Dixons Carphone admits 10 million customers hit by data breach
The figure is much higher than earlier estimates says the retailer
Technology retail giant Dixons Carphone has admitted that the massive customer data breach that occurred last year involved far more people than was originally thought.
The retail group now says that the personal details of ten million people were leaked during the cyber attack that took place in July of last year. The figure is much greater than the 1.2 million estimate of six weeks ago, Sky News reports.
Data compromised in the attack includes dates of birth, addresses and phone numbers, the broadcaster says.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Last month Dixons admitted that the information of 5.9 million payment cards was also leaked last year, but the BBC says the majority of these were protected by chip and pin security systems.
As for the ten million customers thought to have been hit by the hack, there’s no fresh evidence to suggest the hackers stole their customer bank details, the news service adds.
Following the announcement, Dixons Carphone chief executive Alex Baldock apologised to customers. “We’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers”, he said.
Baldock said the company was “fully committed” to making customers’ personal data safe.
What happened?
Baldocks’s apology is unlikely to inspire customer confidence given the company’s recent security failures.
Initial reports from the retailer last month suggested Dixons Carphone was already aware of the full extent of the damage: the payment information of 5.9 million customers was leaked, as were the personal details of 1.2 million people.
Today’s announcement that the figure rose over eightfold from 1.2 million to ten million means the data breach is far more substantial than originally believed.
However, the company is keeping its lips sealed over how the data may have been used until the investigation is completed. No further details have been given by Dixons Carphone about the leaked card information and this suggests the figure of 5.9 million exposed customers hasn’t changed.
But while 5.8 million of those cards were protected, The Guardian says that 105,000 payment methods were not secured by chip and pin. Dixons Carphone has yet to reveal whether these accounts were compromised.
It’s still not known how the hack occurred, but the company says it has nearly completed its investigation into the incident and is “continuing to keep the relevant authorities updated”.
What should Dixons Carphone customers do?
The consumer watchdog Which? says the first step is for customers to change their login information, not just for Dixons Carphone stores, but also for any other online retailers and banking systems. A password with at least eight-characters and no evidence of names or locations is the perfect way to create secure login information.
The next step advised by the watchdog is for customers to “keep a close eye” on their bank accounts and other online accounts over the next few months.
“If you see anything unusual, contact your bank immediately and explain that you’ve been the victim of fraud”, Which? adds.
Be wary of strange emails requesting information or asking users to click on a link, says Tim. If the email looks legitimate but is asking for personal details, it’s best to contact the company that sent the message using a phone number provided on its website.
What happens next?
The National Crime Agency, along with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (ICO) began investigating the breach last month, the BBC says.
Dixons Carphone began its own investigation into what happened immediately after the hack was discovered in June, the company says.
The firm’s first step involved contacting every customer to apologise and advise them of protective steps to minimise the risk of fraud. Some non-financial data “may have left our systems”, said the firm.
Dixons has announced it will also be contacting the banks of 105,000 customers who used cards not protected by chip and pin in order to avoid potential fraudulent activity.
There’s no word on when the findings from the investigations will be revealed, but Dixons Carphone says its investigation is almost finished.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
7 beautiful towns to visit in Switzerland during the holidays
The Week Recommends Find bliss in these charming Swiss locales that blend the traditional with the modern
By Catherine Garcia, The Week US Published
-
The Week contest: Werewolf bill
Puzzles and Quizzes
By The Week US Published
-
'This needs to be a bigger deal'
Instant Opinion Opinion, comment and editorials of the day
By Justin Klawans, The Week US Published
-
The Internet Archive is under attack
Under the Radar The non-profit behind open access digital library was hit with both a data breach and a stream of DDoS attacks in one week
By Theara Coleman, The Week US Published
-
How cybercriminals are hacking into the heart of the US economy
Speed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
By The Week Staff Last updated
-
Inside the dark web: could it be shut down?
The Explainer The 'shrouded alleyway of the internet' is a haven for activists as well as for illicit activity
By The Week Staff Last updated
-
Tech trends 2019: folding phones, cyber crime and space tourism
The Week Recommends SpaceX, Blue Origin and Virgin Galactic head to the stars while Samsung’s flexing phone looks set to debut
By The Week Staff Last updated
-
Japanese cryptocurrency exchange promises refunds after hack
Speed Read Nearly £380m worth of NEM coins were stolen in the attack
By The Week Staff Last updated
-
Hackers break into Cex and steal customer records
Speed Read Two million thought to be affected by cyber attack on gaming store
By The Week Staff Published
-
Who is Jayden K Smith? Facebook hoax fools users worldwide
In Depth A message warning people not to accept friendship requests from an unknown 'hacker' is going viral
By The Week Staff Published
-
US charges two Russian spies over Yahoo hack
Speed Read Prosecutor refuses to rule out link with Moscow's alleged attempt to interfere with presidential election
By The Week Staff Published