Published on July 31st, 2018 | by The GC Team0
Dixons Carphone data breach hits 10 million
Dixons Carphone has announced that approximately 10 million records containing personal data may have been accessed during a data breach that took place in 2017 but was only discovered by the retailer in June this year.
Today the company said that it has found evidence that some of the data may have left its systems, but the records do not contain payment card or bank account details and there is no evidence that any fraud has resulted.
“We are continuing to keep the relevant authorities updated,” the retailer said in a statement.
“Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right,” said Chief Executive Alex Baldock.
“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”
Joseph Carson, Chief Security Scientist at cybersecurity firm Thycotic, said Dixons Carphone’s experience is a common one for many victims of a cybercrime.
“When you discover a breach, start your incident response and digital forensics, you will start to uncover many unexpected surprises.
“I believe that Dixons Carphone could [have] carried out better incident response and communications relating to the impacted customers. Like many companies have done in the past, they disclosed data breach numbers while the digital forensics was still ongoing, and we are likely still to find out the real impact of this data breach.”
Dixons Carphone said that, as a precaution, it is contacting all of its customers to apologise and advise on the steps they can take to protect themselves.
“Again,” said Baldock, “we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”