Carphone Warehouse Data Breach Part 2 – Just When You Thought It Was Safe To Go Back In The Water

3 August, 2018

It has been revealed that last year’s cyber attack on Carphone Warehouse affected a massive 10 million customers, up from the original estimate of 1.2 million.

The data breach, which prompted a record equalling fine from the Information Commissioner’s Office (ICO) of £400,000, revealed vast quantities of customers’ personal data including, names, addresses, email addresses and card details.

Breach Management

The recent revelation is a reminder of the importance of cyber security and the need for effective policies and procedures to be in place. It also emphasises how the severity of a data breach can be difficult to quantify and exposes the challenges in effectively managing a security breach.

These latest revelations highlight how damaging a breach can be to a business’ reputation in the long term. Due to the time it has taken to identify the extent of the security failure, even more customers will be uncertain as to the safety of their personal data and may lose trust in the company. Carphone Warehouse’s share price has never recovered from the data breach.

One of the lessons to be learnt from this case – aside from the importance of data security – is how to effectively manage a data breach in order to limit damage to reputation. Carphone Warehouse failed to report breaches accurately and swiftly as well as failing to provide guidance to affected individuals.

The Bright Side

The silver lining for Carphone Warehouse is that the initial breach took place prior to the implementation of GDPR, limiting the maximum fine possible to £500,000. For those businesses that face a data breach in the future, the financial and reputational damage could be far more severe.

For more information on data protection, please contact Elliot Fry at or on +44 (0)1732 224 034

For updates from us and the latest Tech news follow us on Twitter @CrippsTechLaw