Dixons Carphone admitted there had been a data breach in 2017 which included 5.8 million credit and debit cards. 105,000 of those cards are not the chip-and-pin type. The chip and pin cards are assumed to be safe from fraud but this may be a false assumption.
Apparently, the hackers had tried to gain access to one of the processing systems used by Currys PC World and Dixons Travel stores.
Dixons also announced that the personal details of 1.2 million people (name, address, email address) may have been exposed.
STOP PRESS: Dixons Carphone has just increased that estimate from 1.2 million to 10 million people whose information may have been compromised.
Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.
The incident happened before the new GDPR regulation came into force or Dixons Carphone would be looking at potentially much higher fines than currently expected.
Dixons Carphone said that “unauthorised access” of data held by the company had prompted an investigation, the hiring of external security experts and efforts to shore up its security defences. It has informed police, regulators at the Information Commissioner’s Office and the Financial Conduct Authority.
The data about these cards that may have been compromised does not contain PIN numbers or the CVV number and does not contain authentication data that would enable cardholder identification or a purchase to be made. At least that’s the theory, but hackers and scammers can use starting information to get access to more information and then perpetrate fraud.
“The National Cyber Security Centre is working with Dixons Carphone plc and other agencies to understand how this data breach has affected people in the UK and advise on mitigation measures.
Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.