By Legal Futures’ Associates Hayes Connor Solicitors
It was announced in January 2020 that the Information Commissioner’s Office (ICO) would be fining high street retailer Dixons Carphone the maximum pre GDPR data breach fine of £500,000.
The ICO’s investigation of the breach, which occurred as a result of hackers successfully installing malware on 5,390 Dixons Carphone cash registers, found multiple failings. The extensive list included significantly outdated security software, inadequate payment card protection and failing to follow its own software patching policy.
Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: “The ICO’s findings revealed failure after failure by Dixons Carphone to properly protect its customers’ confidential data.
“At a time when the struggling high street is rarely out of the headlines with long established brands such as Debenhams, Maplin and Toys R Us falling into administration, consumer trust in retailers is arguably at a long time low.
“High street giants cannot afford to undermine this further when customers can simply spend their money with competitor brands. The substantial data protection failures exposed by the ICO at Dixons Carphone indicates a lack of strategic focus and investment in ensuring that robust security measures are implemented to eradicate any security vulnerabilities.
“This sends a poor message to customers that Dixons Carphone does not consider protecting its customers from potential fraud as a priority.”
Hayes Connor will be launching a group action against Dixons Carphone following the breach which has reportedly affected more than 14 million customers. For more information click here.