Dixons Carphone's data breach hit 10 million customers

The number is nine million higher than the firm first reported

Ten million people were affected by Dixons Carphone's data breach last year, the firm admitted today - far more than the 1.2 million it initially reported last month.

The retailer also revealed that it's now found evidence that some of this data may have left its systems when it was hacked in 2017, meaning people's personal records - including names, addresses and email addresses - could be in the hands of hackers.

Advertisement - Article continues below

While Dixons Carphone ruled out the possibility of card or bank details being included in those leaked records, it said it is contacting affected customers to reduce the risk of fraud, with hackers able to use their personal details in phishing attacks.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers," said chief executive Alex Baldock in today's update. "I want to assure them that we remain fully committed to making their personal data safe with us."

The CEO outlined some of the measures the retailer has taken since it discovered the 2017 breach in June this year, including closing off unauthorised access, adding new security measures and an investigation that's led to today's discovery of how many records were affected in the breach.

Advertisement - Article continues below

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Baldock said.

Advertisement - Article continues below

Separate to the leaked data records, the breach also saw hackers try to compromise 5.9 million credit and debit cards. When it first warned of the breach last month, Dixons Carphone said only 105,000 of these cards were at risk because they were not chip-and-pin, and that it had notified the card companies.

UK data watchdog the Information Commissioner's Office (ICO) is already investigating the Dixons Carphone breach, though it is not yet clear whether it is looking at it under the Data Protection Act 1998 - active when the breach occurred - or the Data Protection Act 2018, active when Dixons Carphone discovered the hack, and which carries fines of up to 17 million.

An ICO spokesperson said: "Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected 10 million records, which is significantly higher than initially stated.

"Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The ICO has previously issued Dixons Carphone subsidiary Carphone Warehouse with a 400,000 for a 2015 data breach that saw hackers access millions of people's data.

Picture: Shutterstock

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now



Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020

Most Popular

Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020