GDPR fine for DSG Retail Ltd

GDPR fine for DSG Retail Ltd

The company DSG Retail Limited sells electronic products like computers, household appliances and communication devices on the UK market. An attacker installed malware on 5390 tills between July 2017 and April 2018. In these nine months, 5.6 million payment card details and personal information of 14 million people were illegally collected. This information leaves the victims vulnerable to financial theft and identity fraud.

The company had to pay a GDPR fine of 500.000 pounds (587240€) for it’s lacking cybersecurity. In addition to missing security patches and the absence of a local firewall, the company did not segregate its network or conduct routine security testing.

The GDPR requires companies to take appropriate steps to protect the personal data that they process. A failure to do so can cost companies dearly.

Sources: ICO, Company Profile DSG Retail

Decision data:
09.01.2020

Country:
United Kingdom

Type of Issue:
Theft of Data

Number of involved data records:
14 million

Special category of data involved:
No

Fine:
€ 587,240,-

Reference: