Tag: dixons carphone

Dixons Fined for Data Breach

Dixons Carphone has been fined £500,000 by the data watchdog over a computer hack which compromised the personal information of at least 14 million people.

The Information Commissioner’s Office found that hackers were able to access the names, postcodes, email addresses and failed credit checks of millions of people.

The data also included the details of 5.6 million payment cards used between July 2017 and April 2018.

Dixons Carphone says it has no confirmed evidence of any customers suffering fraud or financial loss as a result of the hack.

What Should Business Do to Protect Itself?

  1. Invest in expert cyber security and keep it up to date
  2. Maintain all computer devices with anti-virus and anti-malware and keep that up to date
  3. Regularly check all financial accounts. If you spot anything unusual, contact your provider immediately.
  4. Train staff on security procedures e.g. how to spot phishing attempts
  5. Stay up to date with protection against latest threats
  6. Remember that human beings are usually the weakest link in security.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Dixons Carphone Data Breach

Dixons Carphone admitted there had been a data breach in 2017 which included 5.8 million credit and debit cards.  105,000 of those cards are not the chip-and-pin type. The chip and pin cards are assumed to be safe from fraud but this may be a false assumption.

Apparently, the hackers had tried to gain access to one of the processing systems used by Currys PC World and Dixons Travel stores.

Dixons also announced that the personal details of 1.2 million people (name, address, email address) may have been exposed.

STOP PRESS: Dixons Carphone has just increased that estimate from 1.2 million to 10 million people whose information may have been compromised.

Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.

The incident happened before the new GDPR regulation came into force or Dixons Carphone would be looking at potentially much higher fines than currently expected.

Dixons Carphone said that “unauthorised access” of data held by the company had prompted an investigation, the hiring of external security experts and efforts to shore up its security defences. It has informed police, regulators at the Information Commissioner’s Office and the Financial Conduct Authority.

The data about these cards that may have been compromised does not contain PIN numbers or the CVV number and does not contain authentication data that would enable cardholder identification or a purchase to be made.  At least that’s the theory, but hackers and scammers can use starting information to get access to more information and then perpetrate fraud.

“The National Cyber Security Centre is working with Dixons Carphone plc and other agencies to understand how this data breach has affected people in the UK and advise on mitigation measures.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature