The Information Commissioner's Office (ICO) has ordered the company to pay after hackers gained access to the personal data of 3m customers and 1,000 employees.
Information Commissioner Elizabeth Denham said it was "concerning" that the retailer had not been tight enough on security.
“A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks," she said.
“Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”
The hack affected websites including OneStopPhoneShop.com and Mobiles.co.uk, which are part of Carphone Warehouse's online business.
The hackers were able to access the system through out-of-date WordPress software.
But the ICO recognised that there was no evidence any identity theft or fraud had taken place as a result of the hack.
Shares in Dixons Carphone were down about 0.6 per cent today, though the company also announced this morning that its CFO is departing for Marks and Spencer.