Weekend Argus (Saturday Edition)

British firm hit by largest data breach

Details of 5.9 million payment cards stolen

-

ONE of the worst British cyber attacks was only discovered after the hackers had been inside the system for almost a year.

Unbeknown to electronic­s giant Dixons Carphone, hackers were able to steal the bank details of 5.9 million payment cards and the personal data records of a further 1.2 million.

The hack was revealed after new chief executive Alex Baldock, who has been at the helm for 10 weeks, ordered an urgent review into the firm’s online safety. Weeks in, he discovered hackers had been inside its systems since July last year.

The retailer reassured customers that 5.8 million payment cards were protected by chip and pin. Around 105 000 non-EU cards without this protection were compromise­d.

The timing of the hack means Dixons is likely to avoid a fine of almost £20 million (about R355 million). Because it happened last year, the firm is likely to fall under old data laws rather than the European General Data Protection Regulation rules that came into force on May 25.

Under the new laws, firms can be fined up to £17m for a significan­t data breach.

But the Informatio­n Commission­er’s Office warned Dixons could still face a multimilli­on pound fine if it emerges it learned of the hack before they made it public. A spokespers­on said: “We will look at when the incident happened and when it was discovered… this will inform whether it is dealt with under the 1998 or 2018 Data Protection Acts.”

Baldock told the Mail: “One of the early things I did is… launch a review of our systems and our data. As part of that review, we determined that this breach had occurred. Even though the breach itself dates back to July last year, we have got clarity on it in the past week. We are coming out early, very early, in the process.”

The sheer number of people affected makes it the largest UK data breach to date involving financial informatio­n. By comparison, when pay day lender Wonga was hacked last year, the bank details of 245 000 customers were exposed.

Solicitors said it could see Dixons shell out vast sums in compensati­on to customers who face being targeted by scammers.

Sean Humber, of Leigh Day, said: “Those affected are likely to have claims for compensati­on not only for any financial losses… but also for the anxiety and distress caused.”

Baldock described the hack as “a sophistica­ted attack” using “advanced malware”.

In a grovelling apology, he said: “It is extraordin­arily disappoint­ing, and I am extremely sorry, and I am unhappy we let… our customers down.”

The scandal comes after Carphone Warehouse, now owned by Dixons Carphone, was fined £400 000 by the ICO in January following a hack hitting more than 3 million customers in 2015. – Daily Mail

?? PICTURE: REUTERS/AFRICAN NEWS AGENCY (ANA) ?? A supporter of the Colombian national football team cheers during a gathering on the first day of the 2018 Fifa World Cup in Moscow, Russia, this week.
PICTURE: REUTERS/AFRICAN NEWS AGENCY (ANA) A supporter of the Colombian national football team cheers during a gathering on the first day of the 2018 Fifa World Cup in Moscow, Russia, this week.

Newspapers in English

Newspapers from South Africa