NCSC Investigate Giant Dixons Data Breach

Uploaded on 2018-06-15 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

Dixons Carphone, the electricals and mobile phone dealer has said 5.9 million credit card numbers have been potentially hacked and that 1.2 million personal details have been opened and stolen. Now an arm of GCHQ, the National Cyber Security Centre (NCSC) is now working with Dixons Carphone on mitigation measures after a major privacy data breach that was revealed recently.

The National Cyber Security Centre (NCSC) has said it was working alongside the retailer and other agencies, such as the Information Commissioner’s Office and Financial Conduct Authority, regarding the cyber-attack on 5.9 million payment card details and 1.2 million personal data records.

The cyber-attack was reportedly caused by an advanced computer virus, or malware, which penetrated processing systems at Currys PC World and Dixons Travel stores. The breach happened in July last year but it was only discovered last week after a review of Dixon Carphone’s systems.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts,” the NCSC said.

Although the breach was discovered over the past week, the fact it occurred within the last year, before the new European General Data Protection Regulation (GDPR) rules came into effect on May 25, the maximum possible fine imposed would be £500,000.

How did the breach happen?
What the exact type of attack this was is still being investigated by the company and various regulatory and data governing supervisory bodies. Cyber security and GDPR questions are already being asked about Dixons protection and security of its client’s data. 

Under the new GDPR rules, Dixons Carphone would be fined up to four per cent of its annual global revenue, which is estimated to be around £423 million. Dixons Carphone said it had brought in cyber-security experts to investigate the data breach and implemented extra security measures across its systems.

It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.

“We are extremely disappointed and sorry for any upset this may cause,” Chief Executive Alex Badock said recently.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Retail Gazette

You Might Also Read: 

UK Fraud Hits £1.1bn As Cyber Crime Soars:

TalkTalk Still Feeling The Effects Of Cyber Attack:

GDPR Is Now Effective:

 

« Cyber Security Intelligence Website Upgrade
World First Police 3D Security Scanner »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

FraudScope

FraudScope

FraudScope is an AI-assisted platform that accelerates the identification of fraud, waste, and abuse.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Twingate

Twingate

Twingate help organizations secure and manage access to their technology resources in a world where people work from anywhere.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Segra

Segra

Segra owns and operates one of the nation’s largest fiber networks and provides best-in-class broadband and data security solutions throughout the Southeast and Mid-Atlantic.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.