Britain’s largest electricals retailer, Dixons Carphone, has been hit by one of the UK’s biggest cyber attack. In a press release, the company has confirmed of an unauthorized access to one of the processing systems of Currys PC World and Dixons Travel stores, compromising user data held by them. Preliminary investigation indicates that personal and financial data of nearly 6 Million users were compromised, according to the company.
Dixons Carphone Warehouse, on Wednesday, confirmed that there has been unauthorised access to certain data held by the company. The company launched an investigation and find out that over 5.9 million card records were compromised. However, 5.8m of these cards have chip and pin protection, the company stated. This essentially means any authentication data that enables cardholder identification for a purchase, like PIN codes and card verification values (CVV), were not compromised.
However, some 105,000 cards were from non-EU countries and do not have chip and pin protection. Dixons has already notified the relevant card companies about those cards, urging them to take appropriate measures to protect their customers.
Dixons also confirmed that 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed. The company claims to have found no evidence of any fraudulent use of the compromised data as of yet, and that the attack has been stopped with additional security measures. But of course, all 5.9 million card numbers could potentially be used for online purchases.
Alex Baldock, Dixons Carphone CEO, admitted that the company had "fallen short" with the protection of its data. He also assured that the company will be communicating directly with those affected.
The hack began in July 2017 but was only discovered and reported last week, Dixons told the Financial Times. This alone is enough of a worrying sign, given the credit card data is in criminal hands for almost a year now. Card numbers of chip-and-pin enabled cards cannot be used to transact without other information such as the CVV. But customers should nevertheless be concerned.
This could be the largest data hack in the UK, and even more serious, given the fact that credit card data was compromised. Dixons says it'll be writing to affected customers soon, but you better take preventive measures rather than wait to know if you're affected. Anyone, who has shopped with Dixons in the past is advised to keep an eye on their bank accounts and watch out for obvious phishing attempts.