Dixons Carphone's data breach hit 10 million customers

The number is nine million higher than the firm first reported

Ten million people were affected by Dixons Carphone's data breach last year, the firm admitted today - far more than the 1.2 million it initially reported last month.

The retailer also revealed that it's now found evidence that some of this data may have left its systems when it was hacked in 2017, meaning people's personal records - including names, addresses and email addresses - could be in the hands of hackers.

While Dixons Carphone ruled out the possibility of card or bank details being included in those leaked records, it said it is contacting affected customers to reduce the risk of fraud, with hackers able to use their personal details in phishing attacks.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers," said chief executive Alex Baldock in today's update. "I want to assure them that we remain fully committed to making their personal data safe with us."

Advertisement - Article continues below

The CEO outlined some of the measures the retailer has taken since it discovered the 2017 breach in June this year, including closing off unauthorised access, adding new security measures and an investigation that's led to today's discovery of how many records were affected in the breach.

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Baldock said.

Separate to the leaked data records, the breach also saw hackers try to compromise 5.9 million credit and debit cards. When it first warned of the breach last month, Dixons Carphone said only 105,000 of these cards were at risk because they were not chip-and-pin, and that it had notified the card companies.

UK data watchdog the Information Commissioner's Office (ICO) is already investigating the Dixons Carphone breach, though it is not yet clear whether it is looking at it under the Data Protection Act 1998 - active when the breach occurred - or the Data Protection Act 2018, active when Dixons Carphone discovered the hack, and which carries fines of up to 17 million.

An ICO spokesperson said: "Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected 10 million records, which is significantly higher than initially stated.

"Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The ICO has previously issued Dixons Carphone subsidiary Carphone Warehouse with a 400,000 for a 2015 data breach that saw hackers access millions of people's data.

Picture: Shutterstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019

Patch issued for critical Windows bug

11 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019