Dixons Carphone Admits Last Year's Hack Was Bigger Than it Realised

By Tom Pritchard on at

Last year high street retailer Dixons Carphone, owner of Currys and Carphone Warehouse, was hacked - something it discovered and announced back in June. Now it's revealed things were a lot more serious than it initially realised, and that 10 million customers could be affected. That's significantly more than the 1.2 million it told us about a month and a half ago.

You may remember that the breach was apparently discovered while Dixons Carphone was performing a review of its system security and data. At the time it said hackers had obtained non-financial personal information of 1.2 million customers (emails, addresses, and so on) while 5.8 million credit card details were exposed. While the credit card details were supposedly still protected by chip-and-PIN systems, and didn't contain any authentication information, it still deferred to financial authorities and told the card companies themselves. Still it claimed there had been no evidence of fraudulent activity as a result of the breach.

Now the numbers are up, but the bittersweet news that it's only the non-financial information that's had the increase. No more credit card information or bank details, but emails, addresses, and names are all included. The company said:

Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017. While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated.

As a precaution, we are choosing to communicate to all of our customers to apologise and advise them of protective steps to minimise the risk of fraud. As we indicated previously, we have taken action to close off this access and have no evidence it is continuing. We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.

As a result of the breach, Dixons Carphone says its been working on implementing a new security system to ensure that this sort of thing doesn't happen again, with Chief Executive Alex Baldock saying:

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right. That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today.

As a precaution, we're now also contacting all our customers to apologise and advise on the steps they can take to protect themselves."

[Dixons Carphone via Engadget]