Carphone Warehouse fined for data breach
The company’s computer systems were compromised after a cyber-attack in 2015 and its failure to secure the system allowed unauthorised access to the personal data of more than three million customers and 1,000 employees.
The compromised customer data included: names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, historical payment card details.
The ICO considered that the personal data involved would significantly affect individuals’ privacy, leaving their data at risk of being misused.
Using valid login credentials, intruders were able to access the system via an out-of-date WordPress software.
Information Commissioner Elizabeth Denham said: “A company as large, well-resourced and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.
“Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”
The Commissioner acknowledged that Carphone Warehouse took steps to fix some of the problems and to protect those affected. To date there has been no evidence that the data has resulted in identity theft or fraud.
We hope you enjoyed this article.
Research Live is published by MRS.
The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.
Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.
For example, there's an archive of winning case studies from over a decade of MRS Awards.
Find out more about the benefits of joining MRS here.
0 Comments