Carphone Warehouse has been fined £400,000 for failing to properly secure the personal data of over three million customers. Following a data breach in 2015, the names, addresses, phone numbers, dates of birth and marital status of customers were taken and in the case of over 18,000 customers, historic card payment details. Details including the names, postcodes, phone numbers and the car registration numbers of 1,000 Carphone Warehouse customers were also lost in the attack. Ruling that the company had not taken adequate steps to protect the data, the Information Commissioner has issued a fine of £400,000, one of the biggest on record. The investigation revealed that the breach was possible thanks to Carphone Warehouse using out of date WordPress software and the attackers possessing genuine login credentials. "A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks," Information Commissioner Elizabeth Denham said. "Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures." Other aspects of the software in use on Carphone's systems were also out of date and the investigation found that the company failed to scrub their systems of historical data or carry out routine security testing. The ICO considered this to be a serious contravention of Principle 7 of the Data Protection Act 1998. TalkTalk, which was once part of the same company as Carphone Warehouse, was fined by the same amount by the Commissioner's Office in 2016 for a similar reason; an old database of Tiscali customer details coughed up the goods after teenage hackers used SQLmap, a free, off the shelf penetration testing tool. The elephant in the room here is the EU General Data Protection Regulation (GDPR), new, stronger data protection rules which take effect from the 25th of May. While the ICO currently has the power to issue fines of up to £500,000, financial penalties for preventable data breaches will be either €20 million (£17m) or 4 per cent of a company's annual revenue, whichever is higher. "Carphone Warehouse" by Jeff Easter is licensed under CC BY 2.0.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
Carphone Warehouse has been fined £400,000 for failing to properly secure the personal data of over three million customers. Following a data breach in 2015, the names, addresses, phone numbers, dates of birth and marital status of customers were taken and in the case of over 18,000 customers, historic card payment details. Details including the names, postcodes, phone numbers and the car registration numbers of 1,000 Carphone Warehouse customers were also lost in the attack. Ruling that the company had not taken adequate steps to protect the data, the Information Commissioner has issued a fine of £400,000, one of the biggest on record. The investigation revealed that the breach was possible thanks to Carphone Warehouse using out of date WordPress software and the attackers possessing genuine login credentials. "A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks," Information Commissioner Elizabeth Denham said. "Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures." Other aspects of the software in use on Carphone's systems were also out of date and the investigation found that the company failed to scrub their systems of historical data or carry out routine security testing. The ICO considered this to be a serious contravention of Principle 7 of the Data Protection Act 1998. TalkTalk, which was once part of the same company as Carphone Warehouse, was fined by the same amount by the Commissioner's Office in 2016 for a similar reason; an old database of Tiscali customer details coughed up the goods after teenage hackers used SQLmap, a free, off the shelf penetration testing tool. The elephant in the room here is the EU General Data Protection Regulation (GDPR), new, stronger data protection rules which take effect from the 25th of May. While the ICO currently has the power to issue fines of up to £500,000, financial penalties for preventable data breaches will be either €20 million (£17m) or 4 per cent of a company's annual revenue, whichever is higher. "Carphone Warehouse" by Jeff Easter is licensed under CC BY 2.0.