Forbury People Limited


Dixons Carphone admits major data breach

14 June 2018

Dixons Carphone’s review of data and its systems disclosed massive unauthorised access to 5.9 million customer cards and 1.2 million personal records. The incident gathers attention after both GDPR and Data Protection Act 2018 (‘DPA 2018’) came into force on 25 May 2018.

Hacking began July last year and gave access to some 105,000 non-EU payments cards without chip and pin protection. Fortunately for Dixons Carphone, the breach occurred before the GDPR came into force and so it faces a maximum fine of £500,000 under old legislation.

New data provisions under the GDPR impose tougher penalties on organisations for failures to protect their customers personal data, including a fine of up to €20M (£17.6) or 4% of the organisation’s global turnover. The provisions are incorporated into DPA 2018 to ensure national application when the UK exits the EU.

In view of these changes, National Cyber Security Centre has recently stated it is no longer the case where firms can just shut the door to cyber-attacks. Rather they should lock the doors and check them later. Employers and organisations should now take greater steps towards the security of their customers personal information.

Pavles Theodoulou

HR Consultant
Forbury People

T: 0118 953 3929


Receive the Forbury People newsletter
Sign Up

© 2018 - Forbury People Limited Privacy & Cookies Policy

Forbury People Limited is a limited liability company registered in England and Wales. Registered number: 6251169. Registered office: 5th Floor, Thames Tower, Station Road, Reading, RG1 1LX. VAT registration number: 921 6822 30.