A high-profile data breach which hit Dixons Carphone last year is now thought to have affected some 10 million customers – an eight-fold increase on the initial estimate of just 1.2 million.
The technology retailer – which owns Currys PC World and Carphone Warehouse – first discovered the issue in June last year, when it found out that hackers may have gained access to customers’ personal information, names, addresses and email addresses. Now, following a more comprehensive investigation, the company has realised that its early estimates were rather optimistic, with more than eight times as many accounts hit as first thought.
As BBC technology reporter Rory Cellan-Jones put it, this realisation coming so late after the initial hack, is “as if a householder who discovered in June that burglars had stolen the telly has belatedly looked in the garage and found that the car has gone too.”
Dixons Carphone and its customers did have some good news, though, amongst all the gloom. Even though details for some 5.9 million payment cards were accessed, nearly all of these were protected by the Chip & Pin system, meaning customers impacted by the hack aren’t in danger of becoming a victim of fraud in the immediate future. That said, customers have been warned to stay vigilant for any phishing attacks that could be given extra credibility thanks to the personal data that hackers may now have at their fingertips.
To put minds at rest, Dixons Carphone chief executive Alex Baldock promised customers and stakeholders alike that the company had been working “around the clock” to put things right ever since the breach was first discovered last year.
He went on: “That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident.
“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves.”