Skip to main content

Dixons Carphone suffers one of the biggest UK company data breaches yet

Published on: 14 Jun 2018

Dixons Carphone has admitted it suffered a massive data breach in July 2017 that involved 5.9 million payment cards and 1.2 million personal data records.

This makes it one of the biggest data breaches to hit a UK company to date.

The tech store says it is investigating the hacking attempt but doesn’t believe any of the cards have been used fraudulently as a result of the breach.

While close to six million cards were targeted, only 105,000 cards without chip-and-pin protection had been leaked, Dixons Carphone said.

A spokesperson for the National Cyber Security Centre (NSCS) said it was "working with Dixons Carphone and other agencies to understand how this data breach has affected people in the UK and advise on mitigation measures".

Dixons Carphone chief executive Alex Baldock - who only joined the company in January - apologised for the breach and admitted that the business had “fallen short here”.

“We've taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously," he added.

Security experts have questioned why almost a year has passed before the hack was made public, but Dixons says it only learned about the hack a week ago.

Either way, the UK Information Commissioner's Office (ICO) may have to come down hard after fining Carphone Warehouse £400,000 for a breach in 2015.

As the incident occured in 2017 before the new GDPR rules came in, it won’t be subject to the much larger fines now in place.