Published on June 13th, 2018 | by The GC Team0
Dixons Carphone owns up to “huge” data breach
Dixons Carphone, which has seen big changes at the top this year as Finance Director Humphrey Singer, CEO Seb James and UK & Ireland CEO Katie Bickerstaffe departed in quick succession, prior to an announcement at the end of last month that 92 stores were to close, has now revealed that a “huge” data breach, potentially involving 5.9 million payment cards and 1.2 million personal data records, has just come to light.
Although the hacking attempt reportedly began nearly a year ago, in July 2017, the company says it was only discovered a week ago, and is being investigated.
The hackers attempted to access a Currys PC World and Dixons Travel stores processing system, but there is “no evidence” that any of the 5.9 million cards has been fraudulently used. The majority of the potentially compromised cards were protected with chip & pin.
This is a further challenge for relatively new Chief Executive Alex Baldock, already coping with a profits warning, the announcement that 92 stores were to close, and a drop in the company’s share price. Shares fell another 3% in afternoon trading today on news of the data breach. If there is any grain of comfort, it is that this breach occurred before the new GDPR legislation came into force with its massively increased penalties. In 2015, before the merger of Carphone Warehouse and Dixons, the UK Information Commissioner’s Office fined Carphone Warehouse £400,000 for a data breach.
In a statement issued today the company said: “As part of a review of our systems and data, we have determined that there has been unauthorised access to certain data held by the company. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems. We have taken action to close off this access and have no evidence it is continuing. We have no evidence to date of any fraudulent use of the data as result of these incidents. We have also informed the relevant authorities including the ICO, FCA and the police.”
Dixons Carphone Chief Executive Alex Baldock said: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”