Dixons Carphone's data breach hit 10 million customers

The number is nine million higher than the firm first reported

Ten million people were affected by Dixons Carphone's data breach last year, the firm admitted today - far more than the 1.2 million it initially reported last month.

The retailer also revealed that it's now found evidence that some of this data may have left its systems when it was hacked in 2017, meaning people's personal records - including names, addresses and email addresses - could be in the hands of hackers.

While Dixons Carphone ruled out the possibility of card or bank details being included in those leaked records, it said it is contacting affected customers to reduce the risk of fraud, with hackers able to use their personal details in phishing attacks.

"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers," said chief executive Alex Baldock in today's update. "I want to assure them that we remain fully committed to making their personal data safe with us."

The CEO outlined some of the measures the retailer has taken since it discovered the 2017 breach in June this year, including closing off unauthorised access, adding new security measures and an investigation that's led to today's discovery of how many records were affected in the breach.

"Since our data security review uncovered last year's breach, we've been working around the clock to put it right," Baldock said.

Separate to the leaked data records, the breach also saw hackers try to compromise 5.9 million credit and debit cards. When it first warned of the breach last month, Dixons Carphone said only 105,000 of these cards were at risk because they were not chip-and-pin, and that it had notified the card companies.

UK data watchdog the Information Commissioner's Office (ICO) is already investigating the Dixons Carphone breach, though it is not yet clear whether it is looking at it under the Data Protection Act 1998 - active when the breach occurred - or the Data Protection Act 2018, active when Dixons Carphone discovered the hack, and which carries fines of up to 17 million.

An ICO spokesperson said: "Dixons Carphone reported a data breach to the ICO in June. The company has now confirmed that the incident affected 10 million records, which is significantly higher than initially stated.

"Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers."

The ICO has previously issued Dixons Carphone subsidiary Carphone Warehouse with a 400,000 for a 2015 data breach that saw hackers access millions of people's data.

Picture: Shutterstock

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021