On 9 January 2020, the UK’s Information Commissioner’s Office (“ICO”) announced that it had fined DSG Retail Limited (“DSG”) a UK-based IT retailer trading under brands including Curry’s PC World and Dixons Travel, £500,000 in connection with a cyber-attack which affected at least 14 million people.

The ICO’s investigation revealed that an attacker had installed malware on 5,390 point of sale terminals (notably the devices from which in-store payments are taken from the customer) across DSG’s Currys PC World and Dixons Travel stores. The malware gathered customer personal data, including full names, postcodes, email addresses and failed credit checks from internal servers, for nine months between July 2017 and April 2018 before it was discovered. It was also discovered that 5.6 million payment card details used in transactions were also accessed during this time.

Continue reading.