GDPR fine for DSG Retail Ltd
The company DSG Retail Limited sells electronic products like computers, household appliances and communication devices on the UK market. An attacker installed malware on 5390 tills between July 2017 and April 2018. In these nine months, 5.6 million payment card details and personal information of 14 million people were illegally collected. This information leaves the victims vulnerable to financial theft and identity fraud.
The company had to pay a GDPR fine of 500.000 pounds (587240€) for it’s lacking cybersecurity. In addition to missing security patches and the absence of a local firewall, the company did not segregate its network or conduct routine security testing.
The GDPR requires companies to take appropriate steps to protect the personal data that they process. A failure to do so can cost companies dearly.
Sources: ICO, Company Profile DSG Retail
Decision data:
09.01.2020
Country:
United Kingdom
Type of Issue:
Theft of Data
Number of involved data records:
14 million
Special category of data involved:
No
Fine:
€ 587,240,-
Violation of GDPR Paragraph:
32. Security of processing
Reference: