Dixons Carphone Data Breach Hits 10m Users

Uploaded on 2018-08-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A data breach at electronics retailer Dixons Carphone is almost ten times larger than the company first thought. Personal information of 10 million customers, including names, addresses, and email addresses, are thought to have been accessed by outsiders, massively up from the originally stated figure of 1.2 million.

The company uncovered further evidence of personal data being accessed during its investigation into the breach, which first occurred in July 2017 but only came to light this June.

As part of the attack, hackers also attempted to access 5.9 million payment card details, but Dixons Carphone has previously stated that chip-and-pin protection should prevent these details being used for fraud.

However, the number of accounts accessed makes it one of the largest breaches to involve a UK company.

No information has been provided on how the attackers managed to gain access to such a large amount of data, but the company says an investigation being carried out with the aid of cyber security experts is nearing completion.

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Alex Baldock, chief executive of Dixons Carphone, said in a statement.

"That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today."

There have been no reports of fraud resulting from the breach, but Baldock once again apologised to customers for the incident.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us," he said.

The company says it's making improvements to its security environment by enhancing its monitoring and testing abilities.

Upon discovering the breach last month, Dixons Carphone reported it to the National Cyber Security Centre and the Information Commissioner's Office, and the company states it continues to keep both organisations updated.

"Our investigation into the incident is ongoing and we will take time to assess this new information," an ICO spokesperson told ZDNet.

"In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The initial breach came to light weeks after the GDPR came into force. However, the breach occurred in 2017, when the 1998 Data Protection Act was still in place.

ZDNet

You Might Also Read:

TalkTalk Still Feeling The Effects Of Cyber Attack:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

 

 

« Surveillance Cameras That Spot Your Personality Type
Alaska Dusts Off Its Typewriters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

QEDIT

QEDIT

QEDIT is leading the standardization of Zero-Knowledge Proofs through the ZKProof.org Workshops, and builds production-grade ZKP systems for blockchain.

HTX (Home Team Science & Technology Agency)

HTX (Home Team Science & Technology Agency)

HTX brings together science and engineering capabilities to transform the homeland security landscape and keep Singapore safe.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.