Beleaguered Dixons Carphone has suffered a massive data breach in which the personal and financial data of millions of their customers have been compromised.
Carphone admitted that hackers had accessed 1.2 million personal records and 5.9 million payment cards taken from the processing systems of its Curry’s PC World and Dixons Travel stores.
Among the personal data stolen were email addresses, names and addresses. Carphone also revealed that among the payment cards stolen, 105,000 cards were based outside the UK and were not protected by chip and pin.
Carphone said that security experts had been called in to conduct an investigation and to shore up its security defences. It had also informed the police, regulators at the Information Commissioner’s Office (ICO) as well as the Financial Conduct Authority.
Carphone said they had also notified the relevant card companies via their payment providers. But stressed there was no evidence, at present, that there had been any fraudulent attempts.
We are extremely disappointed for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.- Alex Baldock: CEO, Dixons Carphone
At present it is unclear how the breach occurred and who is behind the attack. But Carphone faced criticism over the latest attack following the massive data breach in 2015.
Three years ago, Carphone Warehouse suffered a massive data breach that affected more than 2.5 million customers, with up to 90,000 subscribers having their credit card details compromised.
At the time Carphone faced criticism over lapses in its security measures and the delay over reporting the breach. In January, this year the ICO finally issued one of the largest fines ever when it hit Carphone with a fine of £400,000.
What to do if you think you might be a victim
Cancelling cards is always a pain, but the bigger issue is the personal data harvested by the criminals. The possibility of phishing attempts using this information is a good one, and people could be caught off-guard if they can’t remember buying something from Dixons Carphone in the first place.
Treating all communications with suspicion for the next few months is probably a good idea, especially in situations where any form of login details is required.- Chris Boyd: lead malware analyst, Malwarebytes
If you have recently purchased something from Carphone or you think your details might be involved there are a number of actions you can take to minimise any fraud.
Notify your bank and credit card company so they can monitor any activity on your accounts.
Check for suspicious or unexpected online or account activity. Especially for any use of your personal information, bank details or passwords.
Be wary of phishing emails. Do not reply to them or open any attachments the email may contain. Be particularly wary of emails purporting to come from Carphone concerning the breach. Contact Carphone independently if you’re suspicious.
Check you credit rating in case anyone has taken out a loan or credit in your name. You can do this by visiting Experian or Equifax.
If you think you might have been a victim of fraud, then report it to Action Fraud on 0300 123 2040.