Dixons Carphone finds data breach and over a million records accessed

Marco Green
June 13, 2018

After British retailer Dixons Carphone admitted a major data breach involving 5.9 million payment cards and 1.2m personal data records many customers will be anxious they could be affected - here's how to find out. "The protection of our data has to be at the heart of our business, and we've fallen short here", he added.

Dixons Carphone will be contacting the 1.9 million people who have had their personal data breached and says it has already plugged the hole in its systems.

The group said that, while 5.8 million of the payment cards targeted were protected by chip and pin, around 105,000 non-EU cards without chip and pin protection were compromised. It also confirms it has informed the UK's data watchdog the ICO, financial conduct regulator the FCA, and the police.

"We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously".

The data did not contain pin codes, card verification values (CVV) or any authentication data according to Dixons Carphone.

'We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously. "We have no evidence of any fraud on these cards as a result of this incident", it writes.

Dixons Carphone says the hack began in July previous year, so if you purchased anything or used their services since summer 2017, you may have been caught up. "As a multinational organisation, Dixons Carphone would have been well aware of the Target breach". It said since the 2015 attack it had worked extensively with cyber security experts to upgrade its security systems.

Given the small number of affected cards and the fact that personal data did not leave the network, it's unlikely the firm will be in for a major GDPR fine, unless it emerges that the hackers took advantage of serious deficiencies in the firm's cyber-defenses.

"The fact this only came to light now thanks to a review of the company's systems and data and actually occurred in 2017 is also cause for some concern", he said.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER