Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Carphone Warehouse Breach Results in £400K Fine

 
January 11th 2018
A very salient lesson in why you need to keep data safe
The Carphone Warehouse has become the latest UK firm to be slapped with a massive ICO fine after a 2015 data breach compromised the personal information of millions of customers.

The electronics and mobile phone retailer, owned by Dixons Carphone, was fined £400,000 by the ICO after failing to adequately secure its systems. Hackers accessed data on over three million customers including names, addresses, phone numbers, dates of birth and marital status.

Some 18,000 customers had historical payment details accessed, while 1000 employees had data including name, phone numbers, postcode and car registration exposed to the hackers.

The attackers are said to have accessed the data by using valid log-ins for out-of-date WordPress software.

The ICO claimed Carphone Warehouse failed to delete historical data from its records, carry out routine security testing or keep software up-to-date.

“A company as large, well-resourced, and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” said information commissioner, Elizabeth Denham, in a statement.

“Carphone Warehouse should be at the top of its game when it comes to cybersecurity, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

She added that companies need to put in place layered security to help mitigate growing online threats.

The firm may have been saved from a bigger fine by taking steps to fix some of the problems identified, and because the data has not yet resulted in any identity fraud.

The fine puts Carphone Warehouse up there with TalkTalk in terms of the largest ever penalties levied.

The ISP was slapped with a £400,000 penalty after a 2015 breach but then received a further £100,000 for a separate issue relating to data access by a third-party supplier.

Carphone Warehouse would most likely have been hit with an even bigger fine had the incident occurred after May 25, when the GDPR comes into force. It will give the ICO and other regulators around Europe the power to fine organizations up to 4% of global annual turnover, or £17m.

Source


Keywords