You are here: Home - Household Bills - News -

Dixons Carphone fined £500,000 over serious data breach

0
Written by: Paloma Kubiak
10/01/2020
Dixons Carphone has been slapped with a half a million pound fine over a breach which compromised the data of millions of customers.

The company behind Currys PC World and Carphone Warehouse identified a breach in 2018, originally estimating little over a million people had their personal data compromised.

But the Information’s Commissioner’s Office (ICO) investigation revealed a ‘point of sale’ computer system was compromised as a result of the cyber-attack, exposing the full names, postcodes and email addresses of at least 14 million people.

It found that an attacker installed malware on 5,390 tills at Currys PC World and Dixons Travel stores between July 2017 and April 2018. Personal data was being collected over this nine-month period.

The ICO said DSG Retail Limited (DSG) failed to take basic steps to secure the system which allowed unauthorised access to 5.6 million payment card details used in transactions and leaving millions of customers vulnerable to financial theft and identity fraud.

In total, the ICO received 158 complaints between June 2018 and November 2018 from customers. As of March 2019, DSG reported that nearly 3,300 customers had contacted them directly in relation to this data breach.

Dixons Carphone breached the Data Protection Act 1998 by having poor security arrangements and failing to take adequate steps to protect personal data. The ICO said this included the absence of a local firewall, lack of network segregation and routine security testing. As such, it has fined DSG the maximum £500,000 for its serious failings.

In January 2018, the ICO fined Carphone Warehouse £400,000 for similar security vulnerabilities.

“Careless loss of data”

Steve Eckersley, ICO’s director of investigations, said: “Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.

“Such careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud.

“We recognise that cyber-attacks are becoming more frequent, but organisations have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.”

Chief executive of Dixons Carphone, Alex Baldock, said: “We are very sorry for any inconvenience this historic incident caused to our customers.

“When we found the unauthorised access to data, we promptly launched an investigation, added extra security measures and contained the incident.

“We have no confirmed evidence of any customers suffering fraud or financial loss as a result.”

Baldock added that it disputes some of the ICO’s findings so it is considering grounds for appeal.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Coronavirus and your finances: what help can you get?

News and updates on everything to do with coronavirus and your personal finances.

Everything you need to know about being furloughed

If you’ve been ‘furloughed’ by your company, here’s what it means…

The savings accounts paying the most interest

If one of your jobs this month is to get your finances in order, moving your savings to a higher paying deal i...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week

  • "The government needs to support the removal of non-ACM cladding from buildings that are under 18 metres as well,"… https://t.co/WW5ONNqBdH
  • RT @DASLegalUK: The nation has turned to online shopping, but what are our retail rights if we face issues with delivery, faulty items, ret…
  • The nation has turned to online shopping, but what are our retail rights if we face issues with delivery, faulty it… https://t.co/HOAf3COpYK

Read previous post:
Barclays to introduce 35% overdraft interest rate

Barclays has announced it will start charging interest on overdrafts in March instead of daily fees.

Close