Story image

Dixons Carphone data breach toll rises to 10m customers

01 Aug 2018

In another twist of the knife for Europe technology firm Dixons Carphone, the company has admitted that a major data breach back in 2017 is now much bigger than first thought.

The Dixons Carphone breach made headlines on June 13 2018 when it announced that it had been hit by a data breach that affected an estimated 1.2 million customers. The company has now reviewed that figure and says the breach actually affected 10 million customers.

In a June press release, Dixons Carphone stated that breach attempted to compromise 5.9 million cards in a processing system for Currys PC World and Dixons Travel stores, and it also attempted to compromise 1.2 million records that contained personal data including names, addresses, and email addresses.

But more than a month later as the investigation nears completion, the company admits that approximately 10 million records containing personal data may have been accessed during the 2017 breach.

“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated,” the company says in a statement.

Dixons Carphone chief executive Alex Baldock says the company is “disappointed” that it has suffered a breach.

“[We’re] very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

Baldock adds that the company has been working round-the-clock to remediate the problems ever since the breach was discovered in the company’s data security review.

“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”

Dixons Carphone is contacting all customers to apologise and provide tips to reduce the risk of fraud.

“As we indicated previously, we have taken action to close off this access and have no evidence it is continuing. We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.”

Dixons Carphone provides electrical and mobile products, connectivity, and after-sales services from Team Knowhow.

Dixons Carphone’s primary brands include Currys PC World and Carphone Warehouse in the UK & Ireland, Elkjøp, Elkjøp Phonehouse, Elgiganten, Elgiganten Phone House, Gigantti in the Nordic countries, Kotsovolos in Greece, and Dixons Travel in a number of UK airports as well as Dublin and Oslo. The company’s key service brand is Team Knowhow in the UK, Ireland and the Nordics.

Dixons Carphone shares are trading at GBP176.10 as of July 30.

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.