Up to 10 million customers now affected

Share

London-based Dixons Carphone is a multinational electrical and telecommunications retailer and services company that owns and operates a number of brands throughout Europe, including Carphone Warehouse, Currys, Dixons Travel and PC World.

Dixons Carphone revealed on Tuesday that about 10m records containing personal data may have been accessed in a data breach a year ago, up from its original estimate of 1.2m customers.

It was the second major cyber attack in three years on the company, which has about 22 million customers in the United Kingdom and Ireland.

It said these records do not contain payment card or bank account details and there was no... "We are continuing to keep the relevant authorities updated", the company noted.

The company made details of the hacking attempt - which began in July 2017 - public in June, adding there was no evidence any of the 5.9m targeted payment cards had been used fraudulently. "The good news is that they are working with cybersecurity professionals and implementing security and protection from unauthorised access which for many companies is still a major gap in cybersecurity today", he added.

Although no cases of fraud have been reported as a result of this breach, CEO Alex Baldock said it was contacting all customers to apologise and offer advice on action they can take to protect themselves. Still it claimed there had been no evidence of fraudulent activity as a result of the breach.

While almost all of the 5.9m cards were protected by chip and pin, information from around 105,000 cards without the security layer were potentially compromised.

More news: Barcelona defender completes move to Everton
More news: Palace holding meetings on how to deal with Duchess Meghan's father
More news: RBI hikes lending rate, loans likely to become dearer

However, the number of accounts accessed makes it one of the largest breaches to involve a United Kingdom company.

The National Crime Agency said after the announcement in June that it is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner's Office (ICO) to "understand what's happened".

The National Crime Agency, National Cyber Security Centre, the Financial Conduct Authority and Information Commissioner's Office (ICO) are all now investigating the breach.

The 8.8 million customer personal records the company flagged up on Tuesday, relating to dates of birth, addresses and phone numbers, take the total number of personal records affected to 10 million.

"Our investigation into the incident is ongoing and we will take time to assess this new information", the ICO says.

Dixons said it had put further security measures in place to prevent future cyber attacks after the breach, which was one of the biggest data breaches at a single firm. The ICO added that it expected the company to alert all affected customers in the United Kingdom and take all necessary steps to reduce harm to consumers.

Baldock said the company was "fully committed" to making customers' personal data safe.

Share