A firm using social media to gather claims against M&S over the customer data breach has boasted of signing up more than 4,000 of its shoppers.
Join the Claim has been using Facebook to tell M&S shoppers that “under UK data protection law, you may be entitled to compensation” over the theft of customer data in a cyberattack in April. The data stolen included contact details, dates of birth and household information, but not usable card payment details.
The company builds books of claims to provide to law firms who launch class action lawsuits. Claimants can join on a no-win, no-fee basis.
The company’s first Facebook post appealing for claimants against M&S was on 15 May, two days after the retailer went public about the customer data breach.
It is also gathering claims against Co-op, which this week confirmed all 6.5 million of its members had their data stolen in a cyberattack in April. The Co-op data breach, which it first announced in May, also included contact details but not usable card payment details.
A Join the Claim spokesperson said: “More than 4,000 people in England, Wales and Scotland have now joined the M&S data breach claim through Jointheclaim.com – a clear sign that public concern over data protection is rising.
“As a platform that connects consumers with trusted legal support, Join the Claim is working in partnership with leading UK law firms in both Scotland and England to support those affected. The claim is open to eligible individuals who wish to explore potential legal action on a no-win, no-fee basis.”
Seema Kennedy, executive director of Fair Civil Justice – a business-funded campaign against “predatory litigation” – said: “Mass claim platforms like this risk turning justice into a business model.
“These are not law firms, yet they drive public litigation with little accountability. Data breaches must be taken seriously, but we should be wary of claims that prioritise profit over principle.”
Join the Claim founder Jordan Clayton said: “Data breaches expose serious gaps in how organisations manage sensitive information. When things go wrong, it’s consumers who deal with the consequences, from financial fraud and scam messages to long-term anxiety about identity theft.
“Group claims give people a way to take action and send a clear message: we expect better protection. This isn’t just about compensation. It’s about accountability, and building better standards so breaches like this don’t keep happening.
“The M&S data breach case is one of several high-profile group actions currently supported by Join the Claim. Others include claims related to the talc cancer scandal, supermarket equal pay disputes, and flight delay compensation – collectively affecting hundreds of thousands of people across the UK.”
Clayton added: “Join the Claim is not a law firm. Instead, we play a unique role in the group action ecosystem: identifying potential claimants, streamlining eligibility, and boosting consumer engagement to help law firms build strong books of business efficiently and at scale.
“We’re proud to be working with some of the UK’s best litigation lawyers to help bring justice to those affected by these serious wrongdoings.”
In a Facebook post on Wednesday – the same day Co-op confirmed all members were affected by the data breach – Join the Claim wrote: “It’s now confirmed. All 6.5 million members had their data stolen in the huge Co-op data breach earlier this year. A group lawsuit is seeking compensation for those whose personal data was compromised.”
The Facebook posts direct readers to the claim-gathering firm’s website, where they can sign up in minutes.
An M&S spokesperson said: “We wrote to our customers as soon as we could in relation to their personal data, making clear that no usable card or payment details or account passwords had been extracted during the cyber-incident, and that there was no evidence that any customer data had been shared, which we continue to monitor and remains the case.”
Co-op did not provide a comment.
It is understood a claim is yet to be filed against either retailer over the data breaches.
No comments yet