Skip to main content

Dixons Carphone now says ~8.8M more customers affected by 2017 breach

A Dixons Carphone data breach that was disclosed earlier this summer was worse than initially reported. The company is now saying that personal data of 10 million customers could also have been accessed when its systems were hacked.

The European electronics and telecoms retailer believes its systems were accessed by unknown and unauthorized person/s in 2017, although it only disclosed the breach in June, after discovering it during a review of its security systems.

Last month it said 5.9M payment cards and 1.2M customer records had been accessed. But with its investigation into the breach “nearing completion”, it now says approximately 10M records containing personal data (but no financial information) may have been accessed last year — in addition to the 5.9M compromised payment cards it disclosed last month.

“While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted. We are continuing to keep the relevant authorities updated,” the company said in a statement.

In terms of what personal data the 10M records contained, a Dixons Carphone spokeswoman told us: “This continues to relate to personal data, and the types of data that may have been accessed are, for example, name, address or email address.”

The company says it’s taking the precaution of contacting all its customers — to apologize and advise them of “protective steps to minimize the risk of fraud”.

It adds it has no evidence that the unauthorized access is continuing, having taken steps to secure its systems when the breach was discovered last month, saying: “We continue to make improvements and investments at pace to our security environment through enhanced controls, monitoring and testing.”

Commenting in a statement, Dixons Carphone CEO, Alex Baldock, added: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.

“Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”

Back in 2015, Carphone Warehouse, a mobile division of Dixons Carphone, also suffered a hack which affected around 3M people. And in January the company was fined £400k by the ICO as a consequence of that earlier breach.

Since then new European Union regulations (GDPR) have come into force which greatly raise the maximum penalties which regulators can impose for serious data breaches.

Last month, following Dixon’s disclosure of the latest breach, the UK’s data watchdog, the ICO, told us it was liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers.

Of the 5.9M payment cards which Dixons disclosed last month as having been compromised, it said the vast majority had been protected by chip and PIN technology. But around 105,000 lacked the security tech so Dixons said at the time could therefore have been compromised.

It’s the additional 1.2M records containing non-financial personal data — such as name, address or email address — that have been revised upwards now, to ~10M records, which constitutes almost half the Group’s customer base in the UK and Ireland.

The spokeswoman told us the Group has approximately 22M customers in the region.



from Gadgets – TechCrunch https://ift.tt/2mWSwjd

Comments

Popular posts from this blog

This week in Android: It’s weird phone week

We got to play with a lot of cool tech at CES 2019 , but little was cooler than the Qualcomm Snapdragon 855 . Qualcomm had a reference device  sporting the new SoC and we were able to put it through its paces , including our very own Speed Test G . The results are impressive. In other big news this week, we found out  Motorola is planning on bringing back the Razr phone , made famous in the mid 2000s. We don’t know a lot about the phone itself, but we can make some guesses  based on a patent  from August of last year. Plus, we look ahead at the future of LG and OnePlus , including a new peculiar accessory for LG . Also, we have good news and bad news about Huawei’s security. Here are your top stories for the week 4:20 – Snapdragon 855 performance and benchmarking: Speed Test G, AnTuTu & Geekbench At CES, Gary Sims previewed the  Snapdragon 855 processor in reference hardware. He had some fun with it. 21:45 – You’ll flip for the foldable Motorol...

My product launch wishlist for Instagram, Twitter, Uber and more

‘Twas the night before Xmas, and all through the house, not a feature was stirring from the designer’s mouse . . . Not Twitter! Not Uber, Not Apple or Pinterest! On Facebook! On Snapchat! On Lyft or on Insta! . . . From the sidelines I ask you to flex your code’s might. Happy Xmas to all if you make these apps right. Instagram See More Like This – A button on feed posts that when tapped inserts a burst of similar posts before the timeline continues. Want to see more fashion, sunsets, selfies, food porn, pets, or Boomerangs? Instagram’s machine vision technology and metadata would gather them from people you follow and give you a dose. You shouldn’t have to work through search, hashtags, or the Explore page, nor permanently change your feed by following new accounts. Pinterest briefly had this feature (and should bring it back) but it’d work better on Insta. Web DMs  – Instagram’s messaging feature has become the defacto place for sharing memes and trash talk about peopl...

First ever drone-delivered kidney is no worse for wear

Drone delivery really only seems practical for two things: take-out and organ transplants. Both are relatively light and also extremely time sensitive. Well, experiments in flying a kidney around Baltimore in a refrigerated box have yielded positive results — which also seems promising for getting your pad thai to you in good kit. The test flights were conducted by researchers at the University of Maryland there, led by surgeon Joseph Scalea. He has been frustrated in the past with the inflexibility of air delivery systems, and felt that drones represent an obvious solution to the last-mile problem. Scalea and his colleagues modified a DJI M600 drone to carry a refrigerated box payload, and also designed a wireless biosensor for monitoring the organ while in flight. After months of waiting, their study was assigned a kidney that was healthy enough for testing but not good enough for transplant. Once it landed in Baltimore, the team loaded it into the container and had it travel 14 ...