Dixons Carphone finds data breach and over a million records accessed

Dixons Carphone has confirmed there has been unauthorised access of data held by the company

Dixons Carphone has confirmed there has been unauthorised access of data held by the company

Retailer Dixons Carphone has become the latest victim of a cyber attack after revealing 5.9 million customer bank card details and 1.2 million personal data records were hacked.

"We have taken action to close off this access and have no evidence it is continuing", the company said.

"While Dixons has said that there is no evidence of fraud taking place, now the data is in the criminal sphere, it's unlikely to be long before it starts being shopped around amongst criminals, with ensuing phishing and bruteforce attacks launched". Paul German, CEO at Certes Networks, commented: "Despite the well-publicised Target data breach, it seems that other retailers are still not adopting appropriate cybersecurity strategies".

In a statement released this morning, the company said during a review of systems and data, it discovered that there has been "unauthorised access to certain data held by the company".

Alex Baldock, the company's new chief executive, apologised for the data for breach and admitted the firm had failed customers.

It said the data accessed did not contain Pin codes, card verification values (CVV) or any authentication data allowing cardholder identification or a purchase to be made.

It said an investigation, which started last week, indicated there was an attempt, going back to July previous year, to compromise data on 5.9 million credit cards in one of the processing systems of Currys PC World and Dixons Travel stores.

It added that its investigation also found hackers had accessed non-financial personal data like names, addresses or email details for more than one million customer records.

However around 105,000 of the accessed cards were non-EU issued, and lacked chip-and-PIN, and it says those cards have been compromised.

We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected.

"We are extremely disappointed and sorry for any upset this may cause", he said.

The group said it had informed the Information Commissioner's Office (ICO), the Financial Conduct Authority (FCA) and the police about the incident.

US, Mexico, Canada to host FIFA 2026 World Cup
Valve Launches Beta for Completely Overhauled Set of Steam Chat Features