Carphone Warehouse fined £400,000 for Cyber Attack!

British Mobile Phone Retailer Carphone Warehouse has been fined £400,000 by the UK’s Information Commissioner’s Office(ICO) due to a data breach in 2015. Sources reporting to Cybersecurity Insiders say that hackers gained unauthorized access to the database of the retailer leaking personal data of more than 3 million customers and 1,000 employees during an attack.

As the retailer has accepted the findings of ICO as true, it has been asked to pay a fine of the above-said amount by the British Watchdog.

Carphone Warehouse’s online division, which operated the,, TalkTalk division and websites has apologized for all the distress it may have caused to its customers during and after the data breach.

A report published in BBC states that the compromised data includes names, phone numbers, date of births, marital status of more than 180,000 customers and their historical payment details. Also, the records of more than 1K Carphone Warehouse employees was accessed by the hackers through an outdated WordPress software. This includes their names, date of births, car registration numbers, postal codes and their employment IDs.

Going further into the details, the actual fine imposed by the British ICO is expected to be around £420,000. But if the penalty is paid less than a month after being issued, a discount of 20% will be available.

Note 1- The attack took place when cyber crooks entered the database via an out of date WordPress installation, uploaded “web shells” which were actually intended for basic file management and database functionality over the contents of the system. As soon as the attackers were able to locate credentials in plaintext( which were actually intended to be in encrypted format) they started to search the local database for information and accessed all the info available to them at that time.

Note 2- Founded in 1989, Carphone Warehouse operates over 2400 stores across Europe. The company has so far sponsored world-renowned TV shows such as  ‘The X Factor’ in 2007, Big Brother from 2004-2007, and 2011 Appys Awards.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display