Dixons Carphone says data breach affected 10 million – “be vigilant against any suspicious activity”

Dixons Carphone has said a massive data breach last year involved 10 million customers, 8.8million more than first reported.

Customers of Dixons Carphone plc which owns, Currys PC World and Carphone Warehouse, first announced the data breach last month – when the company said that a data breach had been discovered following review of their systems.

At the time, Dixons Carphone reported that 1.2m records containing non-financial personal data, such as name, address or email address, have also been accessed.

Dixons updated the London Stock Exchange today to say that their investigation, which is now nearing completion, had identified that approximately 10 million records containing personal data may have been accessed in 2017.

The full statement can be read here.

The National Crime Agency (NCA) is now leading the UK law enforcement response to the data breach, with specialist officers from the National Cyber Crime Unit (NCCU) working with the company to secure evidence.

Dixons Carphone Chief Executive, Alex Baldock, said:

“We are extremely disappointed and sorry for any upset this may cause.

The protection of our data has to be at the heart of our business, and we’ve fallen short here.

We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.

We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected.

Cyber crime is a continual battle for business today and we are determined to tackle this fast-changing challenge.”

The National Cyber Security Centre which is part of the UK Governments GCHQ said;

“Attackers who have the stolen personal data may use it to approach customers, and trick them into revealing further personal information that attackers can use to harm you for example, your banking login details.

We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.”

An Information Commissioners Office spokesperson said:

“Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected the personal data of 10 million records, which is significantly higher than initially stated.

“Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers.”

Anyone concerned about fraud or lost data should contact Action Fraud. Action Fraud’s online fraud reporting tool any time of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.