Carphone Warehouse has been hit with a £400,000 fine following a major data breach that left open the details of three million of its customers.
The fine, one of the biggest ever issued against a British firm by the Information Commissioners Office (ICO), concerns a data breach in 2015 where hackers were able to gain access into the company's central databases.
The affected data included customer names and addresses, phone numbers, dates of birth, and marital status, as well as the payment card details of more than 18,000 customers.
In a statement detailing the fine, the ICO said that Carphone Warehouse was to blame for the breach, having not sufficiently updated its software or carried out enough testing.
“A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” Information Commissioner Elizabeth Denham said.
“Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”
“We moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues,” a spokesman for Carphone Warehouse said.
“Since the attack in 2015 we have worked extensively with cyber security experts to improve and upgrade our security systems and processes.”
The spokesman added that the company had co-operated fully with the investigation and accepted the ICO’s decision.