Carphone Warehouse latest company fined due to data breach

data breach

Following a data breach Carphone Warehouse has been fined £400,000 by the Information Commissioner’s Office (ICO).

The company suffered the data breach in 2015 and the ICO uncovered “systemic failures” and described their security arrangements as being “striking” and their basic measures as “inadequate.”

A hacker was able to access the personal data of more than three million customers, which included credit card details, names, addresses and phone numbers. 1,000 employees were also impacted by the data breach.

The £400,000 fine is one of the highest the ICO has ever issued, indicating the severity of the failings.

Those failures will sound familiar to anyone who has followed previous data breaches. Out of date software, in this case last updated in 2009, years before the attack, lax controls over login details to systems, blasé attitudes to passwords and the storing of data in places it didn’t need to be.

The breach may have occurred in 2015 but 2017 saw the WannaCry ransomware attack that was able to cripple the NHS due to its out of date software, as well as examples of careless attitudes towards cyber security and passwords amongst MPs (who were happy to discuss these attitudes openly on Twitter). Hopefully with the high profile nature of data breaches like this, organisations will start taking cyber security more seriously going forward.


Despite the high fine, Carphone Warehouse may feel they have got off lightly. In May 2018, the new set of tough data protection rules known as the General Data Protection Regulation, aka GDPR, will come into effect. This regulation covers all companies that handle data belonging to EU citizens, including those in the UK and those that break the rules will be punished with a major fine. GDPR will affect UK companies even after Brexit.

You can read more about this story below:


Carphone Warehouse fined for failures that led to breach of 3m customers’ data

Carphone Warehouse has been fined £400,000 by the Information Commissioner’s Office for a series of “systemic failures” uncovered following a data breach in 2015. The ICO described the “number of distinct and significant inadequacies in the security arrangements” of Carphone Warehouse as “striking”, and said that it was ” particularly concerning that a number of the inadequacies related to basic, commonplace measures”.

How Cyber Essentials Can Help

The first step to keeping your organisation safe from potential future cyber attacks is to be certified with the Government’s Cyber Essentials scheme. Certification will protect your organisation from 80% of common cyber threats. It is also a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.

You can learn more about Cyber Essentials by downloading our free Cyber Essentials Scheme Summary or by downloading a sample of the Self-Assessment Questionnaire you will be required to complete to become Cyber Essentials certified.

Click here to get started with Cyber Essentials.

Free Tender Search

Recent Posts


Who are we?

From publishing the first national directory of public sector contracts, to being the first to market with our online Tracker solution, we have been the true pioneers of technology and innovation in the public sector marketplace. Throughout our 39 years, we have continued to evolve and chart new territory – placing our customers at the heart of everything we do. Take your business to the next level with Tracker now.

If you request a demo today!

Download your Free UK Defence Industry Report

Download your Free UK Defence Industry Report

When you sign up for a 3 day free trial or demo.

Limited time only

Start Your Free Trial Today

Download your Free UK Defence Industry Report

Download your Free UK Defence Industry Report

When you sign up for a 3 day free trial or demo.

Limited time only

    BiP Solutions owns DCI and we look after your details carefully. We offer a range of products, services and events (some of which are free) that help buyers tender more efficiently and suppliers find, bid for and win public and private sector contracts. Only tick this box if you wish to receive information about these. We will never share your details with third parties and you will have the opportunity of opting out of communications every time we contact you. For further details, please see our Privacy Policy