Another maximum fine under the previous data protection regime. This time, a £500k fine for Currys PC World and Dixons Travel (I can't imagine all the data they must have on last minute travel adapter purchases!) for malware installed on almost 6000 tills.
More information below - luckily for DSG, the breach was cleared up the month before the GDPR came into force. If it had crept past May 2018, the fine would have had potential to be far higher.
The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people. An ICO investigation found that an attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected.