Dixons Carphone Data Breach Hits 10m Users

Uploaded on 2018-08-08 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A data breach at electronics retailer Dixons Carphone is almost ten times larger than the company first thought. Personal information of 10 million customers, including names, addresses, and email addresses, are thought to have been accessed by outsiders, massively up from the originally stated figure of 1.2 million.

The company uncovered further evidence of personal data being accessed during its investigation into the breach, which first occurred in July 2017 but only came to light this June.

As part of the attack, hackers also attempted to access 5.9 million payment card details, but Dixons Carphone has previously stated that chip-and-pin protection should prevent these details being used for fraud.

However, the number of accounts accessed makes it one of the largest breaches to involve a UK company.

No information has been provided on how the attackers managed to gain access to such a large amount of data, but the company says an investigation being carried out with the aid of cyber security experts is nearing completion.

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Alex Baldock, chief executive of Dixons Carphone, said in a statement.

"That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today."

There have been no reports of fraud resulting from the breach, but Baldock once again apologised to customers for the incident.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us," he said.

The company says it's making improvements to its security environment by enhancing its monitoring and testing abilities.

Upon discovering the breach last month, Dixons Carphone reported it to the National Cyber Security Centre and the Information Commissioner's Office, and the company states it continues to keep both organisations updated.

"Our investigation into the incident is ongoing and we will take time to assess this new information," an ICO spokesperson told ZDNet.

"In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The initial breach came to light weeks after the GDPR came into force. However, the breach occurred in 2017, when the 1998 Data Protection Act was still in place.

ZDNet

You Might Also Read:

TalkTalk Still Feeling The Effects Of Cyber Attack:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

 

 

« Surveillance Cameras That Spot Your Personality Type
Alaska Dusts Off Its Typewriters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

InfoSec People

InfoSec People

InfoSec People is a leading UK provider of specialist recruitment services for Information Security, Business Continuity and Risk Management.

Actiphy

Actiphy

Actiphy provides a tried and proven backup and disaster recovery software solution to ensure business continuity at all times.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

ShorePoint

ShorePoint

ShorePoint helps customers focus on visibility, analytics and context to make timely and informed risk-based decisions to protect their infrastructure.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.