Carphone Warehouse fined £400,000 for putting millions of customers’ data at risk

Data included names, addresses, phone numbers, dates of birth, marital status and – for more than 18,000 customers – historical payment card details


Carphone Warehouse has been slapped with a £400,000 fine after one of the company’s computer systems was compromised as a result of a cyber-attack in 2015, putting millions of people’s data at risk.

The Information Commissioner’s Office on Wednesday said that the company’s failure to secure the system allowed unauthorised access to the personal data of over three million customers and 1,000 employees.

That data included names, addresses, phone numbers, dates of birth, marital statuses and – for more than 18,000 customers – historical payment card details.

“A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” said Information Commissioner Elizabeth Denham.

“Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

The ICO said that intruders had theoretically been able to access Carphone Warehouse’s system via out-of-date WordPress software, but it also said that so far there has been no evidence that the inadequate security measures had actually resulted in cases of identity theft or fraud.   

Nonetheless, Ms Denham said that customers and employees had been victimised by having their data “open to abuse by the malicious actions of the intruder”.

“Companies and public bodies need to take serious steps to protect systems, and most importantly, customers and employees,” she said.

May this year will see the introduction of a set of stringent data protection rules known as the General Data Protection Regulation, or GDPR.

Many have described GDPR as...

Read The Full Article

 

0 Comments Write your comment

    1. Loading...