Dixons Carphone is the latest to face a fine for failing to protect customers’ data security. The UK ICO has slapped Dixons Carphone with a fine of £500,000 for a 2018 malware attack and data breach.
In June 2018, the UK retailer disclosed a data breach involving payment cards of the customers. They revealed that compromised payment processing systems of Currys PC World and Dixons Travel stores were exposed to attackers. At that time, they suspected around 1.2 million customers’ non-financial data was identified during the breach.
However, after over a month, Dixons Carphone shared an update of the breach. It then surfaced online that the actual number of customers affected in the incident rose to 10 million. Furthermore, they emphasized that the financial details of the customers remained unaffected.
After continued investigations and a subsequent lawsuit, the firm has faced a hefty fine from the UK Information Commissioner’s Office (ICO) over the breach.
As stated in their post, continued ICO investigations revealed that the breach affected at least 14 million people. While, the incident happened due to a malware attack at 5,390 POS terminals of the retailer, which continued pilfering customers’ data for over nine months.