Dixons Carphone has said it’s putting further security measures in place to protect customer data
Dixons Carphone has announced the data breach last year potentially accessed 10 million records containing the personal data of customers.
Dixons has been investigating the hack that was discovered in June and has found evidence that some data may have left the Dixons systems.
In a press release Dixons has said these records do not contain payment information or bank account details of customers and that there is no evidence of any fraud committed.
The data breach saw 5.9 million bank cards and 1.2 million personal data records targeted.
At the time Dixons said there was “an attempt to compromise” the bank cards, with around 105,000 cards without chip and pin protections being taken.
Additionally 1.2 million records containing non-financial personal data such as: name, address and email were accessed.
Dixons said it is working on tougher security measures as it looks to safeguard customer information and is investing more in cyber security. Currently Dixons is working with leading cyber security experts.
Dixons Carphone chief executive Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right.”
“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.”
Baldock said Dixons will contact all customers to apologise and advise on steps to further protect themselves.
Baldock added: “Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers.
Commenting on the announcement Kaspersky Lab principal security researcher David Emm said: “The news this morning that up to 10 million customers were affected by this data breach is a reminder that no organisation, large or small, can afford to ignore online security.
“Although the company has said that no bank details were taken in this attack, huge amounts of personal information – including names, addresses and email addresses – were accessed, along with records of nearly 6 million payment cards, affecting a huge amount of the population.”
“This latest breach underlines how important it is for businesses to arm themselves against threats. By taking simple steps to secure their internal systems, firms can reduce their exposure to attack.”