Carphone Warehouse has been hit with a hefty £400,000 fine from the UK’s data watchdog for security failings attached to a 2015 hack.
The cyber-attack affected three million customers, compromising personal data such as: names, addresses, dates of birth, phone numbers and marital status. More than 18,000 customers had historical payment card details compromised.
Employees of the British mobile phone retailer were also affected, with names, phone numbers, postcodes and car registration details being leaked.
The penalty is almost the £500,000 maximum the regulator can currently issue, showing the severity of the hack. The UK’s information commissioner Elizabeth Denham said: “A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.”
According to the Information Commissioner’s Office (ICO), the hackers used valid login details to access Carphone Warehouse’s system via outdated WordPress software. The security breach also exposed shortfalls in the company’s security measures, with out of date systems and failure to carry out routine security tests.
The ICO issued a similar penalty to TalkTalk in 2016 for a data breach the previous year affecting 157,000 customers.
By May 2018, the maximum fine that data protection regulators in the European Union can issue will increase significantly to £17m or 4% of a company’s annual turnover.
More on Companies
EU Fines Qualcomm €997m for Abusing Market Position
The European Commission has fined chipset manufacturer Qualcomm €997m for infringing anti-trust laws and abusing its dominant market position. In...
Employees: The Culprits of Security Breaches?
A senior sales executive in a medium-sized company is having a business meeting with a third party at a café...
The Long-Term Danger of Short-Term Shareholder Thinking
The ideology of shareholder supremacy has been around for more than four decades now. It was popularised in the 1980s...