The Information Commissioner's Office (ICO) has fined the Carphone Warehouse £400,000 after a serious data breach that occurred in 2015.
The breach affected the company's online division and compromised data including customers' names, addresses, phone numbers, dates of birth, marital status, and historical card payment details.
Hackers used valid login credentials, and were able to access the company's network using out-of-date WordPress software.
After investigating, the ICO found that the software had not been updated in six years and noted a total absence of antivirus software.
The same root password was also used on every server and was known to "some 30-40 members of staff."
What happens next?
If the Carphone Warehouse pays the fine within 30 days it will enjoy a 20 per cent discount, meaning that it will pay £320,000 — matching the fine levied against TalkTalk for a similar data breach in 2015.
In May, GDPR regulations will come into force, meaning that companies found with poor security features will be levied with significantly larger fines — worth up to four per cent of global turnover.
This means that if the case was but a little later, the company would have been fined upwards of £17 million.