Dixons Carphone admit huge data breach

Dixon’s Carphone has admitted a huge data breach involving millions of personal records and payment card information.

The company are investigating the hacking attempt, which began in July last year, but say there is no evidence of any card being used fraudulently as a result.

The hackers made an attempt to capture data of 5.8 million credit and debit cards but only 150,000 non-EU cards without chip-and-pin protection were leaked.

Access to the data was attempted at one of the processing systems of Curry PC World and Dixons Travel stores.

The investigation also found that 1.2m records containing non-financial personal data, such as name, address or email address, had been accessed.

Alex Baldock, Dixons Carphone Chief Executive, said: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.

“We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”

A spokesperson for the National Cyber Security Centre said: “The National Cyber Security Centre is working with Dixons Carphone plc and other agencies to understand how this data breach has affected people in the UK and advise on mitigation measures.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts.

“The NCSC website offers advice to organisations about ensuring their online security is as robust as possible, including guidance on protecting bulk personal data from cyber attack.”

The question that remains is what action will the regulator take against Dixons Carphone?

We will all now be waiting for whether or not the company will be severely fined.

With GDPR coming into effect last month, future breaches of this kind could see have heavy fines for company directors and officers.

Cybercrime continues to rise with hackers using new ways to access data, meaning it is even more important for organisations and companies to keep their data safe.

If you would like to learn more about Directors & Officers Liability Insurance, feel free to give us a call on 01274 515747 or email mail@lwood.co.uk