Dixons Carphone reveals data breach affecting 5.9 million customers

Adjust Comment Print

The high-street retailer has admitted that over a million personal data records of its customers have been accessed by hackers, with 5.9 million payment cards also affected.

'The protection of our data has to be at the heart of our business, and we've fallen short here.

The latest incident also potentially exposed the personal details of 1.2 million people (name, address, email address), leaving customers more exposed to potential phishing attacks as a result.

According to the company, the vast majority of the cards (5.8M) were protected by chip-and-PIN technology - and it says the data accessed in respect of these cards contains "neither pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made".

The company says it has informed the ICO and the police of the attack.

It said relevant card companies had been notified, but added there was no evidence of fraud on the cards as a result of this incident.

It said there was now no evidence of any fraudulent use of the information - with the vast majority of the cards having chip and pin protection.

"We are extremely disappointed and sorry for any upset this may cause".

Last month, the retailer forecast that earnings this year will slump about 21 percent as it closes mobile-phone stores in a contracting United Kingdom household-electronics market. Again, Dixons said there was no evidence that it had resulted in any fraud. "As a multinational organisation, Dixons Carphone would have been well aware of the Target breach". We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems.

Given the small number of affected cards and the fact that personal data did not leave the network, it's unlikely the firm will be in for a major GDPR fine, unless it emerges that the hackers took advantage of serious deficiencies in the firm's cyber-defenses. The possibility of phishing attempts using this information is a good one, and people could be caught off-guard if they can't remember buying something from Dixons Carphone in the first place.