Log in or Register for enhanced features | Forgotten Password?
White Papers | Suppliers | Events | Report Store | Companies | Dining Club | Videos
Specialist Retailers
Electricals & Electronics Retailers
Return to: RBR Home | Specialist Retailers | Electricals & Electronics Retailers

Retailer Dixons Carphone hit by massive data breach

RBR Staff Writer Published 15 June 2018

Electronics retailer Dixons Carphone has admitted a massive data breach, with attackers accessing bank card details of 5.9 million customers.

The company said investigation is ongoing and currently indicates that there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores.

The data mostly pertains to information about card with chips and pin protection.

Dixons Carphone claims that the data access in respect of these cards, does not contain any pin codes, card verification values (CVV) nor any authentication data that enables cardholder identification.

But about, 105,000 non-EU issued payment cards which do not have chip and pin protection were compromised. The company claims to have alerted the relevant card companies via its payment provider about all the cards so that appropriate actions can be taken.

Dixons stated that it has launched an investigation and has engaged cyber security experts and has also added extra security measures to its systems. It also closed off the access and there is no evidence that there has been any breach since. It has also notified relevant authorities including ICO, FCA and the police.

The investigation found that 1.2 million records containing non-financial personal data such as name, address or email address were accessed. Dixons stated that there is no evidence that this information has left its systems nor has resulted in any fraud at this stage.

Dixons Carphone CEO Alex Baldock said: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.

“We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”

On this issue, National Cyber Security Centre (NCSC) has stated that it is working with Dixons Carphone and other agencies to understand how this data breach has affected people in the UK and is advising on mitigation measures.

It said: “Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts. The NCSC website offers advice to organisations about ensuring their online security is as robust as possible, including guidance on protecting bulk personal data from cyber attack.”

Image:  Currys PC World Oxford Street exterior. Photo: Courtesy of Dixons Carphone plc.