Dixons Carphone Data Breach Hits 10m Users

Uploaded on 2018-08-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A data breach at electronics retailer Dixons Carphone is almost ten times larger than the company first thought. Personal information of 10 million customers, including names, addresses, and email addresses, are thought to have been accessed by outsiders, massively up from the originally stated figure of 1.2 million.

The company uncovered further evidence of personal data being accessed during its investigation into the breach, which first occurred in July 2017 but only came to light this June.

As part of the attack, hackers also attempted to access 5.9 million payment card details, but Dixons Carphone has previously stated that chip-and-pin protection should prevent these details being used for fraud.

However, the number of accounts accessed makes it one of the largest breaches to involve a UK company.

No information has been provided on how the attackers managed to gain access to such a large amount of data, but the company says an investigation being carried out with the aid of cyber security experts is nearing completion.

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Alex Baldock, chief executive of Dixons Carphone, said in a statement.

"That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today."

There have been no reports of fraud resulting from the breach, but Baldock once again apologised to customers for the incident.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us," he said.

The company says it's making improvements to its security environment by enhancing its monitoring and testing abilities.

Upon discovering the breach last month, Dixons Carphone reported it to the National Cyber Security Centre and the Information Commissioner's Office, and the company states it continues to keep both organisations updated.

"Our investigation into the incident is ongoing and we will take time to assess this new information," an ICO spokesperson told ZDNet.

"In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The initial breach came to light weeks after the GDPR came into force. However, the breach occurred in 2017, when the 1998 Data Protection Act was still in place.

ZDNet

You Might Also Read:

TalkTalk Still Feeling The Effects Of Cyber Attack:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

 

 

« Surveillance Cameras That Spot Your Personality Type
Alaska Dusts Off Its Typewriters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.

Ciena

Ciena

Ciena is a global leader in optical and routing systems, services, and automation software. We build the world’s most adaptive networks to address ever-increasing digital demands.