Carphone Warehouse hit with £400,000 fine over data breach

Carphone Warehouse has become the latest telecoms provider to be fined by the UK’s privacy regulator for failing to prevent a data breach.

The Information Commissioner’s Office (ICO) fined the company £400,000 over the 2015 hack, in which attackers got access to the personal data of over three million customers and 1,000 employees.

Customer data accessed in the attack included names, addresses, phone numbers, dates of birth, marital status and historical payment card details.

Details of employee names, phone numbers, postcodes and car registrations were also accessed.

The ICO investigation found that Carphone Warehouse had failed to carry out routine security testing and to update software systems, and had not implemented measures to identify and delete historical data.

These failures violated the UK’s Data Protection Act.

The Commissioner acknowledged however that the retailer had taken steps to fix some problems and protect those affected.

Elizabeth Denham, Information Commissioner, said: “A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.

“Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

The fine comes ahead of the introduction of the EU’s General Data Protection Regulation on 25 May, which will impose more stringent data security requirements on companies.

Carphone Warehouse’s fine equals that imposed on TalkTalk in 2016, at the time a new record.

Almost 157,000 people had their personal details accessed by a hacker in October 2015 after TalkTalk’s website was breached.

Read more: GDPR means network operators must become much more than transporters of data

More News

Iliad enters content game in France, finally launches Italian mobile business Iliad enters content game in France, finally launches Italian mobile business Iliad has acquired football rights in France and launched its opco in Italy as it looks to reboot after a disappointing set of financial results. More detail
Three UK appoints new CCO, CFO Three UK appoints new CCO, CFO The departure of Three UK's Chief Commercial Officer after just 18 months in the job has triggered a shake-up of the mobile operator's top team. More detail
TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk has agreed to sell 80,000 business customers to rival Daisy Group in a £175 million deal. More detail
A1 Telekom Austria Group rebrand reaches Bulgaria A1 Telekom Austria Group rebrand reaches Bulgaria Bulgaria is the third A1 Telekom Austria Group opco to get rebranded as the telco looks to market itself as a provider of "advanced" IT, IoT, cloud and content services. More detail
Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services has expanded its work with Dobroflot by developing a customised IoT solution for the Russian fishing company. More detail
    

 

European Communications is now
Mobile Europe and European Communications

  

From June 2018, European Communications magazine 
has merged with its sister title Mobile Europe, into 
Mobile Europe and European Communications.

No more new content is being published on this site - 

for the latest news and features, please go to:
www.mobileeurope.co.uk 

 

@eurocomms