NCSC Investigate Giant Dixons Data Breach

Uploaded on 2018-06-15 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Dixons Carphone, the electricals and mobile phone dealer has said 5.9 million credit card numbers have been potentially hacked and that 1.2 million personal details have been opened and stolen. Now an arm of GCHQ, the National Cyber Security Centre (NCSC) is now working with Dixons Carphone on mitigation measures after a major privacy data breach that was revealed recently.

The National Cyber Security Centre (NCSC) has said it was working alongside the retailer and other agencies, such as the Information Commissioner’s Office and Financial Conduct Authority, regarding the cyber-attack on 5.9 million payment card details and 1.2 million personal data records.

The cyber-attack was reportedly caused by an advanced computer virus, or malware, which penetrated processing systems at Currys PC World and Dixons Travel stores. The breach happened in July last year but it was only discovered last week after a review of Dixon Carphone’s systems.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts,” the NCSC said.

Although the breach was discovered over the past week, the fact it occurred within the last year, before the new European General Data Protection Regulation (GDPR) rules came into effect on May 25, the maximum possible fine imposed would be £500,000.

How did the breach happen?
What the exact type of attack this was is still being investigated by the company and various regulatory and data governing supervisory bodies. Cyber security and GDPR questions are already being asked about Dixons protection and security of its client’s data. 

Under the new GDPR rules, Dixons Carphone would be fined up to four per cent of its annual global revenue, which is estimated to be around £423 million. Dixons Carphone said it had brought in cyber-security experts to investigate the data breach and implemented extra security measures across its systems.

It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.

“We are extremely disappointed and sorry for any upset this may cause,” Chief Executive Alex Badock said recently.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Retail Gazette

You Might Also Read: 

UK Fraud Hits £1.1bn As Cyber Crime Soars:

TalkTalk Still Feeling The Effects Of Cyber Attack:

GDPR Is Now Effective:

 

« Cyber Security Intelligence Website Upgrade
World First Police 3D Security Scanner »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.

Apexanalytix

Apexanalytix

Apexanalytix is a leading provider of supplier onboarding, risk management and recovery solutions.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.