Carphone Warehouse Hack Could Leave 2.4m Customers’ Data At Risk

The personal details of up to 2.4 million Carphone Warehouse customers may have been compromised as the British mobile phone retailer revealed it was the victim of a cyber attack.

The company, which made news public on Saturday 8 August, said that the attack was first discovered three days earlier.

Shares in Carphone Warehouse fell two percent this morning as the UK’s Information Commissioner’s Office (ICO) begins “making enquiries” into how the data breach happened and what can be done about it.

Credit card details

Carphone Warehouse has admitted the encrypted credit card details of up to 90,000 customers may have been breached. The attackers could also have data that includes names, addresses, bank details and dates of birth.

The firm called the incident a “sophisticated cyber attack” that was stopped immediately after being discovered. However it only started notifying affected customers by email on Saturday morning.

It said in a statement: “We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience.”

Scotland Yard has reportedly been notified and will be helping investigate the incident, whilst the ICO has has already begun looking into the breach.

However, potentially-affected customers are angry at the retailer for not notifying the public earlier.

The chief executive of Dixons Carphone, Sebastian James, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.

“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”

Customers of websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk could also be affected, as these are part of the Carphone Warehouse group.

“Armed with the data they already have, attackers are likely to try and trick those affected by the breach into revealing further details, such as account numbers and passwords,” said Thierry Karsenti.

“For the attackers, it’s just a numbers game, but it could have serious consequences for customers. Phishing emails continue to be the most common source for social engineering attacks, so customers should be suspicious of any emails, or even phone calls, that relate to the breach, and should not give away more information.”

Affected customers include 1.9 million who are direct customers of Carphone Warehouse, and almost 480,000 who are customers of TalkTalk Mobile, as the division processes its customer data via Carphone Warehouse.

The attackers are yet to be identified, said the firm.

Take our hacking quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago