Dixons Carphone admits hack far bigger than originally thought

Approximately 10 million personal records could have been accessed in security breach.

Dixons Carphone admits hack far bigger than originally thought

Earlier this summer, customers of popular UK high street stores Currys PC World, Carphone Warehouse, and Dixons Travel were warned that hackers had breached one of the processing systems used by its stores, and made off with 5.9 million payment cards and the personal data records of 1.2 million individuals.

Now parent company Dixons Carphone is saying that some 8.8 million *more* customers may be impacted by the breach which occurred in 2017.

The silver lining on the cloud, however, is that Dixons Carphone believes that these breached records do not contain payment card information or bank account details. It also says that it has seen no evidence that any fraud has taken place as a result of the breach.

Sign up to our free newsletter.
Security news, advice, and tips.

Nonetheless, there’s clearly ample opportunity for scammers to use breached details such as customers’ contact information and email addresses in an attempt to defraud unsuspecting customers.

Dixons Carphone Chief Executive Alex Baldock has apologised to customers:

“Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”

“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

The company is no stranger to finding itself in the media spotlight over hacks.

In 2015, Carphone Warehouse (which was then a separate company) warned that approximately three million customers had been put at risk after its IT systems were breached by hackers.

The hack resulted in the Information Commissioner’s Office (ICO) issuing a £400,000 fine earlier this year.

Listen to more discussion about this topic in this episode of the “Smashing Security” podcast:

Smashing Security #089: 'Data breaches, ransomware, Bitcoin robberies, and typewriters'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Dixons Carphone admits hack far bigger than originally thought”

  1. Lee E Grant

    Do you think this could be the first time we'll see the ICO flex their GDPR wings?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.