Dixons Carphone uncovers cyber attack
Dixons Carphone has discovered a cyber attack in which hackers gained access to some customers’ payment cards and personal data details.
The discovery was made as part of a review of the retail group’s systems and data and resulted in it engaging cyber security experts and adding extra security measures to its systems. Having closed off access, Dixons Carphone said there was no evidence to show that the breach was continuing and no evidence to date of any fraudulent use of the data as result of the incidents.
The company found that there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores although 5.8 million of the cards had chip and pin protection. Dixons said the data accessed in respect of these cards contained neither pin codes, card verification values nor any authentication data to enable any cardholder identification or purchases to be made.
In addition, some 105,000 non-EU issued payment cards which do not have chip and pin protection were compromised. The company also found that 1.2 million records containing non-financial personal data, such as name, address or email address, had been accessed.
Dixons Carphone chief executive Alex Baldock said: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
“We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”
