Dixons Carphone Group has been fined £500,000 by the Information Commissioner’s Office following data breaches at its subsidiary DSG Retail Ltd. Hackers had accessed names, postcodes, email addresses and failed credit checks, together with the details for 5.6 million payment cards which had been used at the retailer’s stores from July 2017 until April 2018. It is understood that the data was gathered after malware was installed by hackers on over 5000 unprotected tills in Currys PC World and Dixons Travel stores. Data security for 14 million consumers is believed to have been compromised in the scandal.
Alex Baldock, CEO of the retail group said in a statement: “We are very sorry. We have no confirmed evidence of customers suffering fraud or financial loss as a result.”
Whereas Steve Eckersley, director of investigations at ICO said: “Such careless loss of data is likely to have caused distress to many people since the data breach left exposed to increased risk of fraud. We recognise that cyber attacks are becoming more frequent, but organisations have responsibilities under the law to take serious security steps to protect systems, and most importantly, people’s personal data.”