Dixons Carphone admits hack far bigger than originally thought

Approximately 10 million personal records could have been accessed in security breach.

Dixons Carphone admits hack far bigger than originally thought

Earlier this summer, customers of popular UK high street stores Currys PC World, Carphone Warehouse, and Dixons Travel were warned that hackers had breached one of the processing systems used by its stores, and made off with 5.9 million payment cards and the personal data records of 1.2 million individuals.

Now parent company Dixons Carphone is saying that some 8.8 million *more* customers may be impacted by the breach which occurred in 2017.

The silver lining on the cloud, however, is that Dixons Carphone believes that these breached records do not contain payment card information or bank account details. It also says that it has seen no evidence that any fraud has taken place as a result of the breach.

Nonetheless, there’s clearly ample opportunity for scammers to use breached details such as customers’ contact information and email addresses in an attempt to defraud unsuspecting customers.

Dixons Carphone Chief Executive Alex Baldock has apologised to customers:

Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”

As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

The company is no stranger to finding itself in the media spotlight over hacks.

In 2015, Carphone Warehouse (which was then a separate company) warned that approximately three million customers had been put at risk after its IT systems were breached by hackers.

The hack resulted in the Information Commissioner’s Office (ICO) issuing a £400,000 fine earlier this year.

Listen to more discussion about this topic in this episode of the “Smashing Security” podcast:

Smashing Security #89: ‘Data breaches, ransomware, Bitcoin robberies, and typewriters’

Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

Tags: , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

One Response

  1. Lee E Grant

    August 1, 2018 at 8:40 am #

    Do you think this could be the first time we’ll see the ICO flex their GDPR wings?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.