Dixons Carphone admits payment card data breach


London based Dixons Carphone LLC, the largest electrical and telecommunications retailer and service provider has admitted that its servers were hacked by cyber crooks in July Last year who accessed the payment card data of customers in an unauthorized way. The consumer electronics company also admitted that it became a victim of a major cyberattack for the second time in three years and assured that the incident will never get repeated again in future.

In an investigation launched last week, the security analysts hired by the company found that an attempt to compromise data of 5.9 million credit cards was attempted in 2Q last year. As hackers found a way to access one of the processing systems of Currys PC World and Dixons Travel Stores.

Analysts discovered that all the data related to the cards were stored without any card verification values nor pin codes. Also, it was found that cardholder identification or purchases to be made lacked basic security controls.

The investigation further proved that more than 105,000 non-EU issued payment cards which did not have any chip and pin protection had been compromised.

Dixons Carphone has informed the card companies about the data breach so that they can protect the customer transactions from fraudulent means.

Also, data such as names, addresses and email addresses of more than 1.2 million customers is alleged to have been compromised in the breach.

Britain’s Information Commissioner’s Office(ICO), as well as the Financial Conduct Authority(FCA), have been informed about the breach.

Note- In the year 2015, Carphone Warehouse suffered a data breach exposing information of more than a million customers. ICO imposed a fine of 400,000 pounds for failing to protect the information of customers.

Wonder how much fine will be imposed on Dixons Carphone now- especially after the latest GDPR rules have come into effect from May 25th,2018.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display