Carphone Warehouse fined £400,000 over 2015 data breach

Alys Key
Follow Alys
Carphone Warehouse And Dixons Agree £3.8bn Merger
As many as 3m customers were compromised by the data breach (Source: Getty)

Carphone Warehouse, part of FTSE 100 Dixons Carphone, has been fined £400,000 over a data breach in 2015.

The Information Commissioner's Office (ICO) has ordered the company to pay after hackers gained access to the personal data of 3m customers and 1,000 employees.

Information Commissioner Elizabeth Denham said it was "concerning" that the retailer had not been tight enough on security.

Read more: Millions potentially lost after a bitcoin mining marketplace was hacked

“A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks," she said.

“Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

The hack affected websites including and, which are part of Carphone Warehouse's online business.

The hackers were able to access the system through out-of-date WordPress software.

But the ICO recognised that there was no evidence any identity theft or fraud had taken place as a result of the hack.

Shares in Dixons Carphone were down about 0.6 per cent today, though the company also announced this morning that its CFO is departing for Marks and Spencer.

Related articles