ICO fines Carphone Warehouse

The U.K. Information Commissioner’s Office has fined Carphone Warehouse 400,000 GBP after a security vulnerability left one of its computer systems compromised in a 2015 cyberattack. In one of the ICO’s largest fines issued to date, Information Commissioner Elizabeth Denham said,

A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.”

The investigation revealed attackers gained access via an outdated WordPress software login, leading Denham to call the systemic failures “rudimentary, commonplace measures.”