Currys PC World parent firm hit with £500k fine over historic data breach

Hackers said to have stolen data belonging to 14 million customers over a nine-month period

The parent company of Currys PC World has been fined £500,000 after its point of sale system was breached by hackers, thought to have affected around 14 million customers.

Between July 2017 and April 2018, hackers were able to install malware onto 5,390 computer systems and tills located at Currys PC World and Dixon Travel outlets, both owned by DSG Retail Limited, according to an investigation by the Information Commissioner's Office.

It's believed 5.6 million payment card records used in transactions were accessed as a result, as well as the personal information of 14 million people, including full names, postcodes, email addresses and information related to failed credit checks.

Given that the incident occured prior to the introduction of the General Data Protection Regulation in May 2018, the case fell under the Data Protection Act 1998, which stipulated a maximum fine of £500,000. Under new laws, the retailer would have been subject to potential fines of up to 4% of annual turnover, or £17 million.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The ICO said that DSG Retail, which also owns the Carphone Warehouse brand, was in breach of the 1998 act as it had failed to maintain adequate security measures to protect its data. This included poor patch management, a lack of a local firewall, lack of network segregation and a lack of routine penetration testing.

Carphone Warehouse itself was also fined in January 2018 for similar vulnerabilities, to the tune of £400,000.

"Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data," said Steve Eckersley, director of investigations for the ICO. "It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.

"The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR."

Related Resource

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

The authority added that the theft of such personal data would likely significantly affect individuals' privacy, and therefore met the criteria for the toughest possible sanction under law. It added that customers would likely be vulnerable to financial theft and fraud as a result.

As of March 2019, 3,300 customers had issued complaints to DSG Retail in relation to the breach.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/operating-systems/microsoft-windows/354789/microsoft-pulls-disastrous-windows-10-security-update
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020