A Dixons Carphone hack has disclosed by the company today revealing that up to 5.9 million customer records were targeted. The good news is they say that there is currently no evidence to date of any fraudulent use of the data as result of these incidents.
Dixons Carphone have launched an investigation, engaged leading cyber security experts and added extra security measures to their systems. They have taken action to close off this access and have also informed the relevant authorities including the ICO, FCA and the police.
Bank card data accessed
Of the 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores, 5.8m of these cards have chip and pin protection. The data accessed in respect of these cards contains neither pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made.
Approximately 105,000 non-EU issued payment cards which do not have chip and pin protection have been compromised. As a precaution Dixons Carphone immediately notified the relevant card companies via their payment provider about all these cards so that they could take the appropriate measures to protect customers.
Personal information data accessed
Dixons Carphone’s investigation has also found that 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed. They have no evidence that this information left their systems or has resulted in any fraud at this stage. Dixons Carphone are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take.
Dixons Carphone Chief Executive Statement
“We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”
– Alex Baldock, Chief Executive, Dixons Carphone
GDPR or Data Protection?
We have no idea whether the incident will come under the old Data Protection Act or GDRP, although as the incident has only just come to light it will probably be GDPR. However fines are the least of there worries as their share price dropped around 4% after the disclosure this morning. The bad press will inevitably be worse than sanctions, but in reality it’s unlikely to stop shoppers from visiting their stores or buying on their website. Consumers are remarkably blase about such incidents as they happen so frequentl, unless they see a personal impact through fraudulent use of their data.