Naturally, not having appropriate security in place is the reason for the fine, and as far as hacks go, this one sounds relatively clumsy. "Using valid login credentials, intruders were able to access the system via an out-of-date WordPress software," the ICO states. "The Commissioner acknowledges the steps Carphone Warehouse took to fix some of the problems and to protect those affected," but this "serious contravention" of the Data Protection Act has left Carphone Warehouse staring at a £400,000 bill. Even though the hack was long-forgotten until today, Information Commissioner Elizabeth Denham took the opportunity to twist the knife and wag a stern finger at the retailer.

"A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks. Carphone Warehouse should be at the top of its game when it comes to cyber-security, and it is concerning that the systemic failures we found related to rudimentary, commonplace measures," she said.