Carphone Warehouse suffers massive data breach in hacking attack

The card details of 90,000 customers may have been compromised

Carphone Warehouse

Carphone Warehouse, owned by Dixons Carphone, has revealed a hack may have exposed the personal details of 2.4 million customers, with 90,000 of the records including encrypted credit card information.

The Information Commissioner's Office (ICO) is currently investigating into the attack, which surfaced last Wednesday and was announced to the public on Saturday. It is thought the attack happened over the previous two weeks, but Carphone Warehouse waited a few days to assess the damage before telling customers.

Technology analyst Tom Cheesewright told the BBC: "I don't think we'll know until the Information Commissioner's Office looks at this - whether they did the right thing, whether they were prudent in waiting a few days."

In addition to the 90,000 card details it said may have been stolen, names, addresses, dates of birth and bank details have also been accessed across the entire business including onestopphoneshop.co.uk, e2save.com, Mobiles.co.uk, iD Mobile, TalkTalk Mobile and Talk Mobile. The websites affected were taken offline, although they now seem to be up and running again, apart from onestopphoneshop.co.uk.

Cheesewright explained it is likely the stolen information would be sold onto other websites for between 5 and 10 for card details and maybe twice that for records including full names, addresses and dates of birth. Criminals can use the data to buy items online or to take out loans. "It's a very good start for a full case of identity theft," he said.

An ICO spokesperson said: "We have been made aware of an incident at Carphone Warehouse and are making enquiries."

The Metropolitan Police's Cyber Crime Unit said it had also been made aware of the breach, according to The BBC, but that no formal allegation of criminal activity had yet been made.

Carphone Warehouse customers should keep tabs on their bank accounts to ensure no unusual activity occurs and to notify their bank straight away if they see transactions they did not make.

Image credit: Thinglass / Shutterstock.com

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020