Dixons Carphone slapped with maximum possible fine after 14m customers’ data stolen

NewsSecurity

Dixons Carphone has been slapped with a £500,000 fine by the Information Commissioners Office (ICO) after 14 million customers were affected in a cyber-attack.

The ICO has issued the maximum possible fine on the technology retailer after an investigation uncovered “serious contraventions” that jeopardised millions of customers personal and financial details.

Hackers installed rogue software on 5390 tills of branches in Currys PC World and Dixons Travel chains which went undetected for over nine months between July 2017 and April 2018.

During this time the details of 14 million customers, including full names, postcodes, email addresses and failed credit checks.

A further 5.6 million customers credit card detail were also obtained by hackers before the retailer eventually detected the software last summer.

READ MORE: £111,000 taken from hundreds of customers in Currys PC World Ebay hack

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR,” ICO’s director of investigations Steve Eckersley.

Under GDPR laws, which were brought in May 2018 after the attack happened, ICO is able to fine companies up to four per cent of their annual global turnover.

In 2018 Dixons Carphone reported revenues of £10.4 billion, meaning under new rules it could have been fined over £400 million,

The ICO said it uncovered major “systematic failures” in the way the retailer looked after its customer data, including vulnerabilities such as inadequate software patching and security testing.

“Such careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud,” Eckersley added.

Dixons Carphone’s chief executive Alex Baldock added: “We are very sorry for any inconvenience this historic incident caused to our customers.

“When we found the unauthorised access to data, we promptly launched an investigation, added extra security measures and contained the incident. We duly notified regulators and the police and communicated with all our customers.”

Last year ICO also fined Carphone Warehouse £400,000 for having major security flaws which lead to a data breach.

Click here to sign up to Charged free daily email newsletter

 

NewsSecurity

RELATED POSTS

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu

SUBSCRIBE TO OUR NEWSLETTER

Sign up to our daily newsletter to get all the latest retail tech news and insights direct to your inbox.

  • This field is for validation purposes and should be left unchanged.