Hacking targets customers of Currys PC World

Troubled Dixons suffers major hack

Troubled Dixons suffers major hack

The breach saw data on 5.9 million payment cards and 1.2 million personal data records fall into the hands of the hackers.

In addition, Dixons Carphone said 1.2 million personal data records were hacked.

It said an investigation, which started last week, indicated there was an attempt, going back to July past year, to compromise data on 5.9 million credit cards in one of the processing systems of Currys PC World and Dixons Travel stores.

The company has notified the relevant card companies so they can take appropriate measures to safeguard customers, and said there was no evidence of fraud on these cards as a result of the incident.

'We have no evidence that this information has left our systems or has resulted in any fraud at this stage.

While attackers attempted to access 5.9 million card details, the company states that chip-and-pin protection should prevent 5.8 million of the cards being used for fraud.

Dixons Carphone, the firm which runs well-known tech outlets in the United Kingdom including Currys, PC World, and Carphone Warehouse admits that it suffered a data breach in July 2017.

'The protection of our data has to be at the heart of our business, and we've fallen short here.

"We have taken action to close off this access and have no evidence it is continuing", the company said.

"The National Cyber Security Centre is working with Dixons Carphone plc and other agencies to understand how this data breach has affected people in the United Kingdom and advise on mitigation measures", an NCSC spokesperson told ZDNet.

According to a statement made by the company, the security breach was discovered during a recent review of the company's systems and data.

Pin codes, card verification values (CVV), and authentication data enabling holder identification or purchases were not stored in the data. It said since the 2015 attack it had worked extensively with cyber security experts to upgrade its security systems. It has informed police, regulators at the Information Commissioner's Office and the Financial Conduct Authority.

Given the small number of affected cards and the fact that personal data did not leave the network, it's unlikely the firm will be in for a major GDPR fine, unless it emerges that the hackers took advantage of serious deficiencies in the firm's cyber-defenses.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.