Dixons Carphone discovers unauthorised data access


The company, which trades under names including Currys PC World, Carphone Warehouse and Dixons Travel, says that two separate incidents have led to the theft of around 1.2 million general user data files and a whopping 5.9 million card details. Again, Dixons said there was no evidence that it had resulted in any fraud.

Baldock joined Dixons Carphone in April and last month the group warned on profits and said it would have to close shops, wiping more than 500 million pounds off its stock market value. Paul German, CEO at Certes Networks, commented: "Despite the well-publicised Target data breach, it seems that other retailers are still not adopting appropriate cybersecurity strategies".

According to a statement made by the company, the security breach was discovered during a recent review of the company's systems and data.

Dixons Carphone chief exec Alex Baldock apologised to customers for the inconvenience, adding (as is standard in post-breach statements) that the company takes security seriously.

Pin codes, card verification values (CVV), and authentication data enabling holder identification or purchases were not stored in the data.

It said an investigation, which started last week, indicated there was an attempt, going back to July a year ago, to compromise data on 5.9 million credit cards in one of the processing systems of Currys PC World and Dixons Travel stores.

The breach was now being investigated by police, it said, while regulators had also been informed.

The remaining 105,000 cards are a non-EU issue and these will be vulnerable to fraud.

It said it had called in cyber experts and added extra security to its systems following the breach, while also since calling in the police and relevant authorities. The company says there's no evidence of fraudulent activity, but those affected have been notified.

He said: "We are extremely disappointed and sorry for any upset this may cause".

The group added it did not believe the personal data accessed had left the group's systems, but was advising those affected on protective steps they should take.

Yesterday also saw Yahoo's United Kingdom arm fined £250,000 for a data breach in 2014 which affected more than 500 million users.