Almost 16 million data records hacked in Dixons’ breach
● Breach bigger than first reported ● Bank card details accessed
Dixons Carphone has said a massive breach affected close to 16 million data records, including bank details and personal data.
The retailer revealed 5.9 million customer bank card details and 10 million personal data records were hacked in an attack over several months in the second half of last year in a far greater breach than first reported.
Originally Dixons Carphone said 1.2 million personal data records, which include customers’ names, emails and addresses, were impacted.
The company said in a statement: “Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017.
“While there is now evidence thatsomeofthisdatamayhave left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated.
“As a precaution, we are choosing to communicate to all of our customers to apologise and advise them of protective steps to minimise the risk of fraud.
“As we indicated previously, we have taken action to close off this access and have no evidence it is continuing.”
0 Dixons Carphone says its investigation is nearing completion
Dixons – the retailer behind Currys – has said 5.8 million of the payment cards targeted were protected by chip and pin, but around 105,000 noneu cards without chip and pin protection were compromised.
The firm is nearing the end of its investigation, which was aided by third-party cyber security experts.
The cyber attack is also the subject of a further investigation. The Information Commissioner’s Office (ICO), the National Crime Agency (NCA) and the Financial Conduct
Authority (FCA) are all taking an interest. An ICO spokesman said: “Our investigation into the incident is ongoing and we will take time to assess this new information.”
It is understood Dixons has found evidence of hacking activity from July 2017 onwards, but the company has not detailed exact dates.
Dixons Carphone said the relevant card companies had been notified, but there was no evidence of fraud on the cards as a result.