UK PHONE FLOGGER Carphone Warehouse has been slapped with a £400,000 fine following a 2015 hack that exposed the data of more than three million customers and 1,000 staffers.
The fine comes courtesy of the Information Commissioner's Office (ICO), naturally, which has ruled that the company failed to adequately secure its systems, enabling intruders to easily access personal data.
While Carphone Warehouse at the time claimed that it takes "the security of customer data extremely seriously", the high-profile data breach saw hackers make off with customer data, including names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, payment card details.
The records for some Carphone Warehouse employees, including name, phone numbers, postcode, and car registration numbers were also accessed.
The ICO has been probing the incident for more than two years, and this week concluded that Carphone Warehouse had "failed to take adequate steps to protect the personal information".
Intruders were able to access the company's systems via out-of-date WordPress software using valid log-in details, which the ICO says "exposed inadequacies in the organisation's technical security measures". For example, elements of the software in use on the systems affected were out of date and the company failed to carry out routine security testing.
There were also inadequate measures in place to identify and purge historic data, which the ICO claims to be "a serious contravention" of Principle 7 of the Data Protection Act 1998.
Information Commissioner Elizabeth Denham said: "A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.
"Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures."
However, Denham also acknowledges that while Carphone's lax security measures were to blame for the data breach, there has been no evidence that the data loss has resulted in identity theft or fraud.
Carphone Warehouse, which tells us that it'll only have to hand over £320,000 due to early payment, said in a statement sent to INQ: "We accept today's decision by the ICO and have co-operated fully throughout its investigation into the illegal cyberattack on a specific system within one of Carphone Warehouse's UK divisions in 2015.
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither