Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Dixons Carphone announce major data breach affecting 5.9 million customers

Dixons Carphone has become the latest victim of a cyber-attack after revealing a major data breach involving 5.9 million bank cards and the personal data of 1.2 million customers.

The electronics retailer announced that in a review of its systems, it uncovered an attempt to gain unauthorised access to 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel Stores.

The group said there is no evidence of fraud as the majority of cards were protected by Chip and Pin and card verification value(CVV) systems, however around 105,000 non-EU cards without Chip and Pin have been compromised in the attack.

Dixons Carphone immediately notified the relevant card companies so they could protect their customers and limit any further damage.

The group also discovered that 1.2 million personal data records including names, addresses and email addresses were hacked, but that no fraudulent activity appears to have taken place with this specific data.

Shares in the company fell 5.5% after the data breach was announced as investors prepared for a potential fine to be issued in response to the incident. The breach predated the 25 May GDPR deadline so any fine imposed will fall under the previous data protection rules in the UK.

Under the current regulation, organisations in breach of the GDPR can be fined up to 4% of annual global turnover or 20 Million Euros (whichever is greater).

Dixons Carphone chief executive Alex Baldock commented on the data breach: “We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here.

“We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.

“We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. Cyber-crime is a continual battle for businesses today and we are determined to tackle this fast-changing challenge.”

For further information on how your organisation can stay cyber secure and GDPR compliant, click here, to find out how MetaCompliance can help.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations