The UK Information Commissioner’s Office (ICO) fined DSG Retail Limited £500,000 following a malware attack that affected millions of the retailer’s customers.As the result of an investigation, the ICO learned that the DSG Retail Limited had suffered a security incident in which an attacker installed malware on 5,390 tills at Currys PC World and Dixons Travel stores.The malware collected customers’ information including their full names, email addresses and failed credit checks from internal servers between July 2017 and April 2018.At the end of its investigation, the ICO determined that DSG Retail Limited had breached the Data Protection Act of 1998 by having not implemented proper security measures including software patching, network segmentation and routine security testing.Steve Eckersley, ICO’s Director of Investigations, explained that these failures amounted to “a complete disregard for the customers whose personal information was stolen.”Retailer fined £500,000 for failing to secure information of at least 14 million people: https://t.co/4TBVEivnw3 pic.twitter.com/t7qz3AayjR— ICO (@ICOnews) January 10, 2020
He therefore said it was necessary to impose the maximum monetary punishment under the Data Protection Act of 1998, noting that the fine would have been much higher under GDPR.As Eckersley observed in a statement posted on the ICO’s website:Such careless loss of data is likely to have caused distress to many people since the data breach left them exposed to increased risk of fraud. We recogniz ..
Support the originator by clicking the read the rest link below.
