Britain’s information commissioner's office(ICO) had fined Carphone Warehouse (DC.L) £400,000 after a data breach in 2015 which exposed the exposed the personal data of more than three million customers and 1,000 employees.
The ICO has issued a hefty fine which was equal to the record penalty against TalkTalk, electrical goods, and mobile phone retailer, the broadband company previously owned by Carphone Warehouse, left its systems vulnerable to hacking by not updating the software and another questionable routine testing.
“A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” Information Commissioner Elizabeth Denham said in a statement.
“Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”
According to the ICO, the hackers gained an access to the Carphone Warehouse's website through an out-of-date version of content platform Wordpress.
The compromised personal data included names, addresses, phone numbers, dates of birth, marital status and, their historical payment card details.
The company released a statement: "As the ICO notes in its report, we moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues.
"Since the attack in 2015, we have worked extensively with cybersecurity experts to improve and upgrade our security systems and processes.
"We are very sorry for any distress or inconvenience the incident may have caused."
The ICO has issued a hefty fine which was equal to the record penalty against TalkTalk, electrical goods, and mobile phone retailer, the broadband company previously owned by Carphone Warehouse, left its systems vulnerable to hacking by not updating the software and another questionable routine testing.
“A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” Information Commissioner Elizabeth Denham said in a statement.
“Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”
According to the ICO, the hackers gained an access to the Carphone Warehouse's website through an out-of-date version of content platform Wordpress.
The compromised personal data included names, addresses, phone numbers, dates of birth, marital status and, their historical payment card details.
The company released a statement: "As the ICO notes in its report, we moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues.
"Since the attack in 2015, we have worked extensively with cybersecurity experts to improve and upgrade our security systems and processes.
"We are very sorry for any distress or inconvenience the incident may have caused."