Dixons Carphone has said a huge data breach that took place last year involved 10 million customers, up from its original estimate of 1.2 million. Personal information, names, addresses and email addresses may have been accessed last year.
This incident, which exposed the sensitive information of 10 million Dixons Carphone customers, is just one of 1,750 data breaches that were reported in June following the EU General Data Protection Regulation in May.
Having previously only thought to affect 1 million customers, the company have shown a large degree of irresponsibility, as all of their customers had a right to know the scope of the incident. But the issue here goes way beyond corporate irresponsibility.
This particular breach occurred one month after GDPR, yet they have stated that they are only just updating their cybersecurity processes as a result of the breach.
It is concerning for any company, let alone a FTSE 250 company like Dixons Carphone, to begin the development of their security protocols now. This process should have happened well before May. No exec wants to go to the board and admit such a data breach.
A company the size of Dixons Carphone should have had greater oversight over their own cybersecurity pitfalls, and must have acted to strengthen them, whether GDPR was incoming or not.
Effective cybersecurity solutions must be built into the DNA of any business’s framework. This is a very sharp reminder to any organization choosing to ignore customer data protection in the wake of GDPR, and to not integrate secure methods of protecting their data moving forward.
Morten Brøgger, CEO, Wire