Dixons Carphone's data breach hit 10 million customers

The number is nine million higher than the firm first reported

Ten million people were affected by Dixons Carphone's data breach last year, the firm admitted today - far more than the 1.2 million it initially reported last month.

The retailer also revealed that it's now found evidence that some of this data may have left its systems when it was hacked in 2017, meaning people's personal records - including names, addresses and email addresses - could be in the hands of hackers.

Advertisement - Article continues below

While Dixons Carphone ruled out the possibility of card or bank details being included in those leaked records, it said it is contacting affected customers to reduce the risk of fraud, with hackers able to use their personal details in phishing attacks.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers," said chief executive Alex Baldock in today's update. "I want to assure them that we remain fully committed to making their personal data safe with us."

The CEO outlined some of the measures the retailer has taken since it discovered the 2017 breach in June this year, including closing off unauthorised access, adding new security measures and an investigation that's led to today's discovery of how many records were affected in the breach.

Advertisement - Article continues below

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Baldock said.

Advertisement - Article continues below

Separate to the leaked data records, the breach also saw hackers try to compromise 5.9 million credit and debit cards. When it first warned of the breach last month, Dixons Carphone said only 105,000 of these cards were at risk because they were not chip-and-pin, and that it had notified the card companies.

UK data watchdog the Information Commissioner's Office (ICO) is already investigating the Dixons Carphone breach, though it is not yet clear whether it is looking at it under the Data Protection Act 1998 - active when the breach occurred - or the Data Protection Act 2018, active when Dixons Carphone discovered the hack, and which carries fines of up to 17 million.

An ICO spokesperson said: "Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected 10 million records, which is significantly higher than initially stated.

"Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The ICO has previously issued Dixons Carphone subsidiary Carphone Warehouse with a 400,000 for a 2015 data breach that saw hackers access millions of people's data.

Picture: Shutterstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020

How to connect one, two or more monitors to your laptop

29 Jun 2020