Carphone Warehouse, owned by Dixons Carphone, has revealed a hack may have exposed the personal details of 2.4 million customers, with 90,000 of the records including encrypted credit card information.
The Information Commissioner's Office (ICO) is currently investigating into the attack, which surfaced last Wednesday and was announced to the public on Saturday. It is thought the attack happened over the previous two weeks, but Carphone Warehouse waited a few days to assess the damage before telling customers.
Technology analyst Tom Cheesewright told the BBC: "I don't think we'll know until the Information Commissioner's Office looks at this - whether they did the right thing, whether they were prudent in waiting a few days."
In addition to the 90,000 card details it said may have been stolen, names, addresses, dates of birth and bank details have also been accessed across the entire business including onestopphoneshop.co.uk, e2save.com, Mobiles.co.uk, iD Mobile, TalkTalk Mobile and Talk Mobile. The websites affected were taken offline, although they now seem to be up and running again, apart from onestopphoneshop.co.uk.
Cheesewright explained it is likely the stolen information would be sold onto other websites for between 5 and 10 for card details and maybe twice that for records including full names, addresses and dates of birth. Criminals can use the data to buy items online or to take out loans. "It's a very good start for a full case of identity theft," he said.
An ICO spokesperson said: "We have been made aware of an incident at Carphone Warehouse and are making enquiries."
The Metropolitan Police's Cyber Crime Unit said it had also been made aware of the breach, according to The BBC, but that no formal allegation of criminal activity had yet been made.
Carphone Warehouse customers should keep tabs on their bank accounts to ensure no unusual activity occurs and to notify their bank straight away if they see transactions they did not make.
Image credit: Thinglass / Shutterstock.com
