NCSC Investigate Giant Dixons Data Breach

Dixons Carphone, the electricals and mobile phone dealer has said 5.9 million credit card numbers have been potentially hacked and that 1.2 million personal details have been opened and stolen. Now an arm of GCHQ, the National Cyber Security Centre (NCSC) is now working with Dixons Carphone on mitigation measures after a major privacy data breach that was revealed recently.

The National Cyber Security Centre (NCSC) has said it was working alongside the retailer and other agencies, such as the Information Commissioner’s Office and Financial Conduct Authority, regarding the cyber-attack on 5.9 million payment card details and 1.2 million personal data records.

The cyber-attack was reportedly caused by an advanced computer virus, or malware, which penetrated processing systems at Currys PC World and Dixons Travel stores. The breach happened in July last year but it was only discovered last week after a review of Dixon Carphone’s systems.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts,” the NCSC said.

Although the breach was discovered over the past week, the fact it occurred within the last year, before the new European General Data Protection Regulation (GDPR) rules came into effect on May 25, the maximum possible fine imposed would be £500,000.

How did the breach happen?
What the exact type of attack this was is still being investigated by the company and various regulatory and data governing supervisory bodies. Cyber security and GDPR questions are already being asked about Dixons protection and security of its client’s data. 

Under the new GDPR rules, Dixons Carphone would be fined up to four per cent of its annual global revenue, which is estimated to be around £423 million. Dixons Carphone said it had brought in cyber-security experts to investigate the data breach and implemented extra security measures across its systems.

It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.

“We are extremely disappointed and sorry for any upset this may cause,” Chief Executive Alex Badock said recently.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Retail Gazette

You Might Also Read: 

UK Fraud Hits £1.1bn As Cyber Crime Soars:

TalkTalk Still Feeling The Effects Of Cyber Attack:

GDPR Is Now Effective:

 

« Cyber Security Intelligence Website Upgrade
World First Police 3D Security Scanner »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC)

Bangladesh Computer Council (BCC) is a government body providing support for ICT related activities including formulating national ICT strategy and policy.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Cequence Security

Cequence Security

Cequence secures web, mobile, and API applications. We discover all apps, detect malicious bots, and stop attacks with an AI-integrated security platform.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Sansec

Sansec

Sansec is the global leader in eCommerce malware and vulnerability detection. We help you to stay ahead of hackers!

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.