10m affected by Dixons Carphone data breach

A data breach uncovered by Dixons Carphone is now estimated to have affected up to 10m customers, up from original estimates of 1.2m. Dixons Carphone, which owns Carphone Warehouse and Currys PC World, initially uncovered the breach in June.

An investigation by the firm now believes that personal information including names, addresses and email addresses for as many as 10m customers may have been accessed last year, in addition to card details for 5.9m payment cards.

While the firm does not believe any financial details for the 10m customers were accessed, and that the majority of the 5.9m card details accessed should be protected by chip and pin security, it is nonetheless a worrying breach for the company. Dixons Carphone suffered a similar cyber-attack back in 2015, when personal details for around 2.4m customers were accessed.

“Since our data security review uncovered last years breach, weve been working around the clock to put it right,” said Alex Baldock, chief executive of Dixons Carphone. “Thats included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that were updating on today.

“As a precaution, were now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, were disappointed in having fallen short here, and very sorry for any distress weve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

The breach was also investigated by the National Crime Agency, which began looking into it as soon as it was revealed. The agency is working alongside the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioners Office. The agency has yet to reveal its findings.