The Dixons Carphone data hack has proved to be one of the UK’s biggest breaches.
The huge data breach that took place last year involved around 16 million personal records, which is an increase on the original estimate of 7.1 million.
– What has happened?
In June the company revealed that 5.9 million customer bank card details and 1.2 million personal data records had been hacked.
However, in a statement on Tuesday the company revised the 1.2 million figure and said that “approximately 10 million records containing personal data may have been accessed in 2017”.
It added: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated.”
Dixons, the retailer behind Currys, has said that while 5.8 million of the payment cards targeted were protected by chip and pin, around 105,000 non-EU cards without chip and pin protection were compromised.
– What concerns does the situation raise about how executives deal with storing sensitive customer data?
The relevant card companies have been notified and there is no evidence of fraud on the cards as a result of the incident, according to Dixons Carphone.
The National Crime Agency said after the announcement in June that it is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (ICO) to “understand what’s happened”.
– What has been the response from Dixons?
Chief executive Alex Baldock said on Tuesday: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right.
“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves.”
– How might this impact confidence in the system?
Security solutions firm Lastline noted the company said personal information, names, addresses and email addresses may have been accessed. However, it had found no evidence that fraud had resulted from the breach. The hackers also got access to records of 5.9 million payments cards, but nearly all of those were protected by the chip and pin system.
Andy Norton, director of threat intelligence at Lastline, said: “Card Not Present Fraud cost the UK over £200 million last year, and chip and pin security doesn’t help with this type of fraud. As with all estimates, they are given at a point in time.
“Upon further investigation Dixons found that the breach was 10 times more severe than they originally thought. They also state that, as of today, there is no evidence to suggest fraud has arisen because of the breach. Unfortunately, given the accuracy of their previous statements, tomorrow may be a different story.”
– What do you do now if you are a consumer?
Consumer rights champion Which? tweeted: “It’s a good idea to be extra wary about any emails or phone calls you may receive related to the Dixons Carphone data breach. Unexpected events like this can be a magnet for scammers.”
Among some of the tips from moneysavingexpert.com in light of the hack are to regularly check accounts, watch out for scams and look out for guidance from Dixons.