Dixons Carphone, which became a victim of a cyber attack in between 2017-2018, has been fined an amount of £500,000 by the International Commissioner’s Office (ICO). Officials from the ICO said that the penalty was imposed as the electrical and telecom retailer failed to impose certain Cybersecurity measures which in-turn allowed hackers to install malware that collected personal data of more than 14 million people.
Highly placed sources say that the hacker succeeded in inducing the malware on the servers of Curry’s PC World and Dixons Travel Stores which lead to the data breach.
ICO published a report on Thursday on this issue and stated that a figure of 5.6 million payment card details could have been compromised in the cyberattack affecting 14 million people. It is suspected that the cyber crooks might have accessed details such as full name, postal code, email addresses and failed credit card details in the cyber incident.
Steve Eckersley, the director of investigations, ICO specified in the statement that the company failed to follow a systemic procedure when it came to data protection and so will have to bear the consequences. Mr. Steve added that the contraventions in the case were so severe that the data watchdog had to impose a maximum penalty to deliver its tone over data protection laws before enforcement of GDPR rules of May’18.
Had the penalty imposed before the 2018 legislation; the sentence would have been harsh and could have reached around £400m.
ICO pronounced the penalty based on the 158 legal complaints filed against Dixons Carphone in between June and Nov’18.
When the cyber attack was acknowledged by Alex Baldock, the Chief Executive of Dixons Carphone in June’18, the leader of the company issued a public apology and added that there was no confirmed evidence that the accessed details by the hackers have led to financial fraud.
Currently, Baldock says that his company was reviewing the penalty and will react to the issue after discussing it with the legal expert’s panel of the company.