The Courier & Advertiser (Perth and Perthshire Edition)
Currys’ owner admits hackers stole details
High street firm says no evidence so far to suggest fraud carried out on cards but personal details also accessed
Dixons Carphone has become the latest British firm to fall victim to a cyber attack after revealing 5.9 million customer bank card details and 1.2 million personal data records were hacked.
The retailer behind Currys said that while 5.8 million of the payment cards targeted were protected by chip and pin, around 105,000 non-EU cards without chip and pin protection were compromised.
Dixons Carphone said relevant card companies had been notified, but added that there was no evidence of fraud on the cards as a result of the incident.
It added that its investigation had also found that hackers accessed nonfinancial personal data – such as name, address or email details – for 1.2 million customer records.
It said it had called in cyber experts and added extra security to its systems following the breach.
Dixons Carphone chief executive Alex Baldock admitted the group had “fallen short” of its responsibility to protect customer data.
A spokesman for the Information Commissioner’s Office (ICO) said: “An incident involving Dixons Carphone has been reported to us and we are liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers.
“Anyone concerned about lost data and how it may be used should follow the advice of Action Fraud.”
Dixons Carphone was fined £400,000 by the ICO in January after a 2015 cyber attack exposed the personal data of more than three million customers.
Mr Baldock added: “We are extremely disappointed and sorry for any upset this may cause.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.
“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”
Dixons said the hack occurred in one of the processing systems of Currys PC World and Dixons Travel stores.
It said the data accessed did not contain Pin codes, card verification values (CVV) or any authentication data allowing cardholder identification or a purchase to be made.
The group added it did not believe the personal data accessed had left the group’s systems, but was advising those affected on protective steps they should take.
The protection of our data has to be at the heart of our business, and we’ve fallen short here ALEX BALDOCK
We are constantly being reminded to keep our personal data safe. Passwords used to access online accounts should, we are told, be ever more complex. The implication is that – unless we employ Byzantine access codes with a mixture of capital letters, symbols and random numbers – we will only have ourselves to blame if our personal details are stolen and our bank accounts drained.
But what if those we trust with our personal data have not taken similar precautions to keep us safe?
Yesterday it was revealed that Dixons Carphone had fallen foul of a cyber attack, resulting in the bank card details of almost six million customers being hacked.
It is a terrifying breach – but hardly unique.
In fact the firm is only the latest in a long line of huge companies to have been hacked.
Yet Dixons Carphone is unusual in that it has previous in this area.
The firm has already been fined £400,000 after a 2015 cyber attack exposed personal data. In that instance more than three million customers were potentially affected.
To compromise the security of so many customers once is troubling, to do so twice beyond careless.
It is quite right that members of the public are warned of the dangers when setting their own security measures – can we truly be confident that those we have no option but to trust are similarly careful?