Dixons Carphone Breach Discloses 5.9 Million Payment Cards

June 18, 2018


Dixons Carphone, the UK electronics and telecommunications trader, has faced a huge breach of payment card data. The payment card particulars of 5.9 million clients have been disclosed and possibly thieved by hackers.

Besides the Dixons, Dixons Travel, and Carphone Warehouse stores, the firm also works under the product names Currys and PC World in the UK and under other product names in Europe. The breach is supposed to have happened in July 2017.

During an appraisal of its systems, the firm found that an illegal person had obtained access to some of its data and had tried to undermine the cards of 5.9 million clients. The firm informs that the huge majority of those cards are safeguarded with chip and pin authorization, even though 105,000 non-EU issued payment cards lack those safety tools, with those clients most at risk of a scam.

Measures have been taken to decrease the possibility of a scam. The card issuers have been informed and the incursion and possible thievery of data have been informed to the Information Commissioners Office, law enforcement, and the Financial Conduct Authority. Although payment card data were retrieved, information that would permit the cards to be utilized – CVV codes and PINs were not undermined.

While probing the breach, the firm found that files having the data of 1.2 million clients were also retrieved. It is uncertain if these data were retrieved by the same attacker or if this was a different breach.

The information in the files had no fiscal information, even though data such as names, addresses, and electronic mail addresses were possibly seen and copied. People affected by the breach will be informed and provided with information on the measures they can take to decrease risk.

Dixons Carphone informs that no proof has been found to indicate any data were thieved or have been abused by the person(s) who retrieved its systems at this point in time.

The breach – or breaches – were found just a few months after the firm was penalized £400,000 by the Information Commissioner’s Office for a 2015 breach affecting the Carphone Warehouse arm of its venture. That occurrence led to the data of 3.3 million clients and 1,000 workers being retrieved by a hacker. In that instance, access was gained because of the failure to update a WordPress system for 6 years.