Millions affected by latest cyber attack at Dixons Carphone
DIXONS Carphone has become the latest British firm to fall victim to a cyber attack after revealing 5.9 million customer bank card details and 1.2 million personal data records have been hacked.
The retailer behind Currys said that while 5.8 million of the payment cards targeted were protected by chip and pin, around 105,000 non-EU cards without chip and pin protection were compromised.
Dixons Carphone said relevant card companies had been notified, but added that there was no evidence of fraud on the cards as a result of the incident.
It added that its investigation had also found that hackers accessed non-financial personal data — such as name, address or email details — for 1.2 million customer records.
The group is contacting all those affected, but sought to assure customers it had no evidence that this had resulted in fraud.
It said it had called in cyber
Apology: Alex Baldock
experts and added extra security following the breach, while also since calling in the police and relevant authorities.
Dixons Carphone chief executive Alex Baldock admitted the group had “fallen short” of its responsibility to protect customer data.
The National Crime Agency said that it is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (ICO) to “understand what’s happened”.
A spokesman for the ICO said: “Anyone concerned about lost data and how it may be used should follow the advice of Action Fraud.”
Dixons Carphone was fined £400,000 by the ICO in January after a 2015 cyber attack exposed the personal data of more than three million customers.
The latest data breach began in July last year, well before May 25, when new European General Data Protection Regulation (GDPR) rules came into force.
It means that Dixons Carphone will likely escape hefty fines under the new regime, which can be up to €20m for a significant data breach.
Dixons Carphone shares fell as much as 4% soon after the market opened.
Mr Baldock added: “We are extremely disappointed and sorry for any upset this may cause.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.
“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”