ICO confirms it is investigating retailer for cyber attack that saw banking details of up to 2.4 million customers stolen
The Information Commissioners Office could hit Carphone Warehouse with a fine of up to £500,000 for a data breach that saw up to 2.4 million customer records stolen.
The ICO confirmed it is making enquiries about the incident, which saw cyber criminals attack the retailer’s back office on Wednesday (August 5).
Dixons Carphone, the JV parent of Carphone Warehouse, confirmed that details including customers addresses, bank details, dates of birth are feared to have been stolen.
The ICO can levy a maximum fine of £500,000 for companies who have breached strict data protection laws. The National Fraud Intelligence Bureau is also offering advice to customers about the breach.
An ICO spokesperson said: “We have been made aware of this incident at the Carphone Warehouse and are making enquiries. Anytime personal data is lost there can be a risk of identity theft.
“There are measures you can take to guard against identity theft, for instance being vigilant around items on your credit card statements or checking your credit ratings. There are more tips and information on our website.”
Details including customers addresses, bank details, dates of birth feared to have been stolen. Up to 90,000 of its customers’ credit card details may also have been stolen during the attack.
Carphone has confirmed only customers who connected through the retailers ecommerce brands; e2save, OneStopPhoneShop and Mobiles.co.uk are affected. All affected customers have now been contacted by Carphone Warehouse via email.
In 2013, the ICO issued its biggest ever fine of £250,000 to Sony after its Playstation Network platform, which contained the private information of millions of customers, was hacked in to.
In February, holiday insurance company Staysure.co.uk was fined £175,000 after cyber attackers gained access to more than 100,00 customer records.