Dixons Carphone suffers two major security breaches exposing customers' bank card details and personal information
Another week, another cyberattack. This time around, it's the Dixons Carphone group which says it has fallen victim to not one but two major breaches.
The bank card details of 5.9 million customers have been accessed by hackers in the first breach. In the second, the personal records of 1.2 million people have been exposed.
Dixons Carphone says that it is investigating an attack on its card processing system at Currys PC World and Dixons Travel in which there was an attempt to compromise 5.9 million cards. The company stressed that the vast majority -- 5.8 million -- of these cards were protected by chip and PIN, and that the data accessed did not include PINS, CVVs or any other authentication data that could be used to make payments or identify the card owners.
Also affected were 105,000 non-EU issued payment cards which were not chip and PIN protected. In the second security breach, personal details of 1.2 million customers -- including names, addresses and email addresses -- were accessed. Dixons Carphone says there have been no reports of fraud as a result of the attacks.
Company CEO Alex Baldock said his firm has let its customers down and issued an apology:
We are extremely disappointed and sorry for any upset this may cause. The protection of our data has to be at the heart of our business, and we’ve fallen short here. We've taken action to close off this unauthorized access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
An investigation is underway, and Dixons Carphone says it will be contacting those customers affected by the breaches.