News Roundup: Dixons Carphone are the first company to make a post-legislative disclosure

A roundup of the week’s technology news including more data breaches, start-up visas, and the World Cup.

GDPR

I know the last thing anyone wants to talk about is GDPR, but judging by the amount of emails I received about it, the Dixons Carphone data breach was the biggest story of the week, so that’s what we’re opening with.

In July 2017, attackers gained access to the payment card details of a staggering 5.9 million customers alongside an additional 1.2 million records containing personal information such as names, addresses and email addresses.

Despite the criminals infiltrating the database 12 months ago, the company only disclosed the findings on Monday. It’s still unclear when they were alerted to the breach but it’s the first high-profile case since the GDPR came into force, which states “if the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.”

Dixons Carphone CEO Alex Burdock told reporters that only details from 105,000 cards included in the breach would have the potential to be used fraudulently, as they belonged to individuals living outside the EU and lacked chip and pin protection. However, this might not be enough to stop the company receiving a €20million fine.

In other data breach news, the ICO has finally fined Yahoo for failing to protect the personal information of 515,000 British citizens in its 2014 data breach. An investigation into the unprecedented breach of over 3 billion accounts found Yahoo’s UK subsidiary guilty of failing to ensure proper data protection protocols were followed, which allowed hackers to make off with both personal, identifiable information as well as unencrypted passwords and answers to security questions. Early this year a judge ruled they would also be facing legal action in the US as a result of the breach.

 

To continue reading this article register now