Proactive Investors - Run By Investors For Investors

Carphone Warehouse fined £400,000 for lax information technology safeguards

“We accept today’s decision by the ICO and have co-operated fully throughout its investigation into the illegal cyber-attack on a specific system within one of Carphone Warehouse’s UK divisions in 2015," said Carphone Warehouse.
Carphone Warehouse
The doors were wide open for those that had the knowledge to breach the system

Carphone Warehouse, part of the Dixons Carphone Plc (LON:DC) group, has been fined £400,000 after it suffered a cyber-attack in 2015.

The size of the fine is the same as that meted out to Talktalk Telecom Group PLC (LON:TALK) in 2016 after it suffered a data breach.

The attack exposed the personal data of more than three million customers.

The Information Commissioner's Office (ICO) said the company's failure to implement sufficiently robust safeguards allowed malicious parties to potentially access names, addresses, phone numbers, dates of birth, marital statuses and, in some cases, historical payment card information.

“A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” said information commissioner Elizabeth Denham.

Having said that, there is no evidence that there had been instances of identity theft or fraud.

The ICO discovered 11 separate issues with the company’s data protection and security practices, any of which would have breached the Data Protection Act on their own. These included using the same root password being used on every one of the company's servers; no anti-virus software on the servers that held the data; and the storage of full credit card details when there was no requirement to do so.

View full DC profile View Profile

Dixons Carphone Plc Timeline

Related Articles

Scans and MRI
November 28 2018
The firm's subsidiary, Imaging Biometrics, recently appointed a South Korean distributor a few weeks after receiving the first commercial order for its StoneChecker technology
MetroRod has been in operation for 30 years but only became a franchise relatively recently
December 03 2018
“I think customers are seeing that we do offer value and that really is the answer,” said chief executive John Nichols

© Proactive Investors 2018

Proactive Investors Limited, trading as “Proactiveinvestors United Kingdom”, is Authorised and regulated by the Financial Conduct Authority.
Registered in England with Company Registration number 05639690. Group VAT registration number 872070825 FCA Registration number 559082. You can contact us here.

Market Indices, Commodities and Regulatory News Headlines copyright © Morningstar. Data delayed 15 minutes unless otherwise indicated. Terms of use