Maximum fine under old legislation

Dixons Carphone company logo

9 January 2020

Dixons Carphone, the group that owns the brands including PC World and Carphone Warehouse, has been fined £500,000; the maximum possible under the old Data Protection Act, 1998.

The data breach was discovered in summer 2019 and involved the installation of malware on over 5,000 tills in branches of Currys PC World and the Dixons Travel chains. The breach of personal data security affected at least 14 million customers of the chain.

Under the new GDPR legislation, introduced on 25 May 2018, the maximum fine could have been up to 4% of the Group's global turnover and therefore far higher than £500,000.  Recent fines of over £100m have been levied on British Airways and the Marriot Hotel Group.

According to the ICO decision notice, the breach occurred was made possible due to:

Also Dixons had not acted on an information security consultancy report in May 2017 that highlighted some of these issues.

 Copyright © Exigia Ltd., All rights reserved