Hackers access payment details of 5,900,000 Dixons Carphone customers

Hackers access payment details of 5,900,000 Dixons Carphone customers

Millions of Dixons Carphone customers have had their financial and personal data illegally accessed after a major breach at the United Kingdom company.

A Dixons Carphone spokesperson told ZDNet that the breach began in July past year - there's been no information provided as to when it was discovered.

Baldock joined Dixons Carphone in April and last month the group warned on profits and said it would have to close shops, wiping more than 500 million pounds off its stock market value.

An investigation into what happened is still ongoing, but Dixons Carphone said there is evidence that an attempt was made to compromise 5.9 million payment cards via one of the processing systems of its Currys PC World and Dixons Travel stores.

It added that its investigation had also found that hackers accessed non-financial personal data - such as name, address or email details - for 1.2 million customer records.

Carphone Warehouse said it had no evidence that the information had left its systems or resulted in any fraud, but it was contacting those affected to advise them. The protection of our data has to be at the heart of our business, and weve fallen short here. Again, Dixons said there was no evidence that it had resulted in any fraud.

However around 105,000 of the accessed cards were non-EU issued, and lacked chip-and-PIN, and it says those cards have been compromised.

He said: "Today's breach of Dixons data will have far reaching consequences for some time". Paul German, CEO at Certes Networks, commented: "Despite the well-publicised Target data breach, it seems that other retailers are still not adopting appropriate cybersecurity strategies". It also confirms it has informed the UK's data watchdog the ICO, financial conduct regulator the FCA, and the police. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems. "We have no evidence to date of any fraudulent use of the data as result of these incidents".

Given the small number of affected cards and the fact that personal data did not leave the network, it's unlikely the firm will be in for a major GDPR fine, unless it emerges that the hackers took advantage of serious deficiencies in the firm's cyber-defenses.

Related Articles