Dixons Carphone hit by data breach
The Dixons Carphone group has said in a statement that it has suffered a data breach that saw an attempt to compromise 5.9 million records relating to credit and debit cards.
Relating specifically to the systems of Currys PC World and Dixons Travel stores, the group said that some 5.8 million records were accessed relating to cards that were chip and PIN protected, but that more than 100,000 were not so protected, and efforts have been made to notify those card holders.
“We are extremely disappointed and sorry for any upset this may cause,” Alex Baldock, CEO, Dixons Carphone
Furthermore, the statement said the breach investigation revealed that 1.2 million records containing non-financial personal data, such as name, address or email address, had also been accessed.
The statement says: “We have no evidence of any fraud on these cards as a result of this incident”.
The card data accessed, the groups says, “contains neither pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made.”
With regard to the personally identifiable information (PII), the statement says “We have no evidence that this information has left our systems or has resulted in any fraud at this stage. We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take.”
The group said the relevant authorities have been notified.
This is not the first time the group has experienced such a breach, with a 2015 incident widely reported. In that incident, no Irish users were affected.
Inquiries have been made to the group and its PR company as to whether Irish customers have been affected in this new incident, but no response had been received at time of writing.
“We are extremely disappointed and sorry for any upset this may cause,” said Alex Baldock, chief executive, Dixons Carphone.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected.”
“Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge,” said Baldock.