Dixons Carphone just revealed that its system has been hacked, potentially compromising the data of millions its of users.
According to reports, Dixons Carphone, one of Europe’s top electronics and telecoms retailers, has had its processing system hacked. The unknown hackers allegedly tried to access nearly 6 million payment cards from the company’s system.
“As part of a review of our systems and data, we have determined that there has been unauthorized access to certain data held by the company. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems,” the company said in a statement.
“We have taken action to close off this access and have no evidence it is continuing. We have no evidence to date of any fraudulent use of the data as result of these incidents. We have also informed the relevant authorities including the ICO, FCA and the police.”
Dixons Carphone said that intruders attempted to compromise around 5.9 million cards in one of the Currys PC World and Dixons Travel stores processing systems. The accessed information reportedly didn’t contain the pin codes, card verification values (CVV), or authentication data that could enable cardholder identification of any purchase to push through.
Out of the millions of payment card details, only 105,000 non-issued payment cards were confirmed compromised due to lack of security features like chip and pin.
On top of the payment card data, around 1.2 million records containing names, addresses, and email addresses have also been accessed. At the moment, the company is still investigating whether the information has left their system or if it has been used in any fraudulent transactions.
Dixons Carphone Chief Executive Officer, Alex Baldock, has also issued a statement regarding the matter. A part of it read:
“We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We’ve taken action to close off this unauthorized access, and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously. We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cybersecurity experts, added extra security measures to our systems and will be communicating directly with those affected. Cybercrime is a continual battle for business today, and we are determined to tackle this fast-changing challenge.”
The company has already taken the necessary action to secure their system and inform issuing banks and affected customers about the data breach.