What does the Carphone breach mean in the new, shiny GDPR world?

Dixons admits Carphone breach hit 10 million customers

Dixons Carphone has admitted that a data breach reported in 2017 was worse than originally thought. The company said that after further investigations it had found that overall 10 million customers were affected.

The breach was discovered in June 2017 when Dixons Carphone revealed hackers had accessed 5.9 million payment-cards used by Currys PC World and Dixons Travel as well as 1.2 million personal records had been stolen.

After further investigation, Dixons revised the figure of those affected to 10 million whose names, addresses and email addresses had been stolen.

Since our data security review uncovered last year’s breach, we have been working round the clock to put it right.

That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.

Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.

- Alex Baldock: CEO, Dixons Carphone

Dixons admitted in its statement that some of the stolen data may have left their systems. However they gave assurances that the data did not include payment-card or bank account details and said there was no evidence that fraud had taken place.

It transpired that while almost 6 million payment cards were affected only 105,000 cards without chip and pin protection had actually been leaked.

Dixons insisted that the breach had nothing to do with a seperate 2015 breach for which the Information Commissioner’s Office (ICO) fined Carphone Warehouse £400,000. Luckily for Dixons the recent breach came before the implementation of new GDPR data protection rules.

Dixons has worked with the appropriate authorities such as the ICO and had brought in cyber experts to assist, including the National Cyber Security Centre.

Dixons has now sent communications to all of their customers to apologise and advise on the protective steps they can take to minimise any risk of fraud. Bryan Glick, editor in chief of Computer Weekly told the BBC that if you haven’t received such communications it is fair to say you’ll be OK.

Last month Carphone Warehouse warned of a sharp fall in profits for this year and said as a consequence they would be closing 92 of its 700-plus stores.

Image: wikimedia


A veteran freelance journalist writing extensively on internet news and cybersecurity.
Back To Top