Dixons Carphone Receives Maximum Fine for Major Breach
upstart writes in with an IRC submission for Anonymous_Coward:
Dixons Carphone Receives Maximum Fine for Major Breach:
A major UK high street retailer has been fined the maximum amount under the pre-GDPR data protection regime for deficiencies which led to a breach affecting 14 million customers.
Privacy regulator the Information Commissioner's Office (ICO) fined DSG Retail 500,000 under the 1998 Data Protection Act after POS malware was installed on 5390 tills.
The incident affected Currys PC World and Dixons Travel stores between July 2017 and April 2018, allowing hackers to harvest data including customer names, postcodes, email addresses and failed credit checks from internal servers, over a nine-month period.
The "poor security arrangements" highlighted by the ICO included ineffective software patching, the absence of a local firewall, and lack of network segregation and routine security testing.
"Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen," said ICO director of investigations, Steve Eckersley.
[...] Another business in the group, Carphone Warehouse, was fined 400,000 by the ICO in 2018 for similar security issues.
Read more of this story at SoylentNews.