NCSC Investigate Giant Dixons Data Breach

Uploaded on 2018-06-15 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Dixons Carphone, the electricals and mobile phone dealer has said 5.9 million credit card numbers have been potentially hacked and that 1.2 million personal details have been opened and stolen. Now an arm of GCHQ, the National Cyber Security Centre (NCSC) is now working with Dixons Carphone on mitigation measures after a major privacy data breach that was revealed recently.

The National Cyber Security Centre (NCSC) has said it was working alongside the retailer and other agencies, such as the Information Commissioner’s Office and Financial Conduct Authority, regarding the cyber-attack on 5.9 million payment card details and 1.2 million personal data records.

The cyber-attack was reportedly caused by an advanced computer virus, or malware, which penetrated processing systems at Currys PC World and Dixons Travel stores. The breach happened in July last year but it was only discovered last week after a review of Dixon Carphone’s systems.

“Anyone concerned about fraud or lost data should contact Action Fraud and we recommend that people are vigilant against any suspicious activity on their bank accounts,” the NCSC said.

Although the breach was discovered over the past week, the fact it occurred within the last year, before the new European General Data Protection Regulation (GDPR) rules came into effect on May 25, the maximum possible fine imposed would be £500,000.

How did the breach happen?
What the exact type of attack this was is still being investigated by the company and various regulatory and data governing supervisory bodies. Cyber security and GDPR questions are already being asked about Dixons protection and security of its client’s data. 

Under the new GDPR rules, Dixons Carphone would be fined up to four per cent of its annual global revenue, which is estimated to be around £423 million. Dixons Carphone said it had brought in cyber-security experts to investigate the data breach and implemented extra security measures across its systems.

It stressed that it detected no attempts to defraud the leaked cards and had contacted the relevant card companies, alongside the police and relevant authorities.

“We are extremely disappointed and sorry for any upset this may cause,” Chief Executive Alex Badock said recently.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.”

Retail Gazette

You Might Also Read: 

UK Fraud Hits £1.1bn As Cyber Crime Soars:

TalkTalk Still Feeling The Effects Of Cyber Attack:

GDPR Is Now Effective:

 

« Cyber Security Intelligence Website Upgrade
World First Police 3D Security Scanner »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CertiKit

CertiKit

CertiKit produce toolkit products that accelerate the adoption of ISO/IEC standards, including ISO 27001, helping organizations all over the world to realize the benefits as soon as possible.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.

Hakai Security

Hakai Security

Hakai is a consulting firm specializing in information security that offers customized services and products to meet the needs and goals of each business.