Dixons Carphone has admitted to the huge data breach which took place in the last 12 months.
The company says they have been the victim of an “unauthorised data access” where an attempt to compromise 5.8 million credit and debit cards in one of its processing systems for Currys PC World and Dixons Travel stores. However, it said that only 105,000 non-EU issued cards without chip-and-pin protection had been leaked.
In addition, 1.2 million personal data records were hacked which included non-financial information such as names, addresses, and email addresses. It insisted that it had seen no evidence of any fraud at this stage as they had no evidence that the information had left its systems, but it was contacting those affected to advise them.
The firm added that they had brought in leading cyber-experts and added extra security measures to its systems.
This is the second hack in the past three years that the company has had to admit to publicly. They were also fined for a failure to secure their system which allowed unauthorised access to the personal data of over three million customers and 1,000 employees.
Dixons Carphone shares fell more than 3% in early trading after the disclosure.
Alex Baldock Chief executive said”We are extremely disappointed and sorry for any upset this may cause.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.
“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
Oz Alashe, CEO of cybersecurity training platform CybSafe said:
“While there’s no evidence yet that the stolen card details have been misused, it is unfortunately probably more a case of when rather than if. It is commonplace that bulk stolen credit card numbers are not used immediately, as it takes time to resell them on the dark web. Criminals also want the attention around the breach to die down before using them.
On top of this, we have the loss of over a million personal data records. It is quite likely that poor practices allowed this to happen – if so, this won’t be the first time. Dixons suffered a significant data breach back in 2015, and this latest lapse shows that, by and large, things haven’t changed, and lessons may not have been learned.”
“The company was hit with a £400,000 fine earlier this year for the 2015 breach, which affected over three million customers. In light of the fact that GDPR has now come into force, the fine the company will face for this latest breach could be substantially more.”
Carphone Warehouse also has to contend with the economic challenges like many other high street retailers. Last month the firm warned it would close nearly 100 of its Carphone Warehouse stores.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.