In the news this week, popular electronics retailer Carphone Warehouse have been fined for what is being classed as a ‘striking’ number of failures that have led to a significant data breach. The Information Commissioner’s Office has now officially find the successful company for £400,000 over their concerns about the Carphone Warehouse’s security issues. The security issues mentioned have very recently come to light following the current investigation of a hack affecting three million people’s data stored by the Carphone Warehouse.
The £400,000 fine to Carphone Warehouse has been issued by the Information Commissioner’s Office following a data breach back in 2015 in which there has been a series noted ‘systemic failures’. During this time a shocking 2.4 million customers data was initial reported as having been hacked. It’s said that the hackers may have has access to the customers addresses, names, bank details and dates of birth. The sophisticated cyber-attack in 2015 outraged millions but upon further investigation show that the Carphone Warehouse may have been at fault for not doing enough to protect their customers personal data.
What Is The Data Breach?
The Information Commissioner’s Office have been describing this incident as “a number of distinct and significant inadequacies in the security arrangements… particularly concerning that a number of the inadequacies related to the basic, commonplace measures”. The ICO have also described the incident using the word “striking” stressing the importance of this whole issue. The fine authorised by the Information Commissioner’s Office is one of the largest to ever been issued in their history.
It mirrors the amount that was given to TalkTalk back in 2016 after a hacker then gained access to over 3 million customers personal data as well as one thousand employees data including names, addresses, phone numbers and credit card details. The ICO’s investigation has now uncovered a further eleven other issues with the Carphone Warehouse’s data protection practices and security protocols. This means that regardless of the hacker being involved, the Carphone Warehouse were already at serious risk of breaching data protection laws including the Data Protection Act.
Elizabeth Denham, a spokesperson for the ICO has said the following on the issue “A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” it comes after all of this information is now in the public eye and many are enraged by the extremely little protection Carphone Warehouse offered them and their data. Elizabeth Continues, “Carphone Warehouse should be at the top of its game when it comes to cybersecurity, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”. The Carphone Warehouse are yet to come forward and address the issues or the fine publically, so we await their response.