ICO Slaps Fine on Currys PC World for Data Breach

Monday, January 13, 2020 - 15:23 by David Aiken

A breach in which the personal details of millions of customers were compromised has landed Currys PC world in trouble with the Information Commissioner’s Office.

This incident took place between 2017 and 2018, with in-store hardware being used as a gateway by hackers to collect customer data over a period of several months.

Thousands of POS machines were loaded with malicious software in order to execute this attack, with ICO investigators revealing that 5.6 million transactions had been compromised as a result, according to Internet Retailing.

Currys PC World, which is part of the Dixons Carphone group, will now have to pay half a million pound in fines after the regulator ruled that it was in breach of data protection rules and that it had failed to put adequate measures in place to prevent customers from falling victim to fraud.

What is most interesting about this incident is that the ICO has since said that this fine is comparatively small compared with the penalty it could now levy against businesses in the UK thanks to the rollout of the General Data Protection Regulation last year.

This suggests that firms have a much bigger incentive to take action to protect customers today than they did in the past, making sure that they can carry out safe shopping online while also taking into account their in-store transactions.

Many people would not have realised that because of the way that modern checkout systems work in high street settings, it is possible for hackers to steal information through malware in this context. Tills being connected to the internet is clearly convenient in many ways, but the potential for cyber-breaches that this also creates is not something that retailers can afford to ignore going forwards.