, ,

Can you make a data breach claim against the Carphone Warehouse?

data breach solicitors

Earlier this year, the Carphone Warehouse was fined a whopping £400,000 following a cyber-attack. The assault on the company’s computer systems compromised customer and employee data and uncovered severe failures in Carphone Warehouse’s data security systems.

The data protection breach put the personal data of over three million customers and 1,000 employees at risk. Including the historical payment card details for some 18,000 customers.

The £400,000 fine is one of the biggest ever handed out by the Information Commissioner’s Office (ICO).

Data breaches often have severe consequences for those affected. So, customers and employees of the Carphone Warehouse should now be looking to claim compensation.

What happened in the Carphone Warehouse data breach case?

In 2015, a Carphone Warehouse computer system fell victim to a cyber-attack. The data breach affected the company’s online division which operated the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites.

The attack took place after the assailant made a scan of the system using a commonplace penetration tool. The tool looked for things such as outdated software and other vulnerabilities. Uncovering that such weaknesses did exist with a WordPress website, the scammer exploited this to access the system, and the customer and employee data.

While Carphone Warehouse did have processes in place to monitor cyber threats, staff were not alerted to the attack until 15 days after the system was first compromised. This timelapse further highlighted the lack of adequate security measures in place at the company. In fact, according to the ICO, the “number of distinct and significant inadequacies in the security arrangements for the System is striking”.

What was the result of the investigation?

In its judgement, the ICO found that the Carphone Warehouse data breach significantly affected the privacy of those involved. It also said that if the data was misused, it was likely to cause substantial damage or distress.

“The real victims are customers and employees whose information was open to abuse by the malicious actions of the intruder.

“The law says it is the company’s responsibility to protect customer and employee personal information.

“Outsiders should not be getting to such systems in the first place. Having an effective layered security system will help to mitigate any attack – systems can’t be exploited if intruders can’t get in.

“There will always be attempts to breach organisations’ systems and cyber-attacks are becoming more frequent as adversaries become more determined.

“But companies and public bodies need to take serious steps to protect systems, and most importantly, customers and employees”.

In failing to do this, the ICO found that the severity of the Carphone Warehouse data breach merited a £400,000 fine.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.



1 reply

Trackbacks & Pingbacks

  1. […] Find out more about the Carphone Warehouse breach here. […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply