Dixons Carphone – which owns Carphone Warehouse, Currys, and PC World – has admitted that it has been hit with of a data breach which put 5.9m cards and 1.2m personal data records at risk.
The ‘unauthorised data access’ is believed to have begun back in July last year, with hackers attempting to compromise the 5.9m cards in one of its processing systems for Currys PC World and Dixons Travel stores. Despite this, Dixons Carphone says that only around 105,000 payment cards had been leaked, as they are non-EU issued payment cards without chip and pin protection.
The company claims that it has not found any evidence that any compromised cards had been used fraudulently, as a result of the breach, but it has informed the relevant card companies about the cards so precautionary measures can be taken to protect the victims of the hack.
Additionally, non-financial personal data records of 1.2m customers has also been accessed. This information includes name, address, and email address. Once again, the company says it has not seen any evidence to suggest this data had left its systems or been used fraudulently. Dixons Carphone has notified the relevant customers, apologised, and provided advice on protective steps they can take.
Dixons Carphone chief executive Alex Baldock said that the company is “extremely disappointed and sorry for any upset this may cause,” adding that the company had fallen short on the need for protection of data to be “at the heart of our business”.
“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously,” added Baldock. “We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cybercrime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”