It is a time where the hacking threat is unprecedented, and no company is immune. Running parallel to this increasing threat are the most rigorous data protection laws Europe has ever seen. The result spells trouble for any business that does not invest in systems that protect consumer data.
The breach compromised 5.9 million payment cards belonging to customers of Currys PC World and Dixons Travel and it has been reported that the non-financial data of 1.2 million customers, such as names, addresses and email addresses, were accessed.
While assurances have been made that there is no evidence that the loss of personal data has resulted in any fraud, one could argue the damage has been done – and on a number of levels.
The first is financial. Dixons Carphone could now face fines of £400 million, depending on whether the breach should be treated under the scope of the new general data protection regulation (GDPR), which carries fines of up to four per cent of turnover.
The alternative would be a penalty of £500,000, if treated under the previous legal regime before May 25. In either scenario, this level of financial detriment is one that any company can ill afford.
The long-term impact on reputation is potentially more harmful. Any company’s reputation is built on a relationship of trust with their customer base. Once this has been tarnished in such a high-profile way, can it ever be restored? Only time will tell.
Lessons will need to be learned across the business world from this latest data breach – and particularly those who deal with large volumes of customer card payment information.
The goalposts have changed – and now it is time for businesses to respond to ensure systems keep pace with both the law and the increasingly covert tactics of the hackers.
The good news is that the technology is there for businesses to protect themselves and I would urge all customer-facing organisations to review processes and invest for the future. Ultimately it will protect their customers – and themselves.
Derwyn Jones is CEO of Ultracomms, a leading provider of PCI DSS level 1 certified secure payment and omni-channel customer contact solutions and based in Fareham, Hampshire
Share this story