A 2015 hack at Carphone Warehouse had compromised the personal information of more than 3 million people.
On Wednesday, Britain’s information regulator disclosed that it has imposed a fine of $539,400 (400,000 pounds) on Carphone Warehouse following the 2015 cyber attack which exposed the private data of more than 3 million of its customers.
As per Britain’s Information Commissioner’s Office (ICO), the firm owned by Dixons Carphone had left its systems wide open to cyber attacks by failing to update its software and carry out routine testing.
“A company as large, well-resourced and established as Carphone Warehouse should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” said Elizabeth Denham, Britain’s Information Commissioner, in a statement.
The fine is one of the largest that the ICO had ever issued.
“Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures,” said Denham.
The ICO stated attackers had used valid login credentials to access Carphone Warehouse’s system through an out-of-date version of WordPress.
As a result more than 3 million of its customers were affected since the hackers were able to compromise personal information, including, names phone numbers, addresses, date of birth, marital status and their historical payment card details.
Following an investigation the ICO found that there was, as yet, no evidence of identity theft as a result of the attack.
Carphone Warehouse’s spokesman said the firm had cooperated fully with ICO and had accepted the its decision.
“We moved quickly at the time to secure our systems, to put in place additional security measures and to inform the ICO and potentially affected customers and colleagues,” said the spokesman. “Since the attack in 2015 we have worked extensively with cyber security experts to improve and upgrade our security systems and processes.”