NEWS10 January 2020
UK – The Information Commissioner’s Office (ICO) has fined DSG Retail, a subsidiary of Dixons Carphone, £500,000 after a cyber attack on a till system affected around 14 million customers.
An investigation conducted by the regulator found that an attacker installed point-of-sale malware (malicious software) on 5,390 tills at DSG’s Currys PC World and Dixons Travel Stores between July 2017 and April 2018.
The hack was not detected for nine months, allowing the software unauthorised access to information including payment card details used in transactions, personal data including names, postcodes and email addresses, the ICO said, leaving customers vulnerable to financial and identity fraud.
The fine has been issued under the Data Protection Act (DPA) 1998 as the incident occurred before the implementation of the General Data Protection Regulation (GDPR) in 2018.
DSG breached the DPA by having poor security arrangements, such as inadequate software patching, absence of a local firewall, lack of network segregation and routine security tests, the watchdog found.
The monetary penalty, half a million pounds, is the maximum that can be issued under the previous data protection legislation – under the terms of GDPR, the potential fine could have been much higher.
Steve Eckersley, ICO’s director of investigations, said the watchdog found “systemic failures” in DSG’s approach to safeguarding data. He said: “It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen.”
Dixons Carphone chief executive, Alex Baldock, said: “We are very sorry for any inconvenience this historic incident caused to our customers. When we found the unauthorised access to data, we promptly launched an investigation, added extra security measures and contained the incident. We duly notified regulators and the police and communicated with all our customers. We have no confirmed evidence of any customers suffering fraud or financial loss as a result.”
The company said it had upgraded its “detection and response capabilities” and invested in its information security systems and processes, but also disputes some of the ICO’s findings, and said it is considering its grounds for appeal.
The world's leading job site for research and insight
Resources Group
Senior Research Manager – Government & Social clients
£40–50,000 + great benefits
Resources Group
Account Executive – Online Insights Platform
£27–35,000 plus strong bonus
Resources Group
Senior Research Manager – Global Communications Consultancy
£45,000–£50,000 (flex) + Superb benefits
Featured company
-
Town/Country: Bristol
Tel: 020 7138 3041
OnePoll delivers international market research and communication solutions to global brands, ambitious start-ups and news media outlets . Established since 2003, our experts specialise in optimising online research, working with . . .
-
Town/Country: Stockport
Tel: +44 (0)161 477 9195
With extensive operational and project management experience, Data Options offers a friendly and flexible service to market research organisations of all sizes, as overspill capacity for in house services or as a complete . . .
-
Town/Country: London
Tel: +44 (0)20 7490 7888
Kudos Research is the leading provider of premium quality UK and International Telephone Data-Collection. Specialising in hard to reach B2B and Consumer audiences, we achieve excellent response rates and provide robust, actionable, verbatim-rich data. Methodologies include . . .
-
Brought to you by:
©2024 The Market Research Society,
15 Northburgh Street, London EC1V 0JR
Tel: +44 (0)20 7490 4911
info@mrs.org.uk -
© Copyright 2024 Research Live
0 Comments