10M accounts may have been breached in 2017 UK retailer attack

10M accounts may have been breached in 2017 UK retailer attack

Second major cyber attack in three years on the company

Credit: Reuters

Some 10 million Dixons Carphone records containing personal data may have been accessed in a 2017 cyber attack, the British electronics and mobile phone retailer has revealed, boosting an earlier estimate of 1.2 million.

It was the second major cyber attack in three years on the company, which has about 22 million customers in the UK and Ireland.

The business apologised to customers on Tuesday and said that an investigation into the hacks was nearly complete.

“Again, we're disappointed in having fallen short here, and very sorry for any distress we've caused our customers," said Alex Baldock, CEO of Dixons Carphone.

Dixons Carphone said the accessed customer records did not contain payment card or bank account details and there was no evidence that any fraud had resulted from the incident.

"Unfortunately, given the accuracy of their previous statements, tomorrow may be a different story," Andy Norton, director of threat intelligence at cyber security firm Lastline, said.

Dixons said it had closed off the unauthorised access, and added security measures.

In June, the company found then that 1.2 million records containing non-financial personal data, such as names, addresses or email addresses, had been accessed.

The business said then that an investigation had revealed there was an attempt, going back to July 2017, to compromise data on 5.9 million credit cards in one of the processing systems of its Currys PC World and Dixons Travel stores.

Last month, Britain's National Crime Agency (NCA) said it was heading a criminal investigation into the hack, working with the National Cyber Security Centre, the Financial Conduct Authority and Britain's data protection regulator, the Information Commissioner's Office (ICO).

"Our investigation into the incident is ongoing and we will take time to assess this new information,” the ICO said in a statement.

“We would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers.”

Dixons shares were up 0.6 per cent at 1221 GMT, in line with a FTSE 100 index up 0.64 per cent.

(Reporting by Noor Zainab Hussain and Muvija M in Bengaluru; Additional reporting by Sangameswaran S; Editing by Bernard Orr)

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyberDixons Carphone

More about ICOLastlineNorton

Show Comments