Just two months ago Dixons Carphone admitted it was hacked in July 2017, leading to the leak of 5.9 million payment cards and 1.2m personal data records. Now the retailer states the data breach was even bigger, involving no less than 10 million customers.
The Carphone Warehouse and Currys PC World owner says the personal data includes names, addresses and email addresses. However it insists no bank records were included, and so far no evidence ponts to fraud resulting from the breach. As for the 5.9m payment cards, all but 105000 cards are protected by the chip and PIN system, meaning the attackers cannot access full card records from compromised databases.
"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," said Dixons Carphone CEO Alex Baldock says. "That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today."
The retailer adds it is "very sorry for any distress" and will be issuing apologies to customers. However it does not say how or when said apology takes place.
Is the breach connected to a similar incident from 2015? Dixons Carphone says it is not the case, the the UK Information Commissioner's Office (ICO) will be taking a very close look at the situation. Following the 2015 breach the retailer was fined £400000-- and the retailer is lucky the latest incident took place before GDPR came in place, otherwise it would be facing a much bigger fine.
Go Dixons Carphone Update on Unauthorised Data Access
Go Dixons Carphone Says Data Breach Affected 10 Million (BBC)
