The Information Commissioner's Office has today hit Carphone Warehouse with a £400K fine after a 2015 hack, which resulted in a major breach of personal data for 3.3 million customers + 1,000 staff and indirectly affected the CPW hosted mobile site for United Kingdom broadband ISP TalkTalk.
The Information Commissioner's Office has, by issuing the large fine to Carphone Warehouse, once again showcased its intent to crack down on firms that hold large amounts of customer data and yet fail to secure their systems from cyber threats.
Andy Norton, director of threat intelligence at Lastline, added: "With a revenue of just over £10bn, Carphone Warehouse could have been fined up to £400m if the ICO had imposed the maximum fine of 4 per cent of revenue under GDPR guidance".
The attack affected more than three million customers and 1,000 employees, with the attackers accessing information such as names, birth dates, addresses and bank details.
"A fine might be significant for Carphone Warehouse, but it doesn't magically provide remediation for those affected by the breach", said Tim Erlin, VP at Tripwire.
The watchdog's investigation found that intruders were able to access the data using valid logjn credentials as a result of the poor security measures, which included an out of date version of the WordPress content management system (CMS).
OnePlus 3 and 3T start receiving OxygenOS 5.0.1 OTA update
LG hasn't published a timeline with the regions that will receive the updated OS, though, but it's bound to be rolled out soon. This comes as a breather for OnePlus 5T owners who had been promised an Oreo update at the time of the product launch.
The records for some Carphone Warehouse employees, including name, phone numbers, postcode and auto registration, were also exposed.
The measures used to identify and destroy historical data were also deemed inadequate.
The ICO considered that the personal data involved would significantly affect individuals' privacy, leaving their data at risk of being misused.
Elizabeth Denham, Information Commissioner, said: "A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks".
Following a detailed investigation, the ICO identified multiple inadequacies in Carphone Warehouse's approach to data security and determined that the company had failed to take adequate steps to protect the personal information.
'It is also a shot across the bow of such companies in the run-up to GDPR.
Moira Donegan Outs Herself As Creator Of 'S**tty Media Men' List
Appreciation for Donegan: HuffPost's Dominique Mosbergen compiled reactions to Donegan's essay from journalists. Donegan also notes that old-school whisper networks "are social alliances, and as such, they're unreliable.
'From 25 May this year, the law is set to get more stringent as the General Data Protection Regulation (GDPR) comes into effect.
Carphone Warehouse said in a statement that it accepts the decision and is "very sorry for any distress or inconvenience" caused.
Since the attack in 2015 we have worked extensively with cyber security experts to improve and upgrade our security systems and processes.
Affected customers and employees were informed at the time.
"That sort of fine would make companies take security - and looking after customer's personal information - more seriously".
It said that as a major "data controller", the Carphone Warehouse should have used systems to comply with "the data protection principles".
At least 25 killed by vehicle bomb in Syria
Some residents blame the Islamic State group for such attacks, although the group has no open presence in the province. It said Syrian air defenses confronted the Israeli attacks, but without giving further details.