Carphone Warehouse fined £400k over major cyber attack

Published on: 1 Feb 2018

Carphone Warehouse has been hit with one of the heftiest fines ever issued by the Information Commissioner’s Office (ICO).

The £400,000 fine stems from a cyber attack in 2015 that provided hackers access to the personal data of over three million customers and 1,000 employees.

Details such as names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, historical payment card details were all obtained.

Information commissioner Elizabeth Denham slammed Carphone Warehouse for failing to ensure its systems were robust and not vulnerable to such attacks.

“A company as large, well-resourced, and established as Carphone Warehouse should be at the top of its game when it comes to cyber security,” she commented.

“It is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

A detailed investigation by the ICO identified multiple inadequacies in Carphone Warehouse’s approach to data security and determined that the company had failed to take adequate steps to protect the personal information.

Using valid login credentials, intruders were able to access the system via an out-of-date WordPress software.