Firm faces possible fine under GDPR after data breach went undetected
Dixons Carphone faces further woes as its full-year earnings were hit, as it battle against the backlash of a serious cyber breach revealed last week. Falling gross profits and a plummeting share price were expected as the investigation continues into the data breach that compromised over 5.9 million customers’ personal details.
Despite occurring eleven months ago, the data breach was only uncovered following the appointment of Alex Baldock as CEO last month. Failing to identify and report that a data breach has taken place within 72 hours is a serious contravention under the new GDPR.
It is unclear whether or not Dixons Carphone will be fined under the newly implemented GDPR, but going forward companies need to ensure they are able to detect breaches in real-time.
Ben Boswell, VP Europe at World Wide Technology, comments: “The Dixons Carphone incident really highlights the challenges that retailers and large organisations face when it comes to security. Organisations must be able to recognise and react to data breaches as they occur in order to meet stringent reporting requirements and prevent potentially catastrophic effects to both retailers and customers.
“To prevent these kind of security oversights, where a breach goes undetected for nearly a year, organisations should consider implementing endpoint security software, which uses cyber analytics to detect unusual activity and enable a quick response to safeguard sensitive customer data.
“As the retail landscape shifts and becomes more technologically vulnerable, implementing systems that continually monitor and react to data anomalies is the key to achieving security milestones. Without these systems in place, retail organisations will continue to expose customer data to security compromises and risk incurring crippling fines under GDPR.”