• Contact Us

Carphone Warehouse Fined £400,000 by the ICO

on Thursday, 15 February 2018.

Carphone Warehouse Fined £400,000 by the ICO After Serious Failures Placed Customer and Employee Data at Risk

In 2015 Carphone Warehouse experienced a cyberattack on one of its computer systems. The system contained large quantities of personal data, including records comprising the names and addresses of customers and employees and payment card information. The attacker used valid login credentials to access the system via out-of-date WordPress software. The attacker was then able to access the personal data of over three million customers and 1,000 employees.

According to the ICO, the incident exposed the inadequacies in Carphone Warehouse's technical security measures and overall approach to data security. The ICO added that the company failed to carry out routine security testing and had not updated a number of pieces of important software on its computer systems. The ICO considered this to be a serious contravention of the Data Protection Act 1998 and issued a fine of £400,000.

This serves as a reminder that the ICO takes a lack of adequate technical and organisational security measures very seriously. Organisations should ensure that they have appropriate measure in place to keep personal data secure. Software should be kept up to date and the system routinely tested to ensure its secruity. 


For further information please contact Claire Hall on 0117 314 5279 or Alexandra Ireland in our Data Protection team on 0121 227 3721.

 

Leave a comment

You are commenting as guest.