Reading:
What would happen to Carphone Warehouse if their 2015 data protection breach happened after the new GDPR laws come into force?
Share:

What would happen to Carphone Warehouse if their 2015 data protection breach happened after the new GDPR laws come into force?

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Back in 2015, hackers were able to easily access the databases of Carphone Warehouse who had reportedly failed to fix known flaws in their cybersecurity which may have been known about the previous year. As a result of the failure to adequately secure their systems, they were hit with a successful cyberattack.

The final report from the Information Commissioner’s Office (ICO) was issued earlier this year, and Carphone Warehouse were hit with a £400,000 fine – one of the largest fines the ICO has ever issued.

With the new GDPR laws set to come into force in May 2018, wouldn’t it be interesting to see what would happen to Carphone Warehouse if this breach took place after the new data protection rules were in place?

First, let’s remind ourselves about the Carphone Warehouse data protection breach

The details for some 3,348,869 customers were exposed in the Carphone Warehouse breach and over 1,000 employees were also affected.

Information involved in the breach included:

  • Full names
  • Birth dates
  • Marital statuses
  • Current and previous addresses
  • Phone numbers
  • Email addresses

Banking information of over 18,000 customers was also breached. Information that was compromised included:

  • Cardholder names
  • Cardholder addresses
  • Card expiration dates
  • Card numbers

Some employee information was also breached, and this is said to have included vehicle registration numbers and user access credentials in addition to information outlined above.

Systems run by Carphone Warehouse were vulnerable to attack and were exploited between July and August in 2015. Systems were said to be out-of-date, and data was not properly or adequately encrypted.

What if the breach were to happen after the new GDPR law change?

The new General Data Protection Regulation can allow the ICO to impose fines of up to €20 million, or up to 4% of the offending organisation’s annual worldwide turnover for the preceding financial year, whichever is greater.

The £400,000 fine Carphone Warehouse escaped with due to their cyber-attack back in 2015 pales in comparison to the possible £17 million they could have faced if the breach had happened after May 2018.

Organisations who suffer a breach from this July onward, face penalties far, far worse, than what’s happened previously. Now, organisations should be very wary of committing future breaches as it could cost them a lot more money.

Were you affected by the Carphone Warehouse breach?

If you were affected by the Carphone Warehouse cyber-hack, we may be able to help. Please feel free to contact our Data Leak lawyers by calling 0800 634 7575 for help and assistance.

 

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon