£400,000 fine for Carphone Warehouse after huge data breach

Data breach

Smartphone retailer Carphone Warehouse has been slapped with a £400,000 fine after millions of customer information was accessed in a data breach.

The Information Commissioner’s Office (ICO) issued one of the largest fines seen in recent years due to “multiple inadequacies” in the retailer’s security system, which it argues Carphone Warehouse should have ensured was robust.

The 2015 data breach, in which hackers exploited out-of-date WordPress software, revealed the names, addresses, phone numbers, dates of birth and marital status of three million customers and 1000 employees.

A further 18,000 customers historical card payment details were also accessed, though there is reportedly no evidence this could relate to fraud.

“A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems and ensuring systems were robust and not vulnerable to such attacks,” information commissioner Elizabeth Denham said.

“Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

Carphone Warehouse responded to the fine with a statement.

“As the ICO notes in its report, we moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues,” the retailer said.

“The ICO noted that there was no evidence of any individual data having been used by third parties.

“Since the attack in 2015 we have worked extensively with cyber security experts to improve and upgrade our security systems and processes.

“We are very sorry for any distress or inconvenience the incident may have caused.”

Click here to sign up to Retail Gazette’s free daily email newsletter


  1. The ICO are certainly ramping up the pressure on companies that fail to protect customer data or persist in outlandish spamming.

    Fines have increased by 58% in the past year and January was a record month for fines.

    The ICO name and shame all the guilty companies on their website but they don’t categories the fines or offer any further trend analysis.

    My company, The SMS Works, has trawled through all this fines data and it certainly throws up some interesting and sometimes puzzling findings.

    For example, the fines for email spam are on average, just half of those for SMS spam.

    You might find it intriguing reading.



Please enter your comment!
Please enter your name here