"DSG fell victim to a major cyber attack during a nine-month period in 2017 and 2018. The incident saw cyber criminals install malware on the firm's point-of-sale (PoS) devices that was used to steal personal data including the credit and debit card details of millions of customers, and in a small number of cases their names, postcodes and contact details."
"In January 2020 the ICO levied a £500,000 fine on DSG under the Data Protection Act of 1998 (DPA) after its investigation found the retailer had failed to patch software systems, install firewalls, segregate its networks, conduct routine security testing, or protect personal data. The fine was lower than that mandated under the General Data Protection Regulation (GDPR) because the breach took place before it came into effect."
The Court of Appeal ruled in favour of the Information Commissioner's Office, upholding regulatory findings about data protection responsibilities following the 2017–2018 PoS malware attack on DSG Retail (now Currys Group Ltd). Cyber criminals installed malware on point-of-sale devices and stole credit and debit card details of millions of customers, with names, postcodes and contact details exposed in a small number of cases. The ICO issued a £500,000 fine under the Data Protection Act 1998 after finding failures to patch systems, install firewalls, segregate networks, conduct security testing, and protect personal data. DSG argued that EMV-protected data was not personal data and that DPP7 did not apply.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]