The Dixons Carphone data breach will go down as one of the biggest data breaches at a single firm in UK history – and is a stark reminder to all businesses that we live in a new era of cybersecurity. It is a time where the hacking threat is unprecedented, and no company is seemingly immune. Running parallel to this increasing threat are the most rigorous data protection laws Europe has ever seen. The result spells trouble for any business that does not invest now in robust systems that protect consumer data.
The breach compromised 5.9m payment cards belonging to customers of Currys PC World and Dixons Travel and it has been reported that the non-financial data of 1.2m customers, such as names, addresses and email addresses, were accessed. While firm assurances have been made that there is no evidence that the loss of personal data has resulted in any fraud, one could argue the damage has been done – and on a number of levels.
The first is financial. Dixons Carphone could now face fines of £400m, depending on whether the breach should be treated under the scope of the new general data protection regulation (GDPR), which carries fines of up to four per cent of turnover. The alternative would be a penalty of £500,000, if treated under the previous legal regime before May 25. In either scenario, this level of financial detriment is one that any company can ill afford.
The long-term impact on reputation is potentially more harmful. Any company’s reputation is built on a relationship of trust with their customer base. Once this has been tarnished in such a high-profile way, can it ever be restored? Only time will tell.
Lessons will need to be learned across the business world from this latest data breach – and particularly those who deal with large volumes of customer card payment information. The goalposts have changed – and now it is time for businesses to respond to ensure their systems keep pace with both the law and the increasingly covert tactics of the hackers. The good news is that the technology is there for businesses to protect themselves and I would urge all customer-facing organisations to review their processes and invest for the future. Ultimately it will protect their customers – and themselves.
For more information on ensuring card payments are protected, click here.
Derwyn Jones is Chief Executive of Ultracomms, a leading provider of PCI DSS level 1 certified secure payment and omni-channel customer contact solutions and based in Fareham, Hampshire.