Dixons Carphone discovers unauthorised data access

  • Dixons Carphone discovers unauthorised data access

Dixons Carphone discovers unauthorised data access

Retailer Dixons Carphone announced on Wednesday it had uncovered a major breach involving millions of people's data.

The retailer said there was a likely attempt to compromise millions of cards in a processing system for Currys PC World and Dixons Travel stores. As of now, there are no known cases of any fraudulent use of the compromised data, the company claims.

However, the firm said that 5.8million of the cards have chip and pin protection and that pin codes and CVV numbers were not accessed.

It's also been keen to stress that it has found no evidence of fraud taking place due to the breach, and that includes the 1.2 million personal records containing names, addresses, and emails. It has informed police, regulators at the Information Commissioner's Office and the Financial Conduct Authority.

Dixons Carphone chief exec Alex Baldock apologised to customers for the inconvenience, adding (as is standard in post-breach statements) that the company takes security seriously. "The protection of our data has to be at the heart of our business, and we've fallen short here", he added.

Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers.

A Dixons Carphone spokesperson told ZDNet that the breach began in July previous year - there's been no information provided as to when it was discovered. But around 105,000 of them were issued outside the European Union and do not have the same protections.

"The National Cyber Security Centre is working with Dixons Carphone plc and other agencies to understand how this data breach has affected people in the United Kingdom and advise on mitigation measures", an NCSC spokesperson told ZDNet.

The company has launched an investigation into the incident and is said to be engaged with cyber security experts.

According to a statement made by the company, the security breach was discovered during a recent review of the company's systems and data.

Dixons Carphone said that action had been taken to close off the access, and there was no evidence to suggest it was continuing.

'We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take.