Dixons Carphone admits 10 million customers hit by data breach

Technology retail giant Dixons Carphone has admitted that the massive customer data breach that occurred last year involved far more people than was originally thought.

The retail group now says that the personal details of ten million people were leaked during the cyber attack that took place in July of last year. The figure is much greater than the 1.2 million estimate of six weeks ago, Sky News reports.

Data compromised in the attack includes dates of birth, addresses and phone numbers, the broadcaster says.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Last month Dixons admitted that the information of 5.9 million payment cards was also leaked last year, but the BBC says the majority of these were protected by chip and pin security systems.

As for the ten million customers thought to have been hit by the hack, there’s no fresh evidence to suggest the hackers stole their customer bank details, the news service adds.

Following the announcement, Dixons Carphone chief executive Alex Baldock apologised to customers. “We’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers”, he said.

Baldock said the company was “fully committed” to making customers’ personal data safe.

What happened?

Baldocks’s apology is unlikely to inspire customer confidence given the company’s recent security failures.

Initial reports from the retailer last month suggested Dixons Carphone was already aware of the full extent of the damage: the payment information of 5.9 million customers was leaked, as were the personal details of 1.2 million people.

Today’s announcement that the figure rose over eightfold from 1.2 million to ten million means the data breach is far more substantial than originally believed.

However, the company is keeping its lips sealed over how the data may have been used until the investigation is completed. No further details have been given by Dixons Carphone about the leaked card information and this suggests the figure of 5.9 million exposed customers hasn’t changed.

But while 5.8 million of those cards were protected, The Guardian says that 105,000 payment methods were not secured by chip and pin. Dixons Carphone has yet to reveal whether these accounts were compromised.

It’s still not known how the hack occurred, but the company says it has nearly completed its investigation into the incident and is “continuing to keep the relevant authorities updated”.

What should Dixons Carphone customers do?

The consumer watchdog Which? says the first step is for customers to change their login information, not just for Dixons Carphone stores, but also for any other online retailers and banking systems. A password with at least eight-characters and no evidence of names or locations is the perfect way to create secure login information.

The next step advised by the watchdog is for customers to “keep a close eye” on their bank accounts and other online accounts over the next few months.

“If you see anything unusual, contact your bank immediately and explain that you’ve been the victim of fraud”, Which? adds.

Be wary of strange emails requesting information or asking users to click on a link, says Tim. If the email looks legitimate but is asking for personal details, it’s best to contact the company that sent the message using a phone number provided on its website.

What happens next?

The National Crime Agency, along with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (ICO) began investigating the breach last month, the BBC says.

Dixons Carphone began its own investigation into what happened immediately after the hack was discovered in June, the company says.

The firm’s first step involved contacting every customer to apologise and advise them of protective steps to minimise the risk of fraud. Some non-financial data “may have left our systems”, said the firm.

Dixons has announced it will also be contacting the banks of 105,000 customers who used cards not protected by chip and pin in order to avoid potential fraudulent activity.

There’s no word on when the findings from the investigations will be revealed, but Dixons Carphone says its investigation is almost finished.