Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Britain fines Carphone Warehouse over data breach

Reprints

(Reuters) — Britain's information regulator said on Wednesday it had fined Carphone Warehouse £400,000 ($539,400) after a 2015 cyber attack exposed the personal data of more than 3 million customers.

The Information Commissioner's Office said the electrical goods and mobile phone retailer, owned by Dixons Carphone, left its systems vulnerable by failing to update its software and carry out routine testing.

"A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks," Information Commissioner Elizabeth Denham said in a statement, adding that the fine was one of the biggest that the ICO had issued. "Carphone Warehouse should be at the top of its game when it comes to cyber security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures."

Cyber attackers used valid login details to access Carphone Warehouse's system through an out-of-date version of content platform Wordpress, the ICO said.

The compromised personal data included names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, their historical payment card details.

Records for some employees of the retailer were also compromised, although the commissioner said there was no evidence of identity theft as a result of the attack.

A spokesman for Carphone Warehouse said the company had co-operated fully with the investigation and accepted the ICO's decision.

"We moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues," the spokesman said. "Since the attack in 2015, we have worked extensively with cyber security experts to improve and upgrade our security systems and processes."

 

 

Read Next

  • Ransomware targeting cloud services one of the biggest cyber threats to organizations: MIT

    A review by U.S.-based Massachusetts Institute of Technology predicted that ransomware targeting cloud services is one of the six biggest cyber threats that organizations across the world are likely to face in 2018, Computerweekly.com reported. MIT said that smaller cloud providers are likely to be more vulnerable and pay up if customer data were encrypted and held for ransom. Cyber attacks targeting electrical grids, transportation systems and other types of national critical infrastructure are also expected to increase.