Dixons Carphone reveals data breach affecting 5.9 million customers

Hacking targets customers of Currys PC World

Dixons Carphone reveals it has uncovered unauthorised access of customer’s data

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. Again, Dixons said there was no evidence that it had resulted in any fraud.

Video: Equifax teaches us what not to do after a data breach.

The company does not reveal when its systems were compromised; nor exactly when it discovered the intrusion; nor how long it took to launch an investigation - writing only that: "As part of a review of our systems and data, we have determined that there has been unauthorised access to certain data held by the company".

It said 5.8 million of these cards had chip and pin protection and the data accessed contained neither pin codes, card verification values nor any authentication data that would enable cardholder identification or purchases to be made.

The company said the probe was continuing, but it had found that there was an attempt to compromise 5.9m cards in one of the processing systems of Currys PC World and Dixons Travel stores.

The company said that of the cards not secured with chip and pin, none were reported to have been misused, the rest of the cards should be secure.

Dixons says it doesn't believe that the attackers have anything like the amount of data required to use the cards fraudulently.

It's also been keen to stress that it has found no evidence of fraud taking place due to the breach, and that includes the 1.2 million personal records containing names, addresses, and emails.

The Information Commissioner's Office (ICO), the Financial Conduct Authority and law enforcement have all been informed about the attack.

"We are extremely disappointed for any upset this may cause".

It said it had called in cyber experts and added extra security to its systems following the breach, while also since calling in the police and relevant authorities.

The National Cyber Security Centre has warned people to be mindful of potential fraud and follow-up campaigns.

Others compared the Dixons Carphone breach to the compromise of USA retailer Target in arguing lessons have not been learned.

"We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take", the company adds.

Latest News