Search Share Prices
Carphone Warehouse hit with £400,000 fine over data security breach
Dixons Carphone's mobile phone retail arm Carphone Warehouse has been slapped with one of the largest fines ever issued by the Information Commissioner's Office (ICO) after one of the company's computer systems was compromised as a result of a 2015 cyber attack.
Carphone Warehouse's inability to secure the system allowed hackers unauthorised access to the personal data of more than three million customers and 1,000 employees, leading the ICO to issue a £0.4m fine. The compromised customer data ranged from names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, historical payment card details.
For its employees, the leak resulted in their names, phone numbers, postcode, and car registration details being accessed.
The ICO stated that the personal data involved in the leak had the potential to significantly breach the privacy of those individuals affected and leave their data at risk of being misused.
Information Commissioner Elizabeth Denham said, "A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks."
"Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures," she added.
An investigation by the ICO identified multiple inadequacies in Carphone Warehouse's approach to data security and determined that the company was culpable for the information leak. Using valid login credentials, hackers gained access to the system via out-of-date Wordpress software.
The £0.4m fine will be a drop in the ocean for parent Dixons Carphone, which its last full year made a pre-tax profit of £386m.
As of 1400 GMT, shares had dropped 0.89% to 201.50p.