Dixons Carphone Data Breach: What to Do If You Are Affected
Dixons Carphone has become the victim of an immense data breach, which exposed 5.9 million credit and debit cards over 1 million of their customers' private files.
The breach reportedly began July 2017 and an investigation into it by the authorities has been launched.
Dixons Carphone representatives have claimed that the company had no proof that any of the stolen cards had been used by the thieves yet.
Dixons reps phrased it as "an attempt to compromise" 5.9 million payment cards but according to them, only 105,000 of those cards were without chip-and-pin protection and were leaked.
Also, apparently the cybercriminals attempted to gain entree into one of the systems of Currys PC World and Dixons Travel stores.
Dixons Carphone shares have seen a sharp decline since the breach was announced.
The data breach is a pretty big incident. Normally, when a company is the victim of a hack they're quick to reassure its clients that they were not compromised (even if that's not strictly true). However, that's not what's happening here. Dixons Carphone reps have all but admitted that nearly 6 million payment cards were leaked by the hackers. Fortunately, most of those are protected by chip-and-pin protection, and the other 105,000 unprotected hards haven't been used yet.
That doesn't mean Dixons Carphone is in the clear. It still needs to answer for the breach itself. The company has yet to explain why it didn't report the incident for nearly a whole year.
According to the company itself, they only recently discovered the data breach, but the UK Information Commissioner's Office disagrees. They fined Dixons Carphone £400,000 for a data breach in 2015 and are looking into the situation very closely. The one silver lining for Dixons is that the breach happened before the GDPR had been implemented, which would have resulted in even bigger fines.
What did the hackers get?
Well, aside from the 5.9 million credit and debit cards, the cybercriminals got 1.2 million private data records, which are mostly non-financial information including names, physical addresses, and emails.
The company claimed it had no evidence that the data left their system but affected clients are being contacted just in case. According to Dixons Carphone reps if you haven't been contacted then you're probably safe. Dixons is also hiring cybersecurity experts to aid in the investigation and strengthen the firm defenses.
"The protection of our data has to be at the heart of our business, and we've fallen short here. We've taken action to close off this unauthorized access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously," Alex Baldock, Dixons Carphone chief executive said.