Car­phone fined over cy­ber at­tack

Yorkshire Post - Business - - BUSINESS -

THE IN­FOR­MA­TION reg­u­la­tor said yes­ter­day it had fined Car­phone Ware­house £400,000 af­ter a 2015 cy­ber at­tack ex­posed the per­sonal data of more than three mil­lion cus­tomers.

The In­for­ma­tion Com­mis­sioner’s Of­fice (ICO) said the elec­tri­cal goods and mo­bile phone re­tailer, owned by Dixons Car­phone, left its sys­tems vul­ner­a­ble by fail­ing to up­date its soft­ware and carry out rou­tine test­ing.

“A com­pany as large, well-re­sourced and es­tab­lished as Car­phone Ware­house should have been ac­tively as­sess­ing its data se­cu­rity sys­tems, and en­sur­ing sys­tems were ro­bust and not vul­ner­a­ble to such at­tacks,” In­for­ma­tion Com­mis­sioner El­iz­a­beth Den­ham said in a state­ment, adding that the fine was one of the big­gest that the ICO had is­sued.

“Car­phone Ware­house should be at the top of its game when it comes to cy­ber-se­cu­rity and it is con­cern­ing that the sys­temic fail­ures we found re­lated to rudi­men­tary, com­mon­place mea­sures.”

Cy­ber at­tack­ers used valid lo­gin de­tails to ac­cess Car­phone Ware­house’s sys­tem through an out-of­date ver­sion of con­tent plat­form Word­press, the ICO said.

The com­pro­mised per­sonal data in­cluded names, ad­dresses, phone num­bers, dates of birth, mar­i­tal sta­tus and, for more than 18,000 cus­tomers, their his­tor­i­cal pay­ment card de­tails. Records for some em­ploy­ees of the re­tailer were also com­pro­mised.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.