Weekend Argus (Saturday Edition)
British firm hit by largest data breach
Details of 5.9 million payment cards stolen
ONE of the worst British cyber attacks was only discovered after the hackers had been inside the system for almost a year.
Unbeknown to electronics giant Dixons Carphone, hackers were able to steal the bank details of 5.9 million payment cards and the personal data records of a further 1.2 million.
The hack was revealed after new chief executive Alex Baldock, who has been at the helm for 10 weeks, ordered an urgent review into the firm’s online safety. Weeks in, he discovered hackers had been inside its systems since July last year.
The retailer reassured customers that 5.8 million payment cards were protected by chip and pin. Around 105 000 non-EU cards without this protection were compromised.
The timing of the hack means Dixons is likely to avoid a fine of almost £20 million (about R355 million). Because it happened last year, the firm is likely to fall under old data laws rather than the European General Data Protection Regulation rules that came into force on May 25.
Under the new laws, firms can be fined up to £17m for a significant data breach.
But the Information Commissioner’s Office warned Dixons could still face a multimillion pound fine if it emerges it learned of the hack before they made it public. A spokesperson said: “We will look at when the incident happened and when it was discovered… this will inform whether it is dealt with under the 1998 or 2018 Data Protection Acts.”
Baldock told the Mail: “One of the early things I did is… launch a review of our systems and our data. As part of that review, we determined that this breach had occurred. Even though the breach itself dates back to July last year, we have got clarity on it in the past week. We are coming out early, very early, in the process.”
The sheer number of people affected makes it the largest UK data breach to date involving financial information. By comparison, when pay day lender Wonga was hacked last year, the bank details of 245 000 customers were exposed.
Solicitors said it could see Dixons shell out vast sums in compensation to customers who face being targeted by scammers.
Sean Humber, of Leigh Day, said: “Those affected are likely to have claims for compensation not only for any financial losses… but also for the anxiety and distress caused.”
Baldock described the hack as “a sophisticated attack” using “advanced malware”.
In a grovelling apology, he said: “It is extraordinarily disappointing, and I am extremely sorry, and I am unhappy we let… our customers down.”
The scandal comes after Carphone Warehouse, now owned by Dixons Carphone, was fined £400 000 by the ICO in January following a hack hitting more than 3 million customers in 2015. – Daily Mail