ICO fines Dixons Carphone £500,000 for data breach


The ICO has fined DSG Retail Limited £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people. An ICO investigation found that an attacker installed malware on 5,390 tills at Currys, PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected. The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers. DSG was found to have poor security arrangements and failed to take adequate steps to protect personal data. This included vulnerabilities such as inadequate software patching, absence of a local firewall, and lack of network segregation and routine security testing. The ICO fined Carphone Warehouse £400,00 in January 2018 for similar security vulnerabilities. A copy of the penalty notice can be found here.


Contact Us






Sintons LLP would like to contact you about the services that we have to offer. We would like to keep you informed of any important legal updates that may affect you, your organisation or business, such as our newsletters, legal bulletins and details of relevant training courses or other events you may be interested in attending.

Please confirm that you are happy for Sintons LLP to contact you by:



For further details on how your data is used and stored click here to see our Privacy Policy.

You can always change your mind by unsubscribing here.

We will only use your information to handle your enquiry and won’t share it with any third parties without your permission.