10 January 2020

ICO fines Dixons Carphone £500,000

UK – The Information Commissioner’s Office (ICO) has fined DSG Retail, a subsidiary of Dixons Carphone, £500,000 after a cyber attack on a till system affected around 14 million customers.

Privacy_data_secure_crop

An investigation conducted by the regulator found that an attacker installed point-of-sale malware (malicious software) on 5,390 tills at DSG’s Currys PC World and Dixons Travel Stores between July 2017 and April 2018.

The hack was not detected for nine months, allowing the software unauthorised access to information including payment card details used in transactions, personal data including names, postcodes and email addresses, the ICO said, leaving customers vulnerable to financial and identity fraud.

The fine has been issued under the Data Protection Act (DPA) 1998 as the incident occurred before the implementation of the General Data Protection Regulation (GDPR) in 2018.

DSG breached the DPA by having poor security arrangements, such as inadequate software patching, absence of a local firewall, lack of network segregation and routine security tests, the watchdog found.

The monetary penalty, half a million pounds, is the maximum that can be issued under the previous data protection legislation – under the terms of GDPR, the potential fine could have been much higher.

Steve Eckersley, ICO’s director of investigations, said the watchdog found “systemic failures” in DSG’s approach to safeguarding data. He said: “It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.”

Dixons Carphone chief executive, Alex Baldock, said: “We are very sorry for any inconvenience this historic incident caused to our customers. When we found the unauthorised access to data, we promptly launched an investigation, added extra security measures and contained the incident. We duly notified regulators and the police and communicated with all our customers. We have no confirmed evidence of any customers suffering fraud or financial loss as a result.”

The company said it had upgraded its “detection and response capabilities” and invested in its information security systems and processes, but also disputes some of the ICO’s findings, and said it is considering its grounds for appeal. 

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

Data privacy FMCG & Retail News UK

0 Comments


Display name

Email

Join the discussion

Submit

Data privacy FMCG & Retail News UK

Powered by The Research
Buyers Guide

FIND YOUR NEXT AGENCY.

Advanced Search

Related

Elizabeth denham_crop
News

ICO warns political parties to comply with law

5 Nov
Person holding phone with Facebook login screen
News

Facebook pays £500,000 ICO fine

30 Oct
Marriott hotel_crop
News

ICO to fine Marriott £99m for GDPR data breach

11 Jul

Popular

1

Polling website FiveThirtyEight closes
2

Interview: CNN’s Mark Thompson & behavioural scientist Crawford Hollingworth on the misinformation challenge
3

What could Starmer’s AI plans mean for market research?
4

Winning the 1%: Why quant research needs to think small
5

Brand purpose: Tough decisions for tough times
6

Ipsos to buy BVA

Interviews

Read More Interviews
LaShanda Seaman
Feature

Next generation chat with LaShanda Seaman: ‘Take the opportunities’

25 Mar Liam Kay-McClean
Thumbnail_Laura-YR-RL25
Feature

Laura Gafforio: ‘I should thank my younger self’

24 Feb Liam Kay-McClean
Taiye Akin-Akinyosoye
Feature

Taiye Akin-Akinyosoye: ‘This is where I'm supposed to be’

4 Feb Liam Kay-McClean
Load More
Newsletter
Stay connected with the latest insights and trends...
Sign Up
Featured Company from the RBG Directory

Town/Country: London
Email: info@mmr-research.com

Fighting ordinary innovation for the world's leading brands since 1989. MMR Research Worldwide is your global consumer and sensory research partner. We truly believe that great product experiences unlock the . . .

Read More
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts