Dixons Carphone Data Breach Hits 10m Users

A data breach at electronics retailer Dixons Carphone is almost ten times larger than the company first thought. Personal information of 10 million customers, including names, addresses, and email addresses, are thought to have been accessed by outsiders, massively up from the originally stated figure of 1.2 million.

The company uncovered further evidence of personal data being accessed during its investigation into the breach, which first occurred in July 2017 but only came to light this June.

As part of the attack, hackers also attempted to access 5.9 million payment card details, but Dixons Carphone has previously stated that chip-and-pin protection should prevent these details being used for fraud.

However, the number of accounts accessed makes it one of the largest breaches to involve a UK company.

No information has been provided on how the attackers managed to gain access to such a large amount of data, but the company says an investigation being carried out with the aid of cyber security experts is nearing completion.

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Alex Baldock, chief executive of Dixons Carphone, said in a statement.

"That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today."

There have been no reports of fraud resulting from the breach, but Baldock once again apologised to customers for the incident.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us," he said.

The company says it's making improvements to its security environment by enhancing its monitoring and testing abilities.

Upon discovering the breach last month, Dixons Carphone reported it to the National Cyber Security Centre and the Information Commissioner's Office, and the company states it continues to keep both organisations updated.

"Our investigation into the incident is ongoing and we will take time to assess this new information," an ICO spokesperson told ZDNet.

"In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The initial breach came to light weeks after the GDPR came into force. However, the breach occurred in 2017, when the 1998 Data Protection Act was still in place.

ZDNet

You Might Also Read:

TalkTalk Still Feeling The Effects Of Cyber Attack:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

 

 

« Surveillance Cameras That Spot Your Personality Type
Alaska Dusts Off Its Typewriters »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service — basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

LimaCharlie

LimaCharlie

LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility, build what you want, control your data, get the security capabilities you need.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.