Carphone Warehouse fined £400000 for security breach

Carphone Warehouse

Carphone Warehouse fined £400000 for security breach

The fine is one of the largest ever issued by the ICO.

"Using valid login credentials, intruders were able to access the system via an out-of-date WordPress software", the ICO states.

Following large-scale data breaches suffered by the likes of Carphone Warehouse and TalkTalk, a survey of United Kingdom consumers by the Institute of Customer Service revealed widespread public support for erring firms to be fined extensively by authorities.

The ICO said it found "multiple inadequacies" in Carphone Warehouse's data security practices and that the company had "failed to take adequate steps" to protect customer information, neglecting to update important software and not carrying out routine security checks. At the time TalkTalk acknowledged that the site had been "subject to a sophisticated and co-ordinated cyber attack, along with a number of other similar websites" and warned that "some of our mobile customers' data may have been accessed by the criminals".

Jedi Mind Trick? Nissan Develops Brain-to-Vehicle Control
Nissan will be offering limited demonstrations of the tech at CES 2018 , which kicks off this weekend. It claims this development will redefine how people interact with their cars in the future.

The data breach left the personal data of more than 3m customers vulnerable - with compromised data including names, addresses, phone numbers, dates of birth, and marital status.

There were also inadequate measures in place to identify and purge historic data, which the ICO claims to be "a serious contravention" of Principle 7 of the Data Protection Act 1998. Carphone Warehouse and the ICO have found no evidence of fraud or identity theft from the data breach.

In order to ensure that firms will fewer resources to invest on cyber security are able to comply with the upcoming data protection law, the ICO launched a new helpline previous year exclusively for small and medium businesses.

And with regards to infrastructure, firms have to ensure that they are using data protection hardware that provides "sufficient guarantees in respect to technical and organisational security".

Sweden warns against cutting United States aid to Palestinian refugee agency
A Palestinian man stands next to a cart carrying a flour sack distributed by UNRWA in Khan Younis refugee camp in the southern Gaza Strip.

The data watchdog said there were a "number of distinct and significant inadequacies in the security arrangements" of Carphone Warehouse, and said it was "particularly concerning that a number of the inadequacies related to basic, commonplace measures".

A statement from the Carphone Warehouse said: "As the ICO notes in its report, we moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues".

According to the Information Commissioner Elizabeth Denham, what is concerning is that the failures they found related to rudimentary and commonplace measures.

The law says it is the company's responsibility to protect customer and employee personal information.

Ibuprofen Use Linked to Compensated Hypogonadism in Males
Taking a common painkiller can disrupt men's hormones and cause a disorder associated with impaired fertility, CNN reports . Based on the results, researchers don't recommend taking ibuprofen for longer than the 10 days it says on the packet.

"It shows how highly companies should value the sanctity of their data in an age of massive breaches, especially in the case of a large trusted brand with a big customer database", she said. Whilst it is a relatively large headline figure, it is a fraction of what is possible under the new legislation which comes into force on May 25, ' said Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies.

Latest News