Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records.
Where does this rank among other data breaches affecting UK consumers?
Facebook banned Cambridge Analytica, a data analytics firm which worked on US President Donald Trump’s election campaign and has been linked to Brexit, from using its platform in March, days before a whistleblower claimed the company had harvested and stored data about more than 50 million Facebook users without their permission.
The majority of those users were in the US but the UK’s Information Commissioner issued a warrant to search the company’s London offices after it failed to respond to a previous request about the possible illegal use of data.
Uber admitted in November that 2.7 million people in the UK were affected by a 2016 security breach that compromised customers’ information, including names, email addresses and mobile phone numbers.
The ride-hailing company had previously disclosed that 57 million people worldwide were affected by a breach that it covered up for more than a year.
The Information Commissioner announced this week that it has fined Yahoo £250,000 over a cyber attack in November 2014 that affected more than 515,000 UK email accounts.
The personal data of 500 million user accounts worldwide was compromised during the attack. The stolen data included names, email addresses, telephone numbers, passwords and encrypted security questions and answers.
In May last year credit reference agency Equifax announced its data had been accessed by hackers in a cyber attack. Some 15.2 million UK client records were compromised, and Equifax initially wrote to 690,000 UK consumers who are likely to have had sensitive details stolen.
These included email addresses, passwords, driving licence numbers, phone numbers and partial credit card details. A later announcement revealed that a further 167,000 had their telephone numbers stolen in the attack.
Telecoms company TalkTalk was issued with a £400,000 fine by the ICO in October 2016 for security failings that allowed a cyber attacker to access customer data “with ease”.
ICO investigators found that the cyber attack between October 15 and 21 2015 took advantage of technical weaknesses in TalkTalk’s systems. The attacker accessed the personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In 15,656 cases, the attacker also had access to bank account details and sort codes.
The WannaCry attack on the NHS in May last year saw data on infected computers encrypted and users issued with a ransom demand to unlock their devices.
A total of 80 of 236 NHS trusts across England suffered disruption because they were either infected by the ransomware or had turned off their devices or systems as a precaution. The ransomware infected another 603 NHS organisations including 595 GP practices.
The health service was forced to cancel almost 20,000 hospital appointments and operations as a result and five A&E departments had to divert patients to other units.
Payday lender Wonga warned in April last year that nearly a quarter of a million customers may have been affected by a data breach. The stolen data included names, addresses, bank account numbers and sort codes.
In November 2016 Tesco Bank was hit by a cyber attack forcing the company to repay £2.5 million of losses to 9,000 customers.