Dixons Carphone has become the latest victim of a cyber-attack after revealing a major data breach involving 5.9 million bank cards and the personal data of 1.2 million customers.
The electronics retailer announced that in a review of its systems, it uncovered an attempt to gain unauthorised access to 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel Stores.
The group said there is no evidence of fraud as the majority of cards were protected by Chip and Pin and card verification value(CVV) systems, however around 105,000 non-EU cards without Chip and Pin have been compromised in the attack.
Dixons Carphone immediately notified the relevant card companies so they could protect their customers and limit any further damage.
The group also discovered that 1.2 million personal data records including names, addresses and email addresses were hacked, but that no fraudulent activity appears to have taken place with this specific data.
Shares in the company fell 5.5% after the data breach was announced as investors prepared for a potential fine to be issued in response to the incident. The breach predated the 25 May GDPR deadline so any fine imposed will fall under the previous data protection rules in the UK.
Under the current regulation, organisations in breach of the GDPR can be fined up to 4% of annual global turnover or 20 Million Euros (whichever is greater).
Dixons Carphone chief executive Alex Baldock commented on the data breach: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here.
“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
“We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber-crime is a continual battle for businesses today and we are determined to tackle this fast-changing challenge.”