ICO fines Dixons Carphone £500,000 for data breach

ICO fines Dixons Carphone £500,000 for data breach

A British watchdog has fined DSG, a unit of retailer Dixons Carphone, half a million pounds for systemic failures in the management of personal data which left it open to a cyber attack affecting more than 14 million people.

Britain’s Information Commissioner’s Office (ICO) said in a statement https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/01/nationwide-retailer-fined-half-a-million-pounds-for-failing-to-secure-information on Thursday that its investigation found that an attacker installed malware on 5,390 cash registers at Dixons Travel stores and DSG’s Currys PC World between July 2017 and April 2018, collecting personal data.

The company’s failure to secure its systems allowed unauthorised access to 5.6 million payment card details used in transactions and the personal data of roughly 14 million people.

The information included full names, postcodes, email addresses and failed credit checks from internal servers.

In July 2018, the London-based company bumped up the estimate of records that may have been accessed to about 10 million from an earlier estimate of 1.2 million in the 2017 cyber attack.

Dixons Carphone Chief Executive Alex Baldock expressed his remorse over the incident, adding that the company has upgraded its detection and response capabilities ever since.

Separately, the company called some of the ICO’s key findings disappointing and said it was studying the conclusions in detail and considering its grounds for appeal.

The fine comes just a year after the ICO imposed a 400,000 pounds fine on Carphone Warehouse, another segment of Dixons Carphone, for similar security vulnerabilities.


The data incident, which had weighed on Dixon Carphone shares when it was revealed in 2018, was the second in three years for the company.

The ICO said DSG breached Data Protection rules by having poor security arrangements and failing to take adequate steps to protect personal data, which included vulnerabilities such as the absence of a local firewall.

Dixons Carphone, which traces its roots back to 1937, is listed on the UK midcap index and has a 26% market share in the electricals market with over 1,100 stores in the UK and Ireland as per its 2018 annual report.

“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen,” ICO’s Director of Investigations Steve Eckersley said.

Contraventions were so serious that the ICO imposed the maximum penalty, he said, adding the fine would have been much higher under new regulations.

Reuters UK Business, 09 Jan 2020

Reporting by Indranil Sarkar and Muvija M in Bengaluru, additional reporting by Safia Infant.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]