Britain fines Carphone Warehouse £400,000 for data breach

​Britain’s information regulator said on Wednesday it had fined Carphone Warehouse 400,000 pounds (an equivalent $539,400) after a 2015 cyber attack exposed the personal data of more than 3 million customers.

The Information Commissioner’s Office (ICO) said the electrical goods and mobile phone retailer, owned by Dixons Carphone, left its systems vulnerable by failing to update its software and carry out routine testing.

“A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” Information Commissioner Elizabeth Denham said in a statement, adding that the fine was one of the biggest that the ICO had issued.

“Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

Cyberattackers used valid login details to access Carphone Warehouse’s system through an out-of-date version of content platform WordPress, the ICO said.

The compromised personal data included names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, their historical payment card details.

Records for some employees of the retailer were also compromised, although the Commissioner said there was no evidence of identity theft as a result of the attack.

A spokesman for Carphone Warehouse said the company had co-operated fully with the investigation and accepted the ICO’s decision.

“We moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues,” the spokesman said.

“Since the attack in 2015 we have worked extensively with cyber security experts to improve and upgrade our security systems and processes.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s