Dixons Carphone admits hack far bigger than originally thought

Graham Cluley

Dixons thumb

Dixons Carphone admits hack far bigger than originally thought

Earlier this summer, customers of popular UK high street stores Currys PC World, Carphone Warehouse, and Dixons Travel were warned that hackers had breached one of the processing systems used by its stores, and made off with 5.9 million payment cards and the personal data records of 1.2 million individuals.

Now parent company Dixons Carphone is saying that some 8.8 million *more* customers may be impacted by the breach which occurred in 2017.

The silver lining on the cloud, however, is that Dixons Carphone believes that these breached records do not contain payment card information or bank account details. It also says that it has seen no evidence that any fraud has taken place as a result of the breach.

Nonetheless, there’s clearly ample opportunity for scammers to use breached details such as customers’ contact information and email addresses in an attempt to defraud unsuspecting customers.

Dixons Carphone Chief Executive Alex Baldock has apologised to customers:

“Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”

“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

The company is no stranger to finding itself in the media spotlight over hacks.

In 2015, Carphone Warehouse (which was then a separate company) warned that approximately three million customers had been put at risk after its IT systems were breached by hackers.

The hack resulted in the Information Commissioner’s Office (ICO) issuing a £400,000 fine earlier this year.

Listen to more discussion about this topic in this episode of the “Smashing Security” podcast:

Smashing Security #89: 'Data breaches, ransomware, Bitcoin robberies, and typewriters'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Dixons Carphone admits hack far bigger than originally thought”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES