UK Fines Dixons Carphone for Massive Breach

2020-01-10 11:03

British regulators have fined Dixons Carphone, a large electronics and phone retailer, &pound500,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware.

In January 2018, the ICO fined it &pound400,000 for a 2015 breach of its Carphone Warehouse subsidiary after an attacker exploited an outdated WordPress installation.

Dixons Carphone argued to the ICO that because most of the stolen card details did not include the cardholder's name, it did not constitute personal data.

The ICO found fault with numerous aspects of how Dixons Carphone had structured its network.

Dixons Carphone "Confirmed that it did not carry out the second action to remove the existing group policy until after the attack, in 2018," the ICO writes in its penalty notice.

News URL

https://www.inforisktoday.com/uk-fines-dixons-carphone-for-massive-breach-a-13595

#breach #dixons #dixonscarphone #UK