Carphone Warehouse hit with £400k fine following data breach

12 January 2018

Mobile phone retailer Carphone Warehouse has been fined £400,000 by the information regulator for “serious failures”, which resulted in cyber criminals stealing the data of millions of customers and staff.

The fine is one of the largest issued by the Information Commissioner’s Office (ICO).

It comes after over three million customers had data stolen following a 2015 cyber attack. This information included names, addresses, phone numbers, dates of birth, marital status, and for more than 18,000 customers, historical card details.

The records of 1,000 Carphone Warehouse employees were also stolen. This data included names, phone numbers, postcodes and car registrations.

Information commissioner, Elizabeth Denham, comments: “A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.”

She adds: “There will always be attempts to breach organisations’ systems and cyber-attacks are becoming more frequent as adversaries become more determined. 

“But companies and public bodies need to take serious steps to protect systems and, most importantly, customers and employees.”

A spokesperson for Carphone Warehouse, which is part of the Dixons Carphone group, says: "We accept the decision by the ICO and have co-operated fully throughout its investigation into the illegal cyber attack on a specific system within one of Carphone Warehouse’s UK divisions in 2015.
"As the ICO notes in its report, we moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues. The ICO noted that there was no evidence of any individual data having been used by third parties.
"Since the attack in 2015 we have worked extensively with cyber security experts to improve and upgrade our security systems and processes.
"We are very sorry for any distress or inconvenience the incident may have caused."

As Carphone Warehouse paid the fine early, it was reduced by 20% to £320,000.

See our Stay secure online hub page for information on how to be Cyber Aware.   

Add new comment