igor - Fotolia

Carphone Warehouse data breach hits 2.4 million UK customers

Carphone Warehouse confirms the authorities have been notified about the breach, and urges customers to take steps to protect themselves

Carphone Warehouse has urged customers to keep a close eye on their credit scores and bank accounts, after suffering a data breach affecting 2.4 million of its customers.

The mobile phone retailer said it first noticed the IT systems of one of its divisions had been breached on Wednesday 5 August, before going public with the news several days later in a statement on its website.

In the statement, the company said the breach was the result of a “sophisticated cyber attack” on its systems, and has resulted in the name, address, date of birth and bank details of up to 2.4 million of its customers being compromised. The encrypted credit card details of a further 900,000 may also have been accessed, it added.

“We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce risk and minimise inconvenience,” the statement said.

Details of the breach came to light almost a year to the day since Carphone Warehouse merged with Dixons Retail to form a retail group comprising other electronics retailers including Currys, PC World and Dixons Travel.

The Carphone Warehouse statement is quick to state that the customer details of the other brands in this group are kept on separate systems and so are unaffected by the breach.

However, the division affected by the breach does operate the websites of a number of other brands – including OneStopPhoneShop.com, e2save.com and Mobiles.co.uk – which have also been affected.  

“Someone having access to your personal information or bank account details does not necessarily mean you have been a victim of identity theft or that your information will be used to commit fraud,” the statement cautioned.

“We recommend that you take the appropriate steps to protect yourself, such as closely reviewing account statements for suspicious activity,” it continued.

Read more about data breaches

  • Only a fraction of breaches of the Data Protection Act are reported to the Information Commissioner’s Office, a study has revealed
  • The number of breaches of the Data Protection Act reported to the Information Commissioner’s Office by the financial services sector has increased by 183% in the past two years, figures show

As part of this, the company is urging customers to notify their banks and building societies, so they can monitor their accounts for any signs of fraudulent activity, and to be wary of follow-up phishing attacks.

The matter has been reported to the police and UK data protection watchdog the Information Commissioner’s Office (ICO), Carphone Warehouse confirmed.

Computer Weekly contacted the ICO for a statement on the breach, but was still awaiting a response at the time of publication.

Keith Poyser, general manager for Europe at security supplier Accellion, said the breach reinforces the fact that enterprises need to start taking cyber security more seriously.

“This is a technology issue, training issue, process issue, corporate governance issue and on and on,” he said.

“To mitigate the risk of a breach, cyber security ultimately has to become a part of an enterprise’s culture and it must touch every segment of that enterprise. The good news is there are a number of steps organisations can take to lessen the chances of a cyber attack.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management