NCSC Investigate Giant Dixons Data Breach

Uploaded on 2018-06-15 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Dixons Carphone, the electricals and mobile phone dealer has said 5.9 million credit card numbers have been potentially hacked and that 1.2 million personal details have been opened and stolen. Now an arm of GCHQ, the National Cyber Security Centre (NCSC) is now working with Dixons Carphone on mitigation measures after a major privacy data breach that was revealed recently.

The National Cyber Security Centre (NCSC) has said it was working alongside the retailer and other agencies, such as the Information Commissioner’s Office and Financial Conduct Authority, regarding the cyber-attack on 5.9 million payment card details and 1.2 million personal data records.

The cyber-attack was reportedly caused by an advanced computer virus, or malware, which penetrated processing systems at Currys PC World and Dixons Travel stores. The breach happened in July last year but it was only discovered last week after a review of Dixon Carphone’s systems.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts,” the NCSC said.

Although the breach was discovered over the past week, the fact it occurred within the last year, before the new European General Data Protection Regulation (GDPR) rules came into effect on May 25, the maximum possible fine imposed would be £500,000.

How did the breach happen?
What the exact type of attack this was is still being investigated by the company and various regulatory and data governing supervisory bodies. Cyber security and GDPR questions are already being asked about Dixons protection and security of its client’s data. 

Under the new GDPR rules, Dixons Carphone would be fined up to four per cent of its annual global revenue, which is estimated to be around £423 million. Dixons Carphone said it had brought in cyber-security experts to investigate the data breach and implemented extra security measures across its systems.

It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.

“We are extremely disappointed and sorry for any upset this may cause,” Chief Executive Alex Badock said recently.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Retail Gazette

You Might Also Read: 

UK Fraud Hits £1.1bn As Cyber Crime Soars:

TalkTalk Still Feeling The Effects Of Cyber Attack:

GDPR Is Now Effective:

 

« Cyber Security Intelligence Website Upgrade
World First Police 3D Security Scanner »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

Pacific Cyber Security Operational Network (PaCSON)

Pacific Cyber Security Operational Network (PaCSON)

PaCSON is an operational cyber security network of regional working-level cyber security experts in the Pacific.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.

Orchid Security

Orchid Security

Orchid Security provides unprecedented insight and action to your identity security with the help of advanced technologies like Large Language Models (LLM).

Cyber Nations

Cyber Nations

Cyber Nations is a global program designed to engage 100,000 African, Caribbean and Canadian learners to be trained in cybersecurity with a path to employment.