue, many of those affected still have questions about what happened and what they can do next.
Below, we’ve answered some of the most frequently asked questions about the DivideBuy data breach.
What is DivideBuy?
DivideBuy is a UK-based fintech company offering interest-free credit options for consumers and businesses. By partnering with over 500 retailers and integrating with platforms like Shopify and WooCommerce, DivideBuy provides easy financing options for online shoppers. In 2023, digital bank Zopa acquired DivideBuy for an unspecified amount.
What happened during the DivideBuy data breach?
In spring 2021, DivideBuy announced it had suffered a data breach, exposing personal information belonging to its customers. The breach resulted from unauthorised access to DivideBuy’s systems, though the full details of how the incident occurred have not been disclosed.
What data was exposed in the breach?
According to DivideBuy, the breach may have compromised:
- Names
- Dates of birth
- Home addresses
- Telephone numbers
- Email addresses
- Associated aliases
- Certain credit report details (stored in an unreadable format)
While no financial account information, such as bank details or credit card numbers, was compromised, the exposed data could still be used to commit identity theft or fraud.
How did DivideBuy respond to the breach?
After becoming aware of the breach, DivideBuy took several steps to address the situation:
- It engaged cybersecurity specialists to secure their systems and prevent further unauthorised access.
- Affected customers were notified promptly about the breach.
- DivideBuy offered a 12-month subscription to TrueIdentity, a credit monitoring service, to help customers monitor their credit files for suspicious activity.
What are the risks if my data was exposed?
Even though financial data was not involved, the exposed personal information could still pose risks:
- Identity theft: Criminals may use details like your name, address, and date of birth to impersonate you.
- Phishing scams: Fraudsters may use your email or phone number to send convincing but fraudulent messages.
- Cross-referencing with other breaches: Cybercriminals often combine data from multiple breaches to gain more complete profiles of individuals, making targeted attacks more effective.
Can I make a claim for compensation?
If you were notified by DivideBuy that your data was affected, you may be eligible for compensation. Compensation can be claimed for any emotional distress caused by the breach – even if you did not suffer any financial losses.
Is it too late to join the claim?
There is still time to join the claim for the DivideBuy data breach. However, data breach claims are subject to time limits, so it’s essential to act quickly.
Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.
