Wednesday, 23 January, 2019

Dixons Carphone reveals data breach affecting 5.9 million customers

Dixons Carphone discloses data breach affecting 5.9M payment cards 105k of which were compromised		
	Natasha Lomas

   	7 hours Dixons Carphone discloses data breach affecting 5.9M payment cards 105k of which were compromised Natasha Lomas @ 7 hours
Nellie Chapman | 13 June, 2018, 18:00

Retailer Dixons Carphone announced on Wednesday it had uncovered a major breach involving millions of people's data.

Separately, the investigation has found that 1.2m records containing non-financial personal data - such as name, address and email - had been accessed.

It said its ongoing investigation indicated there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores.

"As a precaution we immediately notified the relevant card companies via our payment provider about all these cards so that they could take the appropriate measures to protect customers".

"We have no evidence that this information has left our systems or has resulted in any fraud at this stage".

The retailer added that 5.8 million of the compromised cards are protected by chip and pin number combinations.

"We are extremely disappointed and sorry for any upset this may cause", said Chief Executive Alex Baldock. Again, Dixons said there was no evidence that it had resulted in any fraud.

Dixons says it doesn't believe that the attackers have anything like the amount of data required to use the cards fraudulently.

Pin codes, card verification values (CVV), and authentication data enabling holder identification or purchases were not stored in the data.

The breach was now being investigated by police, it said, while regulators had also been informed. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems.

It comes after telecoms firm TalkTalk was hit by a major cyber attack in October 2015, which saw the personal data of almost 160,000 people accessed by hackers and left the firm facing a record £400,000 fine for security failings.

"While Dixons has said that there is no evidence of fraud taking place, now the data is in the criminal sphere, it's unlikely to be long before it starts being shopped around amongst criminals, with ensuing phishing and bruteforce attacks launched".

In a statement released this morning, the company said during a review of systems and data, it discovered that there has been "unauthorised access to certain data held by the company".