Dixons Carphone data breach involves 5.9 million payment cards

by Olivia Morelli - -

One of the largest data breaches in the UK's history hit Dixons Carphone

More than a million personal data records compromised

Electronics retail company Dixons Carphone suffered from one of the most significant data breaches[1] in the UK. The company reported that almost 6 million payment cards' and 1.2 customers' personal details were stolen. The breach was noticed when reviewing the system. The investigation has started immediately. The National Cyber Security Center and other agencies have been working to help victims of the breach since the attack. 

Anyone concerned about fraud or lost data should contact Action Fraud, and we recommend that people are vigilant against any suspicious activity on their bank accounts.

Dixons Carphone made a statement regarding this and said that there was no evidence of fraud. Although, in a second breach personal data has been accessed. Alex Baldock[2] apologized for this incident and stated, that the company had unfortunately failed its customers.

We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here.

The company has taken this into action exceptionally seriously, so they rely on cybersecurity professionals to handle this matter and add extra security measures to its systems. The company is planning to contact victims of the breach in order to apologize and give advise on any protective steps they should take.

Most of those 5.9 million cards were chip and pin protected. So no pin codes or CVV[3], authentication data were accessed. This means that purchases using this information could not be made. Unfortunately, about 100,000 payment cards without protection were accessed. According to the retailer, a bank has not detected any fraudulent events and purchases from those accounts.

Huge fell in company’s worth

As soon as this data breach was announced, Dixons Carphone shares fell 6%. This means potential damage to firm’s reputation. This attack can also lead to legal problems. While the data breach was discovered, new European General Data Protection Regulation rules came into force. The firm could face a maximum of 20 million euro fine.

Under the previous DPA[4] maximum fine can be 500,000 pounds. It depends whether it is dealt with 1998 or 2018 rules. Information Commissioner Office would indicate this after the investigation. This is only at early stages, so NCSC and the Financial Conduct Authority has a lot of work to do. This is a significant concern so Alex Neill – managing director at the consumer group “Which” said it is especially critical for the company.

This massive breach will cause real worry to millions of customers and raises serious questions about how Dixons Carphone has been looking after customers’ data. It is critical the company moves quickly to ensure those affected get precise information about what has happened and what steps they should take to protect themselves. Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank, and other online accounts and be wary of emails regarding the breach as scammers may try and take advantage of it.

Tough challenges for the company – it's not a first data breach for Dixons Carphone

Usually, when companies deal with these data breaches, they are quick to reassure their customers about the data accesses. But in this case, the company admits that names, email addresses, and logins may have been accessed, and this happened nearly a year ago. The company had a similar accident in 2015[5] and insists that it has no connection. Dixons Carphone also says that this data breach is discovered only a few weeks ago that is why it came to the public now.

The company said that there is no evidence that this non-financial information had left the system. The good news is about those 5.8 million cards that were protected, and nearly 100,000 non-European cards which did not have that protection. There is no evidence that this activity resulted in fraud.

These scandals and decrease in shares also is a big concern alongside the steep fines. UK Information Commissioner’s Office fined the company for 400,000 pounds for the 2015 breach. Now it is in question since rules have changed recently. A company faced fall in profit this year, and this means that 92 from 700 Carphone Warehouse stores would be closed.

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

References