Since the initial disclosure of the Dixons Carphone’s 2017 breach in June, investigations have been ongoing. On Monday Dixons Carphone announced that the personal data of about 10 million customers was accessed in 2017, a significantly higher number than the 1.2 million announced in June. Making the breach far worse than initially anticipated.
When Dixons Carphone disclosed the breach earlier this year, it was thought the breach could potentially be one of the largest data breaches to affect the UK, compromising 5.9 million credit and debit cards and 1.2 million customer personal data records. With the further 8.8 million records now confirmed as compromised, this is likely.
Its investigation is nearing completion and evidence has been found to verify that some of the data may have been stolen from its systems. Data including names, addresses and email addresses. However, Dixons Carphone has confirmed that payment card or bank account details have not been affected and no evidence of fraudulent activity has been found. This is good news, however, an additional 8.8 million people are now vulnerable to phishing attacks, instead of the initial 1.2 million.
Dixons Carphone Chief Executive Alex Baldock said:
“Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today. As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. Again, we’re disappointed in having fallen short here and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.”
An ICO spokesperson said:
“Our investigation into the incident is ongoing and we will take time to assess this new information. In the meantime, we would expect the company to alert all those affected in the UK as soon as possible and to take all steps necessary to reduce any potential harm to consumers.”
Earlier this year, Carphone Warehouse was fined £400,000 by the ICO for the 2015 data breach that affected around 3 million customers.