Dixons Carphone has said that it has been the victim of an “unauthorised data access” in which millions of customer bank card details were targeted over the past 12 months.
The company believed there were attempts since last July – only discovered over the past week – to compromise 5.9 million cards in one of its processing systems for Currys PC World and Dixons Travel stores.
Dixons Carphone Warehouse says there has been no evidence of fraud as a result of the hack, but there are a few general tips below if you’re worried:
- Regularly check your accounts. It’s good practice to regularly keep an eye on your bank accounts and credit card statements. If you spot anything unusual contact your provider immediately.
- Watch out for scams. Be alert and watch out for potential scam emails or calls – don’t simply assume they are genuine even if they look believable.
- Change your password. Dixons Carphone Warehouse doesn’t think any passwords were taken, but if you’re worried change your password, and change it on other sites where you have used the same one.
In a statement the company said :-
As part of a review of our systems and data, we have determined that there has been unauthorised access to certain data held by the company. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems. We have taken action to close off this access and have no evidence it is continuing. We have no evidence to date of any fraudulent use of the data as result of these incidents. We have also informed the relevant authorities including the ICO, FCA and the police.
Our investigation is ongoing and currently indicates that there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores. However, 5.8m of these cards have chip and pin protection. The data accessed in respect of these cards contains neither pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made. Approximately 105,000 non-EU issued payment cards which do not have chip and pin protection have been compromised. As a precaution we immediately notified the relevant card companies via our payment
provider about all these cards so that they could take the appropriate measures to protect customers. We have no evidence of any fraud on these cards as a result of this incident.
Separately, our investigation has also found that 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed. We have no evidence that this information has left our systems or has resulted in any fraud at this stage. We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take.
Dixons Carphone Chief Executive, Alex Baldock, said:
“We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”
Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.