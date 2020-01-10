Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Dixons Carphone Receives Maximum Fine for Major Breach

A major UK high street retailer has been fined the maximum amount under the pre-GDPR data protection regime for deficiencies which led to a breach affecting 14 million customers.

Privacy regulator the Information Commissioner’s Office (ICO) fined DSG Retail £500,000 under the 1998 Data Protection Act after POS malware was installed on 5390 tills.

The incident affected Currys PC World and Dixons Travel stores between July 2017 and April 2018, allowing hackers to harvest data including customer names, postcodes, email addresses and failed credit checks from internal servers, over a nine-month period.

The “poor security arrangements” highlighted by the ICO included ineffective software patching, the absence of a local firewall, and lack of network segregation and routine security testing.

“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen,” said ICO director of investigations, Steve Eckersley.

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR.”

Eckersley claimed that the stolen data exposed customers to significant risk of follow-on identity fraud and financial theft, with almost 3300 of them contacting the ICO by March 2019 about the breach.

However, the retailer said it is considering an appeal.

“When we found the unauthorized access to data, we promptly launched an investigation, added extra security measures and contained the incident,” said CEO Alex Baldock in a statement.

“We duly notified regulators and the police and communicated with all our customers. We have no confirmed evidence of any customers suffering fraud or financial loss as a result.”

Another business in the group, Carphone Warehouse, was fined £400,000 by the ICO in 2018 for similar security issues.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Accenture to Acquire Symantec's Cyber Security Services Business

2
News

Las Vegas Suffers Cyber-Attack

3
News

Apple Is Scanning Your Photos

4
News

UK Banks Foiled by Travelex Ransomware Attack

5
News

US Biz Closes Doors After Ransomware Attack

6
News

Cyber-Attacks Hit UK Firms Once Per Minute in 2019

1
News Feature

2020 Cybersecurity Predictions: Compliance, Authentication and CISO Evolution

2
Magazine Feature

Security Awareness: Driving Better Behaviors vs Still the Same Old Problems

3
News

US Pressures UK on Final Huawei Decision

4
News

Facebook Improves Political Ad Transparency but Refuses Ban

5
News

Dixons Carphone Receives Maximum Fine for Major Breach

6
Opinion

What Does the Hack Back Bill Mean to Your Business?

1
Webinar

New Year, New Decade, New Threats and Challenges

2
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

3
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

4
Webinar

Making a SOAR Strategy Work For You

5
Webinar

2019 Cybersecurity Headlines in Review

6
Webinar

Do You Need to Keep Up with the AI Trend?

1
News

Mariah Carey's Twitter Account Hacked

2
Opinion

Is it Time to Resuscitate Prevention?

3
News

Data Leak Forces Password Reset at Crypto Exchange Poloniex

4
News

US Restaurant Chain Landry’s Hit by POS Malware

5
Opinion

Providing Cyber Defence Without Breaking The Bank

6
News

US Biz Wins Court Case Against Ransomware Data Thieves